Help for removal of VBS:ExeDropper-gen[Trj] from my PC

View previous topic View next topic Go down

Help for removal of VBS:ExeDropper-gen[Trj] from my PC

Post by prasad2002 on Fri Jan 06, 2012 5:20 pm

OTL logfile created on: 1/6/2012 10:29:06 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Prasad\Documents\Downloads\Programs
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 56.15% Memory free
3.93 Gb Paging File | 2.91 Gb Available in Paging File | 74.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29.19 Gb Total Space | 8.70 Gb Free Space | 29.80% Space Free | Partition Type: NTFS
Drive D: | 36.13 Gb Total Space | 1.66 Gb Free Space | 4.60% Space Free | Partition Type: NTFS
Drive E: | 6.83 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 36.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 9.10 Gb Total Space | 2.92 Gb Free Space | 32.11% Space Free | Partition Type: NTFS

Computer Name: PRASAD-PC | User Name: Prasad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/06 22:26:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Prasad\My Documents\Downloads\Programs\OTL.EXE
PRC - [2012/01/03 15:39:39 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/10/13 19:19:06 | 000,217,478 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\Tata Photon+.exe
PRC - [2010/11/16 19:07:38 | 000,264,704 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2010/11/16 19:07:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010/10/21 15:09:38 | 000,247,649 | ---- | M] () -- C:\Users\Prasad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cssrs.exe
PRC - [2010/09/07 20:42:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 20:41:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/09/07 20:41:44 | 000,119,200 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/08/11 09:02:14 | 001,690,224 | ---- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009/10/16 09:43:00 | 003,134,896 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2009/10/15 15:21:51 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/07/14 06:44:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 06:44:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 06:44:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 19:19:06 | 000,217,478 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\Tata Photon+.exe
MOD - [2011/10/13 19:19:04 | 000,635,314 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\atcomm.dll
MOD - [2011/10/13 19:19:04 | 000,266,657 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\DeviceMgrUIPlugin.dll
MOD - [2011/10/13 19:19:04 | 000,262,677 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\SMSPlugin.dll
MOD - [2011/10/13 19:19:04 | 000,258,560 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\DetectDev.dll
MOD - [2011/10/13 19:19:04 | 000,242,035 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\LocaleMgrPlugin.dll
MOD - [2011/10/13 19:19:04 | 000,209,235 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\DeviceMgrPlugin.dll
MOD - [2011/10/13 19:19:04 | 000,205,229 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\NetInfoPlugin.dll
MOD - [2011/10/13 19:19:04 | 000,197,115 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\FileManager.dll
MOD - [2011/10/13 19:19:04 | 000,193,009 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\DialUpPlugin.dll
MOD - [2011/10/13 19:19:04 | 000,188,859 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\CallPlugin.dll
MOD - [2011/10/13 19:19:04 | 000,168,400 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\XCodec.dll
MOD - [2011/10/13 19:19:04 | 000,168,343 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\DeviceOperate.dll
MOD - [2011/10/13 19:19:04 | 000,164,349 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\ConfigFilePlugin.dll
MOD - [2011/10/13 19:19:04 | 000,139,645 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\NotifyServicePlugin.dll
MOD - [2011/10/13 19:19:04 | 000,119,709 | ---- | M] () -- C:\Program Files\Tata Photon+\Huawei\isaputrace.dll
MOD - [2010/10/21 15:09:38 | 000,247,649 | ---- | M] () -- C:\Users\Prasad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cssrs.exe
MOD - [2010/08/11 09:02:20 | 000,100,976 | ---- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll
MOD - [2010/08/11 09:02:10 | 064,663,664 | ---- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\skin.dll
MOD - [2010/08/11 09:02:06 | 000,080,496 | ---- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2010/08/11 09:02:04 | 000,113,264 | ---- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (HWDeviceService.exe)
SRV - [2010/09/07 20:41:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 20:41:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 20:41:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/07 20:41:44 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2009/07/14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/10/13 19:19:04 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/10/13 19:19:04 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/09/07 20:24:16 | 000,099,792 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2010/09/07 20:23:58 | 000,340,048 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/09/07 20:23:35 | 000,190,416 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2010/09/07 20:22:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 20:22:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 20:17:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 20:17:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 20:17:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/04 18:47:00 | 001,143,920 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/07/14 06:49:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 06:49:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 06:49:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 04:58:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 04:58:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 03:32:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Prasad\AppData\Roaming\IDM\idmmzcc3 [2011/10/30 16:05:26 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/11 03:09:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - Startup: C:\Users\Prasad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cssrs.exe ()
O4 - Startup: C:\Users\Prasad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cssrsmgr.exe ()
O4 - Startup: C:\Users\Prasad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\efayyvfe.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6D896AA-E82F-4F85-9F08-84C8C93FA636}: NameServer = 4.2.2.2 121.242.190.180
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/19 18:37:38 | 000,142,336 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/11/25 00:41:52 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009/07/03 14:13:04 | 000,000,094 | R--- | M] () - F:\autorun.sh -- [ CDFS ]
O33 - MountPoints2\{0b54b152-ec46-11e0-880c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0b54b152-ec46-11e0-880c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2010/11/19 18:37:38 | 000,142,336 | R--- | M] ()
O33 - MountPoints2\{3fb9b6c9-ee8c-11e0-8860-8c89a533a41d}\Shell - "" = AutoRun
O33 - MountPoints2\{3fb9b6c9-ee8c-11e0-8860-8c89a533a41d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2010/11/19 18:37:38 | 000,142,336 | R--- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2010/11/19 18:37:38 | 000,142,336 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/04 21:26:10 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/01/02 22:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/01/02 22:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/01/02 21:55:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2012/01/06 21:40:03 | 000,010,016 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/06 21:40:03 | 000,010,016 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/06 21:34:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/06 21:34:16 | 1583,226,880 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/05 18:15:29 | 000,101,872 | ---- | M] () -- C:\Users\Prasad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\efayyvfe.exe
[2012/01/05 18:15:29 | 000,101,872 | ---- | M] () -- C:\Users\Prasad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cssrsmgr.exe
[2012/01/03 15:39:39 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/01/02 23:07:25 | 000,101,872 | ---- | M] () -- C:\Users\Prasad\AppData\Roaming\cssrsmgr.exe
[2012/01/02 22:03:31 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/02 22:03:31 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/02 21:55:13 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2012/01/02 22:21:57 | 004,249,600 | ---- | C] () -- C:\Users\Prasad\Desktop\26113__9780471317517__9780585256054__0471317519.tar_2
[2011/12/25 22:13:11 | 002,073,213 | ---- | C] () -- C:\Users\Prasad\Desktop\Ch2_SM.pdf
[2011/10/13 20:25:28 | 000,021,412 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/10/08 21:12:49 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/09/22 20:50:33 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2011/09/18 00:41:29 | 000,101,872 | ---- | C] () -- C:\Users\Prasad\AppData\Roaming\cssrsmgr.exe
[2011/09/17 21:06:34 | 000,247,649 | -HS- | C] () -- C:\Users\Prasad\AppData\Roaming\cssrs.exe
[2011/09/17 11:34:14 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011/09/17 11:24:17 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/09/17 11:24:17 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/09/17 11:24:17 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/09/17 11:24:15 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/07/14 10:27:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 10:03:53 | 000,408,520 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 07:35:48 | 000,615,122 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 07:35:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 07:35:48 | 000,103,496 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 07:35:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 07:35:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 07:34:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 05:49:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 05:25:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 05:21:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 05:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 02:56:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2010/10/21 15:09:38 | 000,247,649 | ---- | M] () -- C:\Users\Prasad\Desktop\idman5.18.4.full.rox1234.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2012/01/02 22:20:22 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2011/10/30 15:59:24 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/10/30 15:59:26 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2011/10/30 15:59:34 | 000,000,000 | ---D | M] -- C:\Program Files\C-Free 5
[2011/10/30 15:59:35 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/10/30 15:59:35 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/10/30 15:59:43 | 000,000,000 | ---D | M] -- C:\Program Files\Cucusoft
[2009/07/14 13:20:29 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2011/10/30 15:59:43 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/10/30 15:59:49 | 000,000,000 | ---D | M] -- C:\Program Files\ImgBurn
[2011/11/14 18:06:07 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/10/30 18:08:31 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/10/31 22:32:13 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Download Manager
[2009/07/14 10:26:49 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/10/30 15:59:49 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/11/07 12:17:45 | 000,000,000 | ---D | M] -- C:\Program Files\MATLAB
[2009/07/14 13:20:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/10/30 16:00:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/10/30 16:00:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2011/10/30 16:00:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2011/10/30 16:00:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011/10/30 16:00:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/10/30 16:00:23 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/07/14 10:22:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/10/30 16:00:23 | 000,000,000 | ---D | M] -- C:\Program Files\Softland
[2011/10/30 16:00:23 | 000,000,000 | ---D | M] -- C:\Program Files\Tata Photon+
[2009/07/14 10:23:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/10/30 16:00:28 | 000,000,000 | ---D | M] -- C:\Program Files\VIA
[2011/10/30 16:00:28 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/07/14 10:26:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/07/14 13:20:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/07/14 10:26:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/07/14 10:26:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/14 10:22:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/07/14 10:26:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2009/07/14 10:22:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/07/14 10:26:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2011/10/31 22:32:14 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR


< MD5 for: AGP440.SYS >
[2009/07/14 06:56:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 06:56:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 06:56:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 06:56:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 06:56:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 06:56:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/14 06:50:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009/07/14 06:50:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/14 06:50:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 06:46:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 06:46:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 06:50:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 06:50:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 06:50:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/14 06:44:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/14 06:44:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/14 06:44:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/07/14 06:47:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/07/14 06:47:29 | 000,673,048 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/14 06:44:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/14 06:44:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/14 06:44:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/07/14 06:47:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/07/14 06:47:29 | 000,673,048 | ---- | M] (Microsoft Corporation)

< End of report >

OTL Extras logfile created on: 1/6/2012 10:29:06 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Prasad\Documents\Downloads\Programs
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 56.15% Memory free
3.93 Gb Paging File | 2.91 Gb Available in Paging File | 74.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29.19 Gb Total Space | 8.70 Gb Free Space | 29.80% Space Free | Partition Type: NTFS
Drive D: | 36.13 Gb Total Space | 1.66 Gb Free Space | 4.60% Space Free | Partition Type: NTFS
Drive E: | 6.83 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 36.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 9.10 Gb Total Space | 2.92 Gb Free Space | 32.11% Space Free | Partition Type: NTFS

Computer Name: PRASAD-PC | User Name: Prasad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\C - Free\C_Free_Professional_v5_0_0_keygen.exe" = D:\C - Free\C_Free_Professional_v5_0_0_keygen.exe:*:Enabled:C_Free_Professional_v5_0_0_keygen -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{C1E2523A-2F4C-45F2-BBCE-7247163ECE15}" = Tally 9
"3D Home Architect Deluxe 3.0" = 3D Home Architect(r) Deluxe 3.0
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast5" = avast! Internet Security
"CCleaner" = CCleaner (remove only)
"C-Free 5.0_is1" = C-Free 5.0 Professional
"doPDF 7 printer_is1" = doPDF 7.2 printer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ImgBurn" = ImgBurn
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Internet Download Manager" = Internet Download Manager
"MatlabR2007b" = MATLAB R2007b
"Picasa 3" = Picasa 3
"Tata Photon+" = Tata Photon+
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/5/2012 1:58:57 PM | Computer Name = Prasad-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 1.1.11.0, time stamp:
0x4e1edf37 Faulting module name: vlc.exe, version: 1.1.11.0, time stamp: 0x4e1edf37
Exception
code: 0xc0000005 Fault offset: 0x000016ee Faulting process id: 0x454 Faulting application
start time: 0x01cccbd3b1930084 Faulting application path: C:\Program Files\VideoLAN\VLC\vlc.exe
Faulting
module path: C:\Program Files\VideoLAN\VLC\vlc.exe Report Id: efdd2b03-37c6-11e1-b56d-a106be6390dc

Error - 1/5/2012 9:02:01 PM | Computer Name = Prasad-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AUDIODG.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bcb44 Faulting module name: VIASysFx.dll, version: 1.0.0.0, time stamp:
0x4c5937da Exception code: 0xc0000094 Fault offset: 0x0005a90e Faulting process id:
0x3e8 Faulting application start time: 0x01cccc0eb1dcd0c4 Faulting application path:
C:\Windows\system32\AUDIODG.EXE Faulting module path: C:\Windows\system32\VIASysFx.dll
Report
Id: 09d18583-3802-11e1-a657-b48cd72bfef4

Error - 1/6/2012 12:05:22 PM | Computer Name = Prasad-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 1/6/2012 12:05:22 PM | Computer Name = Prasad-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 1/6/2012 12:05:22 PM | Computer Name = Prasad-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 1/6/2012 12:05:22 PM | Computer Name = Prasad-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 1/6/2012 12:05:22 PM | Computer Name = Prasad-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 1/6/2012 12:05:22 PM | Computer Name = Prasad-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 1/6/2012 12:05:22 PM | Computer Name = Prasad-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 1/6/2012 12:05:22 PM | Computer Name = Prasad-PC | Source = Windows Search Service | ID = 7042
Description =

[ Media Center Events ]
Error - 11/18/2011 6:49:26 PM | Computer Name = Prasad-PC | Source = MCUpdate | ID = 0
Description = 4:19:10 AM - Error connecting to the internet. 4:19:10 AM - Unable
to contact server..

Error - 11/25/2011 10:33:53 AM | Computer Name = Prasad-PC | Source = MCUpdate | ID = 0
Description = 8:03:53 PM - Error connecting to the internet. 8:03:53 PM - Unable
to contact server..

Error - 11/25/2011 10:34:11 AM | Computer Name = Prasad-PC | Source = MCUpdate | ID = 0
Description = 8:03:58 PM - Error connecting to the internet. 8:03:58 PM - Unable
to contact server..

Error - 11/26/2011 11:28:04 AM | Computer Name = Prasad-PC | Source = MCUpdate | ID = 0
Description = 8:58:02 PM - Error connecting to the internet. 8:58:04 PM - Unable
to contact server..

Error - 11/26/2011 11:28:21 AM | Computer Name = Prasad-PC | Source = MCUpdate | ID = 0
Description = 8:58:10 PM - Error connecting to the internet. 8:58:10 PM - Unable
to contact server..

Error - 11/27/2011 5:58:43 AM | Computer Name = Prasad-PC | Source = MCUpdate | ID = 0
Description = 3:28:42 PM - Error connecting to the internet. 3:28:42 PM - Unable
to contact server..

Error - 11/27/2011 5:59:14 AM | Computer Name = Prasad-PC | Source = MCUpdate | ID = 0
Description = 3:28:53 PM - Error connecting to the internet. 3:28:53 PM - Unable
to contact server..

Error - 11/27/2011 10:31:49 AM | Computer Name = Prasad-PC | Source = MCUpdate | ID = 0
Description = 8:01:49 PM - Error connecting to the internet. 8:01:49 PM - Unable
to contact server..

Error - 11/27/2011 10:31:58 AM | Computer Name = Prasad-PC | Source = MCUpdate | ID = 0
Description = 8:01:54 PM - Error connecting to the internet. 8:01:54 PM - Unable
to contact server..

Error - 12/22/2011 12:45:36 PM | Computer Name = Prasad-PC | Source = MCUpdate | ID = 0
Description = 10:15:19 PM - Error connecting to the internet. 10:15:19 PM - Unable
to contact server..

[ OSession Events ]
Error - 12/30/2011 11:16:47 AM | Computer Name = Prasad-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1410
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/31/2011 10:03:29 AM | Computer Name = Prasad-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 1/3/2012 8:51:45 AM | Computer Name = Prasad-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 1/3/2012 5:04:30 PM | Computer Name = Prasad-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 1/4/2012 11:36:15 AM | Computer Name = Prasad-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 1/4/2012 11:56:16 AM | Computer Name = Prasad-PC | Source = BugCheck | ID = 1001
Description =

Error - 1/5/2012 9:01:12 PM | Computer Name = Prasad-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:45:57 PM on ?1/?5/?2012 was unexpected.

Error - 1/6/2012 12:04:26 PM | Computer Name = Prasad-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:32:53 PM on ?1/?6/?2012 was unexpected.

Error - 1/6/2012 12:04:33 PM | Computer Name = PRASAD-PC | Source = BugCheck | ID = 1001
Description =

Error - 1/6/2012 12:05:22 PM | Computer Name = Prasad-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473536.

Error - 1/6/2012 12:05:22 PM | Computer Name = Prasad-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.


< End of report >

prasad2002
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2012-01-06
OS OS : windows 7
Points Points : 17959
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help for removal of VBS:ExeDropper-gen[Trj] from my PC

Post by Belahzur on Fri Jan 13, 2012 1:24 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum