Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

neither task manager nor regedit nor gpedit working [Solved]


  • This topic is locked This topic is locked

#76
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
It is very possible that MSE has caught the few files that were still infected. I highly recommend you make sure you keep an antivirus on you computer and make sure it stays updated. Sality (as you've seen) can be a very difficult infection to deal with once it starts to spread, however, it is an infection that has been around long enough that antivirus programs will catch it and kill it before it gets the chance to spread but you have to keep an antivirus on your machine to stop it from happening in the future.

Let's go ahead with one more ESET scan to make sure everything is gone. :)

ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here

  • You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan
  • 1

Advertisements


#77
tekkanphan

tekkanphan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8e007cd06fbbfc48af85a569f7025a3b
# engine=14057
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-06-12 09:35:55
# local_time=2013-06-13 03:05:55 (+0530, India Standard Time)
# country="India"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=5892 16776574 100 100 0 208603883 0 0
# scanned=286441
# found=25
# cleaned=0
# scan_time=19311
sh=476DCB0FB0661E979BF04E3F775125C114EA9B30 ft=1 fh=9124ffcfd487135b vn="Win32/OpenCandy application" ac=I fn="C:\Users\phani\Downloads\OrbitSetup4.1.18_20130502_1.exe"
sh=9E818BA19004665C251A744966AB35FAA5709CD7 ft=1 fh=42d6915ac8245590 vn="Win32/InstallCore.BL application" ac=I fn="C:\_OTL\MovedFiles\06102013_211406\C_Users\phani\Downloads\Chrome_Setup.exe"
sh=45C9EFC0A3D7909A225640854DD0D8EC7478DECD ft=0 fh=0000000000000000 vn="probably a variant of Win32/TrojanDownloader.Agent.LERQPFC trojan" ac=I fn="F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE\GREShakey\gre_bible\New Folder\GreBible1.1\GreBible1.1\GreBible.CAB"
sh=0CBAC2561E1DE11B120741C79842FBB02F857072 ft=0 fh=0000000000000000 vn="probably a variant of Win32/TrojanDownloader.Agent.LERQPFC trojan" ac=I fn="F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE\GREShakey\WisdomMart\800test.coms_5_verbal_tests\gre_bible.rar"
sh=00F9AA47DFA00AEB8589642C6917C7964E0B6A25 ft=0 fh=0000000000000000 vn="probably a variant of Win32/TrojanDownloader.Agent.LERQPFC trojan" ac=I fn="F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE\GREShakey\WisdomMart\GRE_Bible_v2.1\GRE Bible v2.1\GRE Bible.rar"
sh=45C9EFC0A3D7909A225640854DD0D8EC7478DECD ft=0 fh=0000000000000000 vn="probably a variant of Win32/TrojanDownloader.Agent.LERQPFC trojan" ac=I fn="F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE\GREShakey\WisdomMart\GRE_Bible_v2.1\GRE Bible v2.1\GRE Bible\GRE Bible\GreBible.CAB"
sh=0CBAC2561E1DE11B120741C79842FBB02F857072 ft=0 fh=0000000000000000 vn="probably a variant of Win32/TrojanDownloader.Agent.LERQPFC trojan" ac=I fn="F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE\GREShakey\WisdomMart\Practice Tests\800test.coms_5_verbal_tests\gre_bible.rar"
sh=45C9EFC0A3D7909A225640854DD0D8EC7478DECD ft=0 fh=0000000000000000 vn="probably a variant of Win32/TrojanDownloader.Agent.LERQPFC trojan" ac=I fn="F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE\GREShakey\WisdomMart\Practice Tests\800test.coms_5_verbal_tests\gre_bible\New Folder\GreBible1.1\GreBible1.1\GreBible.CAB"
sh=45C9EFC0A3D7909A225640854DD0D8EC7478DECD ft=0 fh=0000000000000000 vn="probably a variant of Win32/TrojanDownloader.Agent.LERQPFC trojan" ac=I fn="F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE TOEFL CAT Placement\GRE\GREShakey\gre_bible\New Folder\GreBible1.1\GreBible1.1\GreBible.CAB"
sh=0CBAC2561E1DE11B120741C79842FBB02F857072 ft=0 fh=0000000000000000 vn="probably a variant of Win32/TrojanDownloader.Agent.LERQPFC trojan" ac=I fn="F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE TOEFL CAT Placement\GRE\GREShakey\WisdomMart\800test.coms_5_verbal_tests\gre_bible.rar"
sh=00F9AA47DFA00AEB8589642C6917C7964E0B6A25 ft=0 fh=0000000000000000 vn="probably a variant of Win32/TrojanDownloader.Agent.LERQPFC trojan" ac=I fn="F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE TOEFL CAT Placement\GRE\GREShakey\WisdomMart\GRE_Bible_v2.1\GRE Bible v2.1\GRE Bible.rar"
sh=45C9EFC0A3D7909A225640854DD0D8EC7478DECD ft=0 fh=0000000000000000 vn="probably a variant of Win32/TrojanDownloader.Agent.LERQPFC trojan" ac=I fn="F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE TOEFL CAT Placement\GRE\GREShakey\WisdomMart\GRE_Bible_v2.1\GRE Bible v2.1\GRE Bible\GRE Bible\GreBible.CAB"
sh=0CBAC2561E1DE11B120741C79842FBB02F857072 ft=0 fh=0000000000000000 vn="probably a variant of Win32/TrojanDownloader.Agent.LERQPFC trojan" ac=I fn="F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE TOEFL CAT Placement\GRE\GREShakey\WisdomMart\Practice Tests\800test.coms_5_verbal_tests\gre_bible.rar"
sh=45C9EFC0A3D7909A225640854DD0D8EC7478DECD ft=0 fh=0000000000000000 vn="probably a variant of Win32/TrojanDownloader.Agent.LERQPFC trojan" ac=I fn="F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE TOEFL CAT Placement\GRE\GREShakey\WisdomMart\Practice Tests\800test.coms_5_verbal_tests\gre_bible\New Folder\GreBible1.1\GreBible1.1\GreBible.CAB"
sh=9AE5D5A3E09A86D59AE3E95FE381CCC75D6F9C26 ft=0 fh=0000000000000000 vn="JS/Exploit.Pdfka.OFK trojan" ac=I fn="F:\MISC\Documents\84a7cd.pdf"
sh=3394E8ECBC3C92773ECAF8B73F04AF5C59790BA9 ft=1 fh=ba11d34cda28cddd vn="probably a variant of Win32/AutoRun.Agent.UD worm" ac=I fn="F:\MUSIC\Eng Music\RSA\The Rolling Stones - Beggars Banquet\Rolling Stones - Beggars Banquet.exe"
sh=3394E8ECBC3C92773ECAF8B73F04AF5C59790BA9 ft=1 fh=ba11d34cda28cddd vn="probably a variant of Win32/AutoRun.Agent.UD worm" ac=I fn="F:\MUSIC\Eng Music\RSA\The Rolling Stones - Exile on Main Street\Rolling Stones - Exile on Main Street.exe"
sh=3394E8ECBC3C92773ECAF8B73F04AF5C59790BA9 ft=1 fh=ba11d34cda28cddd vn="probably a variant of Win32/AutoRun.Agent.UD worm" ac=I fn="F:\MUSIC\Eng Music\RSA\The Velvet Underground & Nico - The Velvet Underground\Velvet Underground & Nico - The Velvet Underground.pif"
sh=3394E8ECBC3C92773ECAF8B73F04AF5C59790BA9 ft=1 fh=ba11d34cda28cddd vn="probably a variant of Win32/AutoRun.Agent.UD worm" ac=I fn="F:\MUSIC\Eng Music\RSA\The Who - Who's Next\Who - Who's Next.scr"
sh=3394E8ECBC3C92773ECAF8B73F04AF5C59790BA9 ft=1 fh=ba11d34cda28cddd vn="probably a variant of Win32/AutoRun.Agent.UD worm" ac=I fn="F:\MUSIC\Eng Music\RSA\Trout Mass Replica - Captain Beefheart and his Magic Band\Mass Replica - Captain Beefheart and his Magic Band.scr"
sh=3394E8ECBC3C92773ECAF8B73F04AF5C59790BA9 ft=1 fh=ba11d34cda28cddd vn="probably a variant of Win32/AutoRun.Agent.UD worm" ac=I fn="F:\MUSIC\Eng Music\RSA\Van Morrison - Astral Weeks\Morrison - Astral Weeks.exe"
sh=3394E8ECBC3C92773ECAF8B73F04AF5C59790BA9 ft=1 fh=ba11d34cda28cddd vn="probably a variant of Win32/AutoRun.Agent.UD worm" ac=I fn="F:\MUSIC\Eng Music\Sample Music\Music.scr"
sh=2F86AC01BD103A5970AE05E225F0E2CD6087E60B ft=1 fh=b74b2d90e0ba3557 vn="multiple threats" ac=I fn="F:\System Software\aTube_Catcher_Setup.exe"
sh=C2FE44EBE9E1022456F937107BDEE235D26AA688 ft=1 fh=2bfe1eac558af9ad vn="a variant of Win32/Bundled.Toolbar.Ask.A application" ac=I fn="F:\System Software\kmp.exe"
sh=A59C895A049DBBE7296E08D9F4BC2635C94EA01B ft=1 fh=4923c2572eebf79b vn="Win32/Toolbar.Widgi application" ac=I fn="F:\System Software\YouTubeDownloaderSetup35.exe"
  • 0

#78
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Now to remove what ESET found this time. Good news is, none of it was Sality!!!

OTL Fix

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything inside the code box, right click and click Copy.

:Commands
[createrestorepoint]

:Files
C:\Users\phani\Downloads\OrbitSetup4.1.18_20130502_1.exe
F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE\GREShakey\gre_bible\New Folder\GreBible1.1\GreBible1.1\GreBible.CAB
F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE\GREShakey\WisdomMart\800test.coms_5_verbal_tests\gre_bible.rar
F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE\GREShakey\WisdomMart\GRE_Bible_v2.1\GRE Bible v2.1\GRE Bible.rar
F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE\GREShakey\WisdomMart\GRE_Bible_v2.1\GRE Bible v2.1\GRE Bible\GRE Bible\GreBible.CAB
F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE\GREShakey\WisdomMart\Practice Tests\800test.coms_5_verbal_tests\gre_bible.rar
F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE\GREShakey\WisdomMart\Practice Tests\800test.coms_5_verbal_tests\gre_bible\New Folder\GreBible1.1\GreBible1.1\GreBible.CAB
F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE TOEFL CAT Placement\GRE\GREShakey\gre_bible\New Folder\GreBible1.1\GreBible1.1\GreBible.CAB
F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE TOEFL CAT Placement\GRE\GREShakey\WisdomMart\800test.coms_5_verbal_tests\gre_bible.rar
F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE TOEFL CAT Placement\GRE\GREShakey\WisdomMart\GRE_Bible_v2.1\GRE Bible v2.1\GRE Bible.rar
F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE TOEFL CAT Placement\GRE\GREShakey\WisdomMart\GRE_Bible_v2.1\GRE Bible v2.1\GRE Bible\GRE Bible\GreBible.CAB
F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE TOEFL CAT Placement\GRE\GREShakey\WisdomMart\Practice Tests\800test.coms_5_verbal_tests\gre_bible.rar
F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE TOEFL CAT Placement\GRE\GREShakey\WisdomMart\Practice Tests\800test.coms_5_verbal_tests\gre_bible\New Folder\GreBible1.1\GreBible1.1\GreBible.CAB
F:\MISC\Documents\84a7cd.pdf
F:\MUSIC\Eng Music\RSA\The Rolling Stones - Beggars Banquet\Rolling Stones - Beggars Banquet.exe
F:\MUSIC\Eng Music\RSA\The Rolling Stones - Exile on Main Street\Rolling Stones - Exile on Main Street.exe
F:\MUSIC\Eng Music\RSA\The Velvet Underground & Nico - The Velvet Underground\Velvet Underground & Nico - The Velvet Underground.pif
F:\MUSIC\Eng Music\RSA\The Who - Who's Next\Who - Who's Next.scr
F:\MUSIC\Eng Music\RSA\Trout Mass Replica - Captain Beefheart and his Magic Band\Mass Replica - Captain Beefheart and his Magic Band.scr
F:\MUSIC\Eng Music\RSA\Van Morrison - Astral Weeks\Morrison - Astral Weeks.exe
F:\MUSIC\Eng Music\Sample Music\Music.scr
F:\System Software\aTube_Catcher_Setup.exe
F:\System Software\kmp.exe
F:\System Software\YouTubeDownloaderSetup35.exe

:Commands
[emptytemp]

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.
  • 1

#79
tekkanphan

tekkanphan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
otl fix


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
File\Folder C:\Users\phani\Downloads\OrbitSetup4.1.18_20130502_1.exe not found.
F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE\GREShakey\gre_bible\New Folder\GreBible1.1\GreBible1.1\GreBible.CAB moved successfully.
F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE\GREShakey\WisdomMart\800test.coms_5_verbal_tests\gre_bible.rar moved successfully.
F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE\GREShakey\WisdomMart\GRE_Bible_v2.1\GRE Bible v2.1\GRE Bible.rar moved successfully.
F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE\GREShakey\WisdomMart\GRE_Bible_v2.1\GRE Bible v2.1\GRE Bible\GRE Bible\GreBible.CAB moved successfully.
F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE\GREShakey\WisdomMart\Practice Tests\800test.coms_5_verbal_tests\gre_bible.rar moved successfully.
F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE\GREShakey\WisdomMart\Practice Tests\800test.coms_5_verbal_tests\gre_bible\New Folder\GreBible1.1\GreBible1.1\GreBible.CAB moved successfully.
F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE TOEFL CAT Placement\GRE\GREShakey\gre_bible\New Folder\GreBible1.1\GreBible1.1\GreBible.CAB moved successfully.
F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE TOEFL CAT Placement\GRE\GREShakey\WisdomMart\800test.coms_5_verbal_tests\gre_bible.rar moved successfully.
F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE TOEFL CAT Placement\GRE\GREShakey\WisdomMart\GRE_Bible_v2.1\GRE Bible v2.1\GRE Bible.rar moved successfully.
F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE TOEFL CAT Placement\GRE\GREShakey\WisdomMart\GRE_Bible_v2.1\GRE Bible v2.1\GRE Bible\GRE Bible\GreBible.CAB moved successfully.
F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE TOEFL CAT Placement\GRE\GREShakey\WisdomMart\Practice Tests\800test.coms_5_verbal_tests\gre_bible.rar moved successfully.
F:\Knowl\Prep for Higher\Assorted GRE GMAT TOEFL stuff\GRE TOEFL CAT Placement\GRE\GREShakey\WisdomMart\Practice Tests\800test.coms_5_verbal_tests\gre_bible\New Folder\GreBible1.1\GreBible1.1\GreBible.CAB moved successfully.
F:\MISC\Documents\84a7cd.pdf moved successfully.
F:\MUSIC\Eng Music\RSA\The Rolling Stones - Beggars Banquet\Rolling Stones - Beggars Banquet.exe moved successfully.
F:\MUSIC\Eng Music\RSA\The Rolling Stones - Exile on Main Street\Rolling Stones - Exile on Main Street.exe moved successfully.
F:\MUSIC\Eng Music\RSA\The Velvet Underground & Nico - The Velvet Underground\Velvet Underground & Nico - The Velvet Underground.pif moved successfully.
F:\MUSIC\Eng Music\RSA\The Who - Who's Next\Who - Who's Next.scr moved successfully.
F:\MUSIC\Eng Music\RSA\Trout Mass Replica - Captain Beefheart and his Magic Band\Mass Replica - Captain Beefheart and his Magic Band.scr moved successfully.
F:\MUSIC\Eng Music\RSA\Van Morrison - Astral Weeks\Morrison - Astral Weeks.exe moved successfully.
F:\MUSIC\Eng Music\Sample Music\Music.scr moved successfully.
F:\System Software\aTube_Catcher_Setup.exe moved successfully.
F:\System Software\kmp.exe moved successfully.
F:\System Software\YouTubeDownloaderSetup35.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: phani
->Temp folder emptied: 32766 bytes
->Temporary Internet Files folder emptied: 55467 bytes
->FireFox cache emptied: 14010487 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 826 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 13.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06132013_233908

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#80
tekkanphan

tekkanphan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
otl


OTL logfile created on: 14-06-2013 00:03:39 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\phani\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

3.00 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 72.30% Memory free
6.19 Gb Paging File | 5.38 Gb Available in Paging File | 86.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.53 Gb Total Space | 250.55 Gb Free Space | 87.14% Space Free | Partition Type: NTFS
Drive D: | 10.56 Gb Total Space | 1.64 Gb Free Space | 15.49% Space Free | Partition Type: NTFS
Drive F: | 931.48 Gb Total Space | 61.70 Gb Free Space | 6.62% Space Free | Partition Type: NTFS

Computer Name: PHANI-PC | User Name: phani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-06-10 09:09:54 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2013-06-09 23:26:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\phani\Desktop\OTL.exe
PRC - [2013-01-27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013-01-27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2007-09-20 23:42:02 | 000,671,744 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2007-09-20 23:32:58 | 000,299,008 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2007-09-06 01:39:54 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007-07-12 17:30:36 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
PRC - [2007-03-30 04:11:28 | 000,992,176 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\agent.exe
PRC - [2007-03-30 04:11:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe


========== Modules (No Company Name) ==========

MOD - [2007-10-01 08:04:52 | 000,345,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007-10-01 08:04:42 | 000,255,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007-10-01 08:04:42 | 000,120,208 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007-10-01 08:04:42 | 000,038,184 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2007-09-06 01:33:06 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007-09-06 01:22:04 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\btwhidcs.dll


========== Services (SafeList) ==========

SRV - [2013-06-12 14:27:58 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-06-09 01:35:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-01-27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2007-12-16 20:34:43 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-09-20 23:32:58 | 000,299,008 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2007-03-05 23:00:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130607.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130607.024\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008-11-17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008-06-25 11:59:00 | 007,534,720 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008-03-04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007-10-18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007-10-01 21:05:52 | 000,183,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007-08-29 04:17:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007-08-09 09:12:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007-07-31 00:24:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007-07-30 23:12:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007-07-11 23:00:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007-06-28 20:39:56 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007-06-19 05:42:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007-04-18 17:33:26 | 000,141,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {DC363577-0417-4B93-8127-3491AF6CE6B7}
IE - HKLM\..\SearchScopes\{DC363577-0417-4B93-8127-3491AF6CE6B7}: "URL" = http://slirsredirect...hpcnnbie7-en-in

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {DC363577-0417-4B93-8127-3491AF6CE6B7}
IE - HKCU\..\SearchScopes\{DC363577-0417-4B93-8127-3491AF6CE6B7}: "URL" = http://slirsredirect...hpcnnbie7-en-in
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013-06-09 01:22:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\phani\AppData\Roaming\Mozilla\Extensions
[2013-06-12 15:24:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\qwi9ijnr.default\extensions
[2013-06-10 14:57:29 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\qwi9ijnr.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2013-06-10 14:59:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\qwi9ijnr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013-06-10 15:02:25 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\qwi9ijnr.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013-06-12 14:32:15 | 000,002,323 | ---- | M] () -- C:\Users\phani\AppData\Roaming\Mozilla\Firefox\Profiles\qwi9ijnr.default\searchplugins\youtube-ssl.xml
[2013-06-09 01:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013-06-09 01:35:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2006-09-19 03:11:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-IN\local\search.html ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 123.176.37.38 123.176.37.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B85124C2-846A-4FCA-B933-15D9ADF7B92E}: DhcpNameServer = 123.176.37.38 123.176.37.36
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\phani\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\phani\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-12-16 21:44:26 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005-09-11 20:48:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013-06-12 21:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013-06-12 15:50:01 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\WinRAR
[2013-06-12 15:50:01 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013-06-12 15:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013-06-12 15:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013-06-12 15:46:41 | 000,000,000 | ---D | C] -- C:\68e307ca48ac20155c
[2013-06-12 15:24:03 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\ProgSense
[2013-06-12 15:23:59 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\GrabPro
[2013-06-12 15:23:59 | 000,000,000 | ---D | C] -- C:\downloads
[2013-06-12 15:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2013-06-12 15:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Orbitdownloader
[2013-06-12 15:20:31 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Orbit
[2013-06-10 23:39:44 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\MigWiz
[2013-06-10 22:05:57 | 000,171,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\SalityKiller.exe
[2013-06-10 21:14:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-06-10 10:32:50 | 000,000,000 | ---D | C] -- C:\Users\phani\Documents\6-042j-fall-2010
[2013-06-09 23:26:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\phani\Desktop\OTL.exe
[2013-06-09 10:55:31 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\Adobe
[2013-06-09 10:47:34 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\Macromedia
[2013-06-09 10:47:34 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Adobe
[2013-06-09 10:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013-06-09 09:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2013-06-09 01:34:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013-06-09 01:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013-06-09 01:22:29 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Mozilla
[2013-06-09 01:22:29 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\Mozilla
[2013-06-09 01:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013-06-09 01:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013-06-09 01:02:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec
[2013-06-09 00:37:24 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\AOL
[2013-06-09 00:31:19 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\QuickPlay
[2013-06-09 00:30:44 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Symantec
[2013-06-09 00:29:58 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\DigitalPersona
[2013-06-09 00:29:58 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\DigitalPersona
[2013-06-09 00:29:47 | 000,000,000 | R--D | C] -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013-06-09 00:29:47 | 000,000,000 | R--D | C] -- C:\Users\phani\Searches
[2013-06-09 00:29:47 | 000,000,000 | R--D | C] -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013-06-09 00:29:39 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Identities
[2013-06-09 00:29:31 | 000,000,000 | R--D | C] -- C:\Users\phani\Contacts
[2013-06-09 00:29:29 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\VirtualStore
[2013-06-09 00:28:17 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Macromedia
[2013-06-09 00:27:55 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Hewlett-Packard
[2013-06-09 00:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\AOL
[2013-06-09 00:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2013-06-09 00:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2013-06-09 00:21:50 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Macrovision
[2013-06-09 00:20:37 | 000,000,000 | --SD | C] -- C:\Users\phani\AppData\Roaming\Microsoft
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Videos
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Saved Games
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Pictures
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Music
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Links
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Favorites
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Downloads
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Documents
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\Desktop
[2013-06-09 00:20:37 | 000,000,000 | R--D | C] -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\AppData\Local\Temporary Internet Files
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Templates
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Start Menu
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\SendTo
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Recent
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\PrintHood
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\NetHood
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Documents\My Videos
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Documents\My Pictures
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Documents\My Music
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\My Documents
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Local Settings
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\AppData\Local\History
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Cookies
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\Application Data
[2013-06-09 00:20:37 | 000,000,000 | -HSD | C] -- C:\Users\phani\AppData\Local\Application Data
[2013-06-09 00:20:37 | 000,000,000 | -H-D | C] -- C:\Users\phani\AppData
[2013-06-09 00:20:37 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\Temp
[2013-06-09 00:20:37 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Local\Microsoft
[2013-06-09 00:20:37 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Media Center Programs
[2013-06-09 00:20:37 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
[2013-06-09 00:20:37 | 000,000,000 | ---D | C] -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2013-06-09 00:13:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data

========== Files - Modified Within 30 Days ==========

[2013-06-13 23:51:47 | 000,670,050 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-06-13 23:51:47 | 000,126,048 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-06-13 23:46:15 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2013-06-13 23:45:10 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013-06-13 23:45:10 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013-06-13 23:45:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-06-13 23:44:57 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys
[2013-06-13 23:41:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013-06-13 23:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-06-12 15:29:57 | 000,003,584 | ---- | M] () -- C:\Users\phani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-06-12 15:23:58 | 000,000,848 | ---- | M] () -- C:\Users\phani\Desktop\Orbit.lnk
[2013-06-10 22:05:57 | 000,171,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\SalityKiller.exe
[2013-06-10 22:04:22 | 000,164,134 | ---- | M] () -- C:\Users\phani\Documents\salitykiller.zip
[2013-06-10 10:17:47 | 000,383,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-06-10 09:35:00 | 001,654,487 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2013-06-09 23:26:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\phani\Desktop\OTL.exe
[2013-06-09 10:24:52 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013-06-09 10:21:37 | 000,000,680 | ---- | M] () -- C:\Users\phani\AppData\Local\d3d9caps.dat
[2013-06-09 10:08:13 | 029,163,520 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2013-06-09 10:08:12 | 000,327,680 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2013-06-09 10:08:12 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2013-06-09 10:05:21 | 000,866,592 | ---- | M] () -- C:\Users\phani\Desktop\Norton_Removal_Tool.exe
[2013-06-09 10:04:13 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2013-06-09 01:21:54 | 000,000,870 | ---- | M] () -- C:\Users\phani\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013-06-09 00:29:09 | 000,000,081 | ---- | M] () -- C:\Windows\System32\LOG
[2013-06-09 00:29:05 | 000,000,044 | ---- | M] () -- C:\Windows\System\hpsysdrv.dat
[2013-06-09 00:22:23 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv2700 Notebook PC_Y5335KV_0U_Q2CE836DQFM_E459208-375_4A_I30CE_SWistron_V80.52_F.2C_T080616_WV3-0_L409_M3070_J320_7Intel_86FD_92.00_#071216_N11AB4353;80864229_(FQ366PA#ACJ)_XMOBILE_CN10_Z.MRK
[2013-06-09 00:13:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf

========== Files Created - No Company Name ==========

[2013-06-12 15:29:57 | 000,003,584 | ---- | C] () -- C:\Users\phani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-06-12 15:23:58 | 000,000,848 | ---- | C] () -- C:\Users\phani\Desktop\Orbit.lnk
[2013-06-10 22:04:14 | 000,164,134 | ---- | C] () -- C:\Users\phani\Documents\salitykiller.zip
[2013-06-10 09:35:00 | 001,654,487 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2013-06-09 12:39:24 | 3219,513,344 | -HS- | C] () -- C:\hiberfil.sys
[2013-06-09 10:47:11 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-06-09 10:24:52 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013-06-09 10:24:41 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013-06-09 10:21:37 | 000,000,680 | ---- | C] () -- C:\Users\phani\AppData\Local\d3d9caps.dat
[2013-06-09 10:05:13 | 000,866,592 | ---- | C] () -- C:\Users\phani\Desktop\Norton_Removal_Tool.exe
[2013-06-09 10:04:13 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2013-06-09 01:44:50 | 029,163,520 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2013-06-09 01:44:50 | 000,327,680 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2013-06-09 01:44:50 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2013-06-09 01:21:54 | 000,000,870 | ---- | C] () -- C:\Users\phani\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013-06-09 01:21:54 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013-06-09 00:29:51 | 000,000,949 | ---- | C] () -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013-06-09 00:29:47 | 000,000,944 | ---- | C] () -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013-06-09 00:29:30 | 000,000,915 | ---- | C] () -- C:\Users\phani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2013-06-09 00:29:09 | 000,000,081 | ---- | C] () -- C:\Windows\System32\LOG
[2013-06-09 00:29:05 | 000,000,044 | ---- | C] () -- C:\Windows\System\hpsysdrv.dat
[2013-06-09 00:27:23 | 000,002,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.in.lnk
[2013-06-09 00:22:23 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv2700 Notebook PC_Y5335KV_0U_Q2CE836DQFM_E459208-375_4A_I30CE_SWistron_V80.52_F.2C_T080616_WV3-0_L409_M3070_J320_7Intel_86FD_92.00_#071216_N11AB4353;80864229_(FQ366PA#ACJ)_XMOBILE_CN10_Z.MRK
[2013-06-09 00:20:37 | 000,000,258 | ---- | C] () -- C:\Users\phani\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013-06-09 00:20:37 | 000,000,240 | ---- | C] () -- C:\Users\phani\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

========== ZeroAccess Check ==========

[2006-11-02 18:24:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-06-10 09:12:53 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013-06-10 09:00:46 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006-11-02 15:16:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013-06-09 00:29:58 | 000,000,000 | ---D | M] -- C:\Users\phani\AppData\Roaming\DigitalPersona
[2013-06-12 15:23:59 | 000,000,000 | ---D | M] -- C:\Users\phani\AppData\Roaming\GrabPro
[2013-06-12 15:43:21 | 000,000,000 | ---D | M] -- C:\Users\phani\AppData\Roaming\Orbit
[2013-06-12 15:24:03 | 000,000,000 | ---D | M] -- C:\Users\phani\AppData\Roaming\ProgSense

========== Purity Check ==========



< End of report >
  • 0

#81
tekkanphan

tekkanphan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
why didnt MSE catch these viruses? is ESET better than MSE?

Edited by tekkanphan, 13 June 2013 - 12:55 PM.

  • 0

#82
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts

why didnt MSE catch these viruses? is ESET better than MSE?


The majority of what ESET detected was on your F: drive (which is your external I believe). If you had not done a full system scan including that drive, that would be why MSE had not detected the files yet.

The are both reputable antivirus programs, but MSE is a resident scanner which is going to scan files as you download, browse the internet and monitor the system for changes regularly. It does a full system scan when it is scheduled to or when you choose to do one.

The ESET Scan I've had you use is an online scan and only scans when you run it. You can purchase ESET to have as a resident scanner, but just the online scan will not scan the files you download or protect your computer as you browse on the internet. Just using an online scanner on occasion will not properly protect you from future infection.

Congratulations and Good Work, It looks like your log is clean. :thumbsup:

Now for some final "housekeeping" procedures.

Step 1 Clear Old Restore Points

Create a new, clean System Restore point:
  • Right click on Computer and select Properties >> System protection >> Create.
  • Give this restore point a descriptive name and click Create.
  • When the new restore point is created click on OK >> close the System Properties window.
Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush Old System Restore points:

  • Next click Start >> Run (or the Windows key and R together) to bring up the Run box and and copy and paste in:
    cleanmgr
  • in the box and press OK.
  • Select the system drive, C >> OK.
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Click on Clean up system files >> Select the system drive, C >> OK.
  • Now click on the More Options tab.
  • Under:
System Restore and Shadow Copies
  • Click on Clean up... >> Delete >> OK >> Delete Files.

Step 2 OTL Cleanup
  • Open OTL
  • Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

~~~~~~~~~~~~~~~~~~~~Anti Malware Protection ~~~~~~~~~~~~~~~~~~~~


MalwareBytes Anti-Malware This is an excellent Anti-Malware product. It offers free malware scanning, free malware removal, and free updates. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.

~~~~~~~~~~~~~~~~~~~~Free Antivirus Protection ~~~~~~~~~~~~~~~~~~~~

Always make sure you have an antivirus program! If for some reason in the future you'd like to switch programs here are some recomendations: Microsoft Security Essentials or Avast! Antivirus both are FREE to use. Please remember that you can only have one Antivirus installed at a time.

~~~~~~~~~~~~~~~~~~~~Free Firewall Programs ~~~~~~~~~~~~~~~~~~~~


If for some reason in the future you'd like to switch, Comodo Personal Firewall and Sunbelt Personal Firewall are two good options for a FREE firewall to help protect your computer from any unwanted intruders.

~~~~~~~~~~~~~~~~~~~~Staying Updated ~~~~~~~~~~~~~~~~~~~~


Keeping your PC updated is important to protect yourself against future infections. There are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very good habit to get into.

Automatic Updates Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit. To keep your Windows updated, ensure that 'Automatic Updates' is enabled on your PC so updates are downloaded and installed automatically. Click here to find out how.

File Hippo Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link.

~~~~~~~~~~~~~~~~~~~~Alternate Browsers ~~~~~~~~~~~~~~~~~~~~


Using an alternative web browser can help protect your PC from infections which exploit security holes within Internet Explorer. They can also be quicker to load pages and offer more tools and features such as Firefox's huge add-on list.

Firefox - My personal choice, easy to use and has a large number of excellent add-ons that can be installed to help keep you away from malicious sites and reduce advertisements and popups etc. AdBlockPlus and WOT are very useful add-ons that are worth having installed.

Google Chrome - Is another browser that's easy to use and is worth trying if you want to test out new browsers.

Happy surfing! :wave:
  • 1

#83
tekkanphan

tekkanphan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
1)should i use Malwarebytes along with MSE . or only one should be used at a time?
2) thanks for all your help and time. is there anyway i can help apart from adding reps to your posts?:)
  • 0

#84
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts

1)should i use Malwarebytes along with MSE . or only one should be used at a time?

You can use both at the same time since MalwareBytes is an anti-malware and MSE is an antivirus.

2) thanks for all your help and time. is there anyway i can help apart from adding reps to your posts?:)


You're welcome! If you'd like you to donate to the site/forum you can do so here.
  • 0

#85
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP