Tech Support banner

Status
Not open for further replies.
1 - 20 of 26 Posts

·
Registered
Joined
·
22 Posts
Discussion Starter #1
I am having trouble with the browser redirect virus. When I click a website on the google search page it takes me to search netsite webpage. If I paste that url directly there is no issue. Tried all anti virus, malware, spyware, combifix and so on.. nothing works pls help
 

·
Registered
Joined
·
2,045 Posts
Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post the logs in your next reply for my review.
 

·
Registered
Joined
·
2,045 Posts
I'll see what I can do. In the meantime just continue on with the instructions I posted for you. You should still be able to post your logs.
 

·
Registered
Joined
·
22 Posts
Discussion Starter #5
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:05:13 PM, on 3/6/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Sophos\AutoUpdate\almon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://skynet/logintime/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Progressive Digital Media
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: CutePDF Form Filler - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files\Acro Software\CutePDF Filler Evaluation\CPFillerCoE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [WordWeb] "C:\Program Files\WordWeb\wweb32.exe" -startup
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [SkyTel] "SkyTel.EXE"
O4 - HKLM\..\Run: [AzMixerSel] "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe"
O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:eek:n /alerts:eek:n /notifications:eek:n /systrayIcon:eek:n /fl:eek:n /fr:eek:n /appData:eek:n
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SecurDisc] "C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Nero\Nero 7\InCD\InCD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\almon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\application data\sophos web intelligence\swi_lsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\application data\sophos web intelligence\swi_lsp.dll
O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\application data\sophos web intelligence\swi_lsp.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278507202458
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1304874379453
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pdm.net
O17 - HKLM\Software\..\Telephony: DomainName = pdm.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pdm.net
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Limited - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Limited - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos Agent - Sophos Limited - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Limited - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Device Control Service - Sophos Limited - C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe
O23 - Service: Sophos Message Router - Sophos Limited - C:\Program Files\Sophos\Remote Management System\RouterNT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sophos Web Intelligence Service (swi_service) - Sophos Limited - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 12158 bytes
 

·
Registered
Joined
·
2,045 Posts
Please try these for me:

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
    %systemroot%\*. /rp /s
    netsvcs
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and paste them into your next post.
Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • OTL.txt and Extras.txt logs
  • aswMBR log
 

·
Registered
Joined
·
22 Posts
Discussion Starter #8
OTL Extras logfile created on: 3/7/2012 1:59:29 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\manindersingh.PDM\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 48.56% Memory free
3.34 Gb Paging File | 2.63 Gb Available in Paging File | 78.69% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.07 Gb Total Space | 8.38 Gb Free Space | 21.46% Space Free | Partition Type: NTFS
Drive D: | 28.94 Gb Total Space | 5.67 Gb Free Space | 19.58% Space Free | Partition Type: NTFS
Drive S: | 544.49 Gb Total Space | 9.73 Gb Free Space | 1.79% Space Free | Partition Type: NTFS

Computer Name: DMV50666 | User Name: manindersingh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
"7083:TCP" = 7083:TCP:*:Enabled:mad:xpsp2res.dll,-22009
"80:TCP" = 80:TCP:*:Enabled:mad:xpsp2res.dll,-22009
"7339:TCP" = 7339:TCP:*:Enabled:mad:xpsp2res.dll,-22009
"48658:TCP" = 48658:TCP:*:Enabled:mad:xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
"7083:TCP" = 7083:TCP:*:Enabled:mad:xpsp2res.dll,-22009
"7339:TCP" = 7339:TCP:*:Enabled:mad:xpsp2res.dll,-22009
"48658:TCP" = 48658:TCP:*:Enabled:mad:xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AtomPark\Atomic Email Hunter\AtomicEmailHunter.exe" = C:\Program Files\AtomPark\Atomic Email Hunter\AtomicEmailHunter.exe:*:Enabled:Atomic Email Hunter -- (AtomPark Software Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01ADCC5D-45B4-45E4-AC5C-C06E044B16DF}" = hppIOFiles
"{0EF45FEA-E3C1-4660-854A-810C1BA169E2}" = hppLJ3390
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{173D5E9E-8ABC-4EB2-B371-18AF8812A91D}" = hppFaxUtility
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216012F0}" = Java(TM) 6 Update 12
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D82392D-AF90-4159-9A14-887BBC835191}" = hpp3390usg
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5CDF6674-78CA-4B1F-A3CA-BA7EAC6E4E0B}" = Nitro PDF Professional
"{606E5C0D-6039-42A7-988E-9D51DE773AFF}" = hppFonts
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{663D8AAF-CB71-4056-8C60-1D85BC576C6E}" = hppTooCool
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B677453-F9D2-4387-B030-E669B28B8A08}" = hppToolBoxFX
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{993CD8D4-AED6-45E2-8AA5-D7DFAA60DE6F}" = hppScanTo
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9B4E6CB9-E54D-47F7-A414-E2D5740E1033}" = Nero 7 Essentials
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0B42136-C813-4FB4-84A1-C41E6F12410B}" = hppSendFax
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5A93185-26A8-4F02-B021-D6E6A4396441}" = hppManuals3390
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5E31EEE-CD8A-4E01-87F1-119C4A3201FD}" = hppscan3390
"{DB7F1657-6164-40AE-8A94-8F785C0C3E3F}" = hppFaxDrv3390
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E94E150C-762B-4cd1-8A54-7228A07C0710}" = HP LaserJet 3050/3052/3055/3390/3392 2.0
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1CECE09-7CBE-4E98-B435-DA87CDA86167}" = Skype™ 5.3
"{F2270CE2-0373-4D39-8783-2F1542B7D310}" = hpzTLBXFX
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}" = LAN-Express AS IEEE 802.11 Wireless LAN
"{FE3F3C9B-2C29-4FEE-A74F-11E436729F2C}" = Scan
"{FED1005D-CBC8-45D5-A288-FFC7BB304121}" = Sophos Remote Management System
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AtomicEmailHunter_is1" = Atomic Email Hunter 4.75
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Form Filler (Evaluation)_is1" = CutePDF Form Filler 3.5 (Evaluation)
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Free All to Image Jpg/Jpeg Bmp Tiff Png Converter_is1" = Free All to Image Jpg/Jpeg Bmp Tiff Png Converter 5.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 1.99.1
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"Huawei Access Manager" = Huawei Access Manager
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mini Scan to Word OCR Converter v3.2_is1" = mini Scan to Word OCR Converter v3.2
"Mozilla Firefox (3.6.26)" = Mozilla Firefox (3.6.26)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel(R) PROSet/Wireless Software
"STANDARD" = Microsoft Office Standard 2007
"Sync for Outlook" = Sync for Outlook 1.2.2
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 1.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WordWeb" = WordWeb
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/6/2012 8:31:49 AM | Computer Name = DMV50666 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (An unexpected network error occurred. ). Group Policy processing aborted.


Error - 3/6/2012 8:33:50 AM | Computer Name = DMV50666 | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/6/2012 8:33:51 AM | Computer Name = DMV50666 | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/6/2012 8:33:51 AM | Computer Name = DMV50666 | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/6/2012 8:33:51 AM | Computer Name = DMV50666 | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/6/2012 8:56:43 AM | Computer Name = DMV50666 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/6/2012 10:25:05 AM | Computer Name = DMV50666 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (An unexpected network error occurred. ). Group Policy processing aborted.


Error - 3/6/2012 10:28:04 AM | Computer Name = DMV50666 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (An unexpected network error occurred. ). Group Policy processing aborted.


Error - 3/6/2012 11:47:43 AM | Computer Name = DMV50666 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/6/2012 11:56:40 AM | Computer Name = DMV50666 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (An unexpected network error occurred. ). Group Policy processing aborted.


[ OSession Events ]
Error - 2/3/2012 12:58:38 PM | Computer Name = DMV50666 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9609
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/6/2012 8:42:10 AM | Computer Name = DMV50666 | Source = Service Control Manager | ID = 7023
Description = The CD-Burning Filter Support service terminated with the following
error: %%126

Error - 3/6/2012 8:49:49 AM | Computer Name = DMV50666 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain PDM due to the following:
%%1722. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 3/6/2012 10:10:23 AM | Computer Name = DMV50666 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain PDM due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 3/6/2012 11:59:17 AM | Computer Name = DMV50666 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avast! Antivirus service.

Error - 3/6/2012 11:59:47 AM | Computer Name = DMV50666 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the service.

Error - 3/6/2012 12:02:12 PM | Computer Name = DMV50666 | Source = Service Control Manager | ID = 7034
Description = The Advanced SystemCare Service 5 service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/7/2012 4:20:09 AM | Computer Name = DMV50666 | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 3/7/2012 4:20:09 AM | Computer Name = DMV50666 | Source = Service Control Manager | ID = 7023
Description = The CD-Burning Filter Support service terminated with the following
error: %%126

Error - 3/7/2012 4:20:45 AM | Computer Name = DMV50666 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 3/7/2012 4:27:25 AM | Computer Name = DMV50666 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain PDM due to the following:
%%1722. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.


< End of report >
 

·
Registered
Joined
·
22 Posts
Discussion Starter #9
OTL logfile created on: 3/7/2012 1:59:19 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\manindersingh.PDM\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 48.56% Memory free
3.34 Gb Paging File | 2.63 Gb Available in Paging File | 78.69% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.07 Gb Total Space | 8.38 Gb Free Space | 21.46% Space Free | Partition Type: NTFS
Drive D: | 28.94 Gb Total Space | 5.67 Gb Free Space | 19.58% Space Free | Partition Type: NTFS
Drive S: | 544.49 Gb Total Space | 9.73 Gb Free Space | 1.79% Space Free | Partition Type: NTFS

Computer Name: DMV50666 | User Name: manindersingh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/07 13:58:14 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\manindersingh.PDM\Desktop\OTL.exe
PRC - [2011/10/28 16:44:37 | 000,552,472 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe
PRC - [2011/10/28 16:44:02 | 000,806,912 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe
PRC - [2011/10/28 16:44:00 | 000,282,624 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
PRC - [2011/10/11 15:44:19 | 000,167,960 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011/10/11 15:44:08 | 001,543,704 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2011/08/04 17:58:27 | 000,099,864 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2011/05/07 01:06:09 | 000,494,616 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2011/05/07 01:06:08 | 000,232,472 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2011/03/21 11:17:44 | 000,196,928 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2009/11/08 23:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2008/11/10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/15 15:55:46 | 001,628,208 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007/05/15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/05/15 15:55:26 | 001,057,328 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2006/02/02 08:12:30 | 000,045,056 | ---- | M] (HP) -- C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
PRC - [2005/10/22 20:47:00 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/28 16:44:04 | 000,753,664 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\libeay32.dll
MOD - [2011/10/28 16:44:04 | 000,176,128 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_DynamicAny.dll
MOD - [2011/10/28 16:44:04 | 000,032,256 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_Valuetype.dll
MOD - [2011/10/28 16:44:03 | 000,237,568 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_SSLIOP.dll
MOD - [2011/10/28 16:44:02 | 001,531,904 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO.dll
MOD - [2011/10/28 16:44:00 | 001,048,576 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\ace.dll
MOD - [2011/10/28 16:43:59 | 000,733,184 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_Security.dll
MOD - [2011/10/28 16:43:59 | 000,159,744 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\ssleay32.dll
MOD - [2011/10/28 16:43:58 | 000,528,384 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_PortableServer.dll
MOD - [2011/10/28 16:43:58 | 000,056,832 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\ACE_SSL.dll
MOD - [2011/10/12 15:54:30 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_81b8526c\mscorlib.dll
MOD - [2011/10/12 15:54:26 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_ddc644f0\system.drawing.dll
MOD - [2011/10/12 15:54:12 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_62bae0bf\system.xml.dll
MOD - [2011/10/12 15:54:04 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_84640f5b\system.windows.forms.dll
MOD - [2011/10/12 15:53:52 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_ad463ae1\system.dll
MOD - [2011/10/12 15:53:41 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/10/12 15:53:40 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2011/01/03 17:26:55 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2011/01/03 17:26:55 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2011/01/03 17:26:54 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2011/01/03 17:26:54 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2011/01/03 17:26:53 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011/01/03 17:26:52 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009/08/19 20:59:06 | 000,022,736 | ---- | M] () -- C:\Program Files\WordWeb\WUCNT.dll
MOD - [2006/07/02 21:44:10 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/07/02 21:42:44 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (mdaekheb)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - [2011/10/28 16:44:37 | 000,552,472 | ---- | M] (Sophos Limited) [On_Demand | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe -- (Sophos Device Control Service)
SRV - [2011/10/28 16:44:02 | 000,806,912 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2011/10/28 16:44:00 | 000,282,624 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2011/10/11 15:44:19 | 000,167,960 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011/10/11 15:44:08 | 001,543,704 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011/08/04 17:58:27 | 000,099,864 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011/05/07 01:06:08 | 000,232,472 | ---- | M] (Sophos Limited) [On_Demand | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/03/21 11:17:44 | 000,196,928 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2008/11/10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/05/15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005/10/22 20:47:00 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2011/10/28 16:44:59 | 000,153,728 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl)
DRV - [2011/10/28 16:44:50 | 000,024,192 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter)
DRV - [2011/10/28 16:44:43 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2011/08/04 16:30:13 | 000,024,312 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2011/05/13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/05/13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/05/13 03:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011/05/13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2011/05/13 03:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2008/07/24 12:02:36 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/05/15 15:55:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/05/15 15:55:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/05/15 15:55:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/05/15 15:55:36 | 000,016,304 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2006/08/28 16:10:06 | 000,158,208 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/07/02 23:16:30 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/06/14 04:04:00 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/23 01:56:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/10/27 15:36:52 | 000,393,088 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2005/09/20 21:52:37 | 000,009,344 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2004/09/14 13:55:44 | 000,088,960 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2001/08/17 12:51:20 | 000,020,752 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Google Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://skynet/logintime/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN India - Hotmail, News, Cricket, Bollywood, Video, Messenger, Download IE9 & More...
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 D2 B4 9A 0D 88 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Google Search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/24 18:16:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/24 18:16:21 | 000,000,000 | ---D | M]

[2011/10/13 15:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\manindersingh.PDM\Application Data\Mozilla\Extensions
[2011/10/13 15:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\manindersingh.PDM\Application Data\Mozilla\Firefox\Profiles\mkhzr0a1.default\extensions
[2012/03/06 21:35:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/24 13:25:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/22 13:20:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/03/06 21:35:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/06 21:35:33 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012/03/06 21:35:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/06/02 14:26:57 | 000,002,236 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml

O1 HOSTS File: ([2012/02/28 19:21:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (CutePDF Form Filler Helper) - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files\Acro Software\CutePDF Filler Evaluation\CPFillerCoE.dll (Acro Software Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe (WordWeb Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylockeduserid = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper = \\192.168.110.240\pdm\Corporate\IT\Information\IT Policy\Mar2012.JPG
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278507202458 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1304874379453 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.110.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pdm.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4DEBF33-4549-409E-BBDA-DF0783C168C7}: NameServer = 172.18.24.3 172.18.24.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8862F1E-B2D3-4017-95A2-459F22B73185}: DhcpNameServer = 192.168.110.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/07 10:10:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2ec27dcd-4adb-11e0-9fbd-0019d2ac7034}\Shell - "" = AutoRun
O33 - MountPoints2\{2ec27dcd-4adb-11e0-9fbd-0019d2ac7034}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2ec27dcd-4adb-11e0-9fbd-0019d2ac7034}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a903d1b0-8753-11e0-a038-0019d2ac7034}\Shell - "" = AutoRun
O33 - MountPoints2\{a903d1b0-8753-11e0-a038-0019d2ac7034}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a903d1b0-8753-11e0-a038-0019d2ac7034}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: mdaekheb - File not found
NetSvcs: helpsvc - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/07 13:58:09 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\manindersingh.PDM\Desktop\OTL.exe
[2012/03/06 21:35:49 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/03/06 21:35:49 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/03/06 21:35:49 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/03/06 21:29:07 | 000,909,088 | ---- | C] (Sun Microsystems, Inc.) -- C:\JavaSetup6u31.exe
[2012/03/06 18:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/06 16:10:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\manindersingh.PDM\My Documents\My Videos
[2012/03/06 16:10:36 | 000,607,260 | R--- | C] (Swearware) -- C:\dds.scr
[2012/03/01 13:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\manindersingh.PDM\Local Settings\Application Data\PackageAware
[2012/02/29 20:46:49 | 011,851,968 | ---- | C] (PlotSoft LLC) -- C:\Documents and Settings\manindersingh.PDM\My Documents\PDFill.exe
[2012/02/29 19:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\manindersingh.PDM\Desktop\New Folder (2)
[2012/02/29 16:23:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/28 19:08:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/28 19:05:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/28 19:05:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/28 19:05:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/28 19:05:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/28 19:05:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/28 19:03:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/28 18:59:04 | 004,420,957 | R--- | C] (Swearware) -- C:\Documents and Settings\manindersingh.PDM\My Documents\ComboFix.exe
[2012/02/28 18:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\manindersingh.PDM\Application Data\TeamViewer
[2012/02/28 18:20:35 | 000,000,000 | ---D | C] -- C:\backups
[2012/02/28 18:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 6
[2012/02/28 18:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012/02/24 17:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/02/24 17:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\manindersingh.PDM\Application Data\IObit
[2012/02/24 17:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/02/24 17:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\manindersingh.PDM\Application Data\SUPERAntiSpyware.com
[2012/02/24 17:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/02/24 17:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\manindersingh.PDM\Start Menu\Programs\HiJackThis
[2012/02/24 17:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/02/24 16:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2012/02/24 15:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/24 15:23:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/02/24 15:23:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/02/24 15:04:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\manindersingh.PDM\Desktop\New Folder
[2012/02/20 18:00:06 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/02/20 18:00:06 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/02/20 17:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/02/17 20:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\manindersingh.PDM\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/10 15:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\manindersingh.PDM\Desktop\Unused Desktop Shortcuts
[2012/02/09 22:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/02/09 22:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/09 21:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\manindersingh.PDM\Application Data\Malwarebytes
[2012/02/09 21:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F4D55EDB2D739527000A9F32D151FC4E
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\manindersingh.PDM\Desktop\*.tmp files -> C:\Documents and Settings\manindersingh.PDM\Desktop\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/07 14:02:23 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EB22759F-340B-476C-BA27-B915678A756E}.job
[2012/03/07 13:58:14 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\manindersingh.PDM\Desktop\OTL.exe
[2012/03/07 13:49:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc0f9037e9f10c.job
[2012/03/07 13:49:09 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012/03/07 13:48:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/06 21:36:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cc0f90386388fa.job
[2012/03/06 21:35:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/03/06 21:35:31 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/03/06 21:35:31 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/03/06 21:35:31 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/03/06 21:35:31 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/03/06 21:30:10 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/06 21:29:07 | 000,909,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\JavaSetup6u31.exe
[2012/03/06 18:44:23 | 074,920,720 | ---- | M] () -- C:\avast_free_antivirus_setup.exe
[2012/03/06 18:19:22 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/03/06 16:10:36 | 000,607,260 | R--- | M] (Swearware) -- C:\dds.scr
[2012/03/06 16:03:37 | 000,005,494 | RHS- | M] () -- C:\Documents and Settings\manindersingh.PDM\ntuser.pol
[2012/03/06 13:39:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/02 20:16:44 | 000,659,968 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\My Documents\MicrosoftFixit50195.msi
[2012/02/29 21:07:16 | 000,222,450 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\BPeSA filled excl event.pdf
[2012/02/29 20:52:19 | 005,613,950 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\My Documents\pdfedit!.exe
[2012/02/29 20:46:49 | 011,851,968 | ---- | M] (PlotSoft LLC) -- C:\Documents and Settings\manindersingh.PDM\My Documents\PDFill.exe
[2012/02/29 20:42:05 | 000,171,815 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\IOF2012_Summit_BF_BPeSA_V4.pdf
[2012/02/29 19:33:58 | 000,170,875 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\IOF2012_Summit_BF_BPeSA_V3.pdf
[2012/02/29 16:00:51 | 000,226,251 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\IOF2012-Programme-March.pdf
[2012/02/28 19:21:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/28 19:08:35 | 000,000,492 | RHS- | M] () -- C:\boot.ini
[2012/02/28 18:59:17 | 004,420,957 | R--- | M] (Swearware) -- C:\Documents and Settings\manindersingh.PDM\My Documents\ComboFix.exe
[2012/02/28 18:03:32 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 6.lnk
[2012/02/24 17:32:19 | 000,002,008 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\HiJackThis.lnk
[2012/02/24 15:23:47 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/24 15:23:46 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\Spybot - Search & Destroy.lnk
[2012/02/23 21:25:38 | 000,371,235 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\koovs-Coupon__14_.pdf
[2012/02/23 14:35:23 | 004,650,488 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\remalechestreduction.zip
[2012/02/22 18:34:22 | 000,918,308 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\My Documents\mkmytrip[1].rtf
[2012/02/22 14:39:35 | 000,004,858 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/02/20 20:02:55 | 002,910,876 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\DSC02545.JPG
[2012/02/20 20:02:10 | 000,015,034 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\34_2.jpg
[2012/02/20 18:37:31 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/02/20 16:18:45 | 000,108,745 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\MakeMyTrip-Invoice-NF2513410340245.pdf
[2012/02/20 15:21:23 | 000,058,937 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\My Documents\gg
[2012/02/10 18:19:59 | 000,282,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/09 20:23:42 | 000,390,381 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\IOF-MediaPack-2012.pdf
[2012/02/09 20:16:42 | 000,202,990 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\IOF-2012-Programme.pdf
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\manindersingh.PDM\Desktop\*.tmp files -> C:\Documents and Settings\manindersingh.PDM\Desktop\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/06 18:44:18 | 074,920,720 | ---- | C] () -- C:\avast_free_antivirus_setup.exe
[2012/03/02 20:16:42 | 000,659,968 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\My Documents\MicrosoftFixit50195.msi
[2012/02/29 21:07:16 | 000,222,450 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\BPeSA filled excl event.pdf
[2012/02/29 20:52:19 | 005,613,950 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\My Documents\pdfedit!.exe
[2012/02/29 20:42:04 | 000,171,815 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\IOF2012_Summit_BF_BPeSA_V4.pdf
[2012/02/29 19:33:55 | 000,170,875 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\IOF2012_Summit_BF_BPeSA_V3.pdf
[2012/02/29 16:00:49 | 000,226,251 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\IOF2012-Programme-March.pdf
[2012/02/28 19:08:35 | 000,000,377 | ---- | C] () -- C:\Boot.bak
[2012/02/28 19:08:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/28 19:05:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/28 19:05:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/28 19:05:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/28 19:05:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/28 19:05:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/28 18:03:32 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 6.lnk
[2012/02/24 17:32:19 | 000,002,008 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\HiJackThis.lnk
[2012/02/24 15:23:47 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/24 15:23:46 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\Spybot - Search & Destroy.lnk
[2012/02/23 21:25:36 | 000,371,235 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\koovs-Coupon__14_.pdf
[2012/02/23 14:35:15 | 004,650,488 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\remalechestreduction.zip
[2012/02/22 18:34:22 | 000,918,308 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\My Documents\mkmytrip[1].rtf
[2012/02/20 20:02:55 | 002,910,876 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\DSC02545.JPG
[2012/02/20 20:02:08 | 000,015,034 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\34_2.jpg
[2012/02/20 16:18:44 | 000,108,745 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\MakeMyTrip-Invoice-NF2513410340245.pdf
[2012/02/20 15:21:22 | 000,058,937 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\My Documents\gg
[2012/02/09 20:23:40 | 000,390,381 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\IOF-MediaPack-2012.pdf
[2012/02/08 16:13:23 | 000,202,990 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\IOF-2012-Programme.pdf
[2011/09/26 14:45:21 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/08/11 16:02:41 | 000,000,454 | ---- | C] () -- C:\WINDOWS\docimg.INI
[2011/05/08 23:42:31 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2011/04/25 13:08:36 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/14 20:12:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/14 20:12:32 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.dat
[2011/01/03 14:52:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2011/01/03 14:52:00 | 000,001,283 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2011/01/03 14:51:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPPAPR01.DLL
[2011/01/03 14:51:47 | 000,000,508 | ---- | C] () -- C:\WINDOWS\System32\HPPAPR01.DAT
[2011/01/03 14:47:56 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\WLANDLL.DLL
[2011/01/03 14:47:44 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/01/03 14:47:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/01/03 14:43:06 | 000,053,603 | ---- | C] () -- C:\WINDOWS\hppins02.dat
[2011/01/03 14:43:06 | 000,002,009 | ---- | C] () -- C:\WINDOWS\hppmdl02.dat
[2010/07/08 15:32:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/07/07 17:39:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2010/07/07 17:32:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/07 15:14:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/07 15:13:37 | 000,282,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/07 10:12:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/07 10:07:19 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== Custom Scans ==========


< %systemroot%\*. /rp /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
< End of report >
 

·
Registered
Joined
·
22 Posts
Discussion Starter #10
swMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-07 14:13:58
-----------------------------
14:13:58.932 OS Version: Windows 5.1.2600 Service Pack 3
14:13:58.932 Number of processors: 2 586 0xF02
14:13:58.932 ComputerName: DMV50666 UserName:
14:14:03.228 Initialize success
14:14:10.243 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
14:14:10.243 Disk 0 Vendor: HTS541080G9SA00 MB4OC60R Size: 76319MB BusType: 3
14:14:10.274 Disk 0 MBR read successfully
14:14:10.274 Disk 0 MBR scan
14:14:10.274 Disk 0 Windows XP default MBR code
14:14:10.290 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 6675 MB offset 2048
14:14:10.305 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 40005 MB offset 13672448
14:14:10.305 Disk 0 Partition - 00 0F Extended LBA 29635 MB offset 95602815
14:14:10.336 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 29635 MB offset 95602878
14:14:10.336 Disk 0 scanning sectors +156296385
14:14:10.415 Disk 0 scanning C:\WINDOWS\system32\drivers
14:14:17.304 Service scanning
14:14:30.709 Modules scanning
14:14:42.535 Disk 0 trace - called modules:
14:14:42.551 ntkrnlpa.exe CLASSPNP.SYS disk.sys ntkrnlpa.exe ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:14:42.551 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a32bab8]
14:14:42.551 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000007d[0x8a32c9e8]
14:14:42.551 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a31cd98]
14:14:42.551 Scan finished successfully
14:15:06.142 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\manindersingh.PDM\Desktop\MBR.dat"
14:15:06.157 The log file has been saved successfully to "C:\Documents and Settings\manindersingh.PDM\Desktop\aswMBR.txt"
 

·
Registered
Joined
·
2,045 Posts
Please do this next:

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code:
    :Files
    dir C:\Documents and Settings\All Users\Application Data\F4D55EDB2D739527000A9F32D151FC4E /c
    :Commands
    [ResetHosts]
    [EmptyTemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.
Please include the following in your next post:
  • OTL Fix log
  • MBAM log
 

·
Registered
Joined
·
22 Posts
Discussion Starter #12
OTL logfile created on: 3/9/2012 1:22:08 PM - Run 2
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\manindersingh.PDM\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 49.93% Memory free
3.34 Gb Paging File | 2.69 Gb Available in Paging File | 80.45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.07 Gb Total Space | 8.40 Gb Free Space | 21.51% Space Free | Partition Type: NTFS
Drive D: | 28.94 Gb Total Space | 5.62 Gb Free Space | 19.40% Space Free | Partition Type: NTFS
Drive S: | 544.49 Gb Total Space | 8.41 Gb Free Space | 1.54% Space Free | Partition Type: NTFS

Computer Name: DMV50666 | User Name: manindersingh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/07 13:58:14 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\manindersingh.PDM\Desktop\OTL.exe
PRC - [2011/10/28 16:44:02 | 000,806,912 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe
PRC - [2011/10/28 16:44:00 | 000,282,624 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
PRC - [2008/12/09 16:46:23 | 000,069,632 | ---- | M] (Sophos Plc) -- c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2008/12/09 16:44:25 | 000,098,304 | ---- | M] (Sophos Plc) -- c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2008/06/26 17:00:39 | 000,172,032 | ---- | M] (Sophos Plc) -- c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/21 12:18:00 | 000,245,760 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/28 16:44:04 | 000,753,664 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\libeay32.dll
MOD - [2011/10/28 16:44:04 | 000,176,128 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_DynamicAny.dll
MOD - [2011/10/28 16:44:04 | 000,032,256 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_Valuetype.dll
MOD - [2011/10/28 16:44:03 | 000,237,568 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_SSLIOP.dll
MOD - [2011/10/28 16:44:02 | 001,531,904 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO.dll
MOD - [2011/10/28 16:44:00 | 001,048,576 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\ace.dll
MOD - [2011/10/28 16:43:59 | 000,733,184 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_Security.dll
MOD - [2011/10/28 16:43:59 | 000,159,744 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\ssleay32.dll
MOD - [2011/10/28 16:43:58 | 000,528,384 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_PortableServer.dll
MOD - [2011/10/28 16:43:58 | 000,056,832 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\ACE_SSL.dll
MOD - [2010/02/05 23:57:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/07/02 21:44:10 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/07/02 21:42:44 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (mdaekheb)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - [2011/10/28 16:44:02 | 000,806,912 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2011/10/28 16:44:00 | 000,282,624 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/03/21 11:17:44 | 000,196,928 | ---- | M] (Nitro PDF Software) [Disabled | Stopped] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2008/12/09 16:46:23 | 000,069,632 | ---- | M] (Sophos Plc) [Auto | Running] -- c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2008/12/09 16:44:25 | 000,098,304 | ---- | M] (Sophos Plc) [Auto | Running] -- c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2008/06/26 17:00:39 | 000,172,032 | ---- | M] (Sophos Plc) [Auto | Running] -- c:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2007/05/15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005/10/22 20:47:00 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2011/05/13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/05/13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/05/13 03:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011/05/13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2011/05/13 03:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2008/07/24 12:02:36 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/07/18 11:49:39 | 000,104,704 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl)
DRV - [2008/07/18 11:49:24 | 000,035,584 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter)
DRV - [2008/05/23 08:38:25 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2007/05/15 15:55:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/05/15 15:55:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/05/15 15:55:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/05/15 15:55:36 | 000,016,304 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2006/08/28 16:10:06 | 000,158,208 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/07/02 23:16:30 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/06/14 04:04:00 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/23 01:56:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/10/27 15:36:52 | 000,393,088 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2005/09/20 21:52:37 | 000,009,344 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2004/09/14 13:55:44 | 000,088,960 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2001/08/17 12:51:20 | 000,020,752 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Google Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://skynet/logintime/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN India - Hotmail, News, Cricket, Bollywood, Video, Messenger, Download IE9 & More...
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 D2 B4 9A 0D 88 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Google Search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/24 18:16:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/24 18:16:21 | 000,000,000 | ---D | M]

[2011/10/13 15:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\manindersingh.PDM\Application Data\Mozilla\Extensions
[2011/10/13 15:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\manindersingh.PDM\Application Data\Mozilla\Firefox\Profiles\mkhzr0a1.default\extensions
[2012/03/06 21:35:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/24 13:25:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/22 13:20:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/03/06 21:35:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/06 21:35:33 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012/03/06 21:35:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/06/02 14:26:57 | 000,002,236 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml

O1 HOSTS File: ([2012/02/28 19:21:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CutePDF Form Filler Helper) - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files\Acro Software\CutePDF Filler Evaluation\CPFillerCoE.dll (Acro Software Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylockeduserid = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper = \\192.168.110.240\pdm\Corporate\IT\Information\IT Policy\jan2012.jpg
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278507202458 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1304874379453 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pdm.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4DEBF33-4549-409E-BBDA-DF0783C168C7}: NameServer = 172.18.24.3 172.18.24.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8862F1E-B2D3-4017-95A2-459F22B73185}: DhcpNameServer = 192.168.110.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/07 10:10:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2ec27dcd-4adb-11e0-9fbd-0019d2ac7034}\Shell - "" = AutoRun
O33 - MountPoints2\{2ec27dcd-4adb-11e0-9fbd-0019d2ac7034}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2ec27dcd-4adb-11e0-9fbd-0019d2ac7034}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a903d1b0-8753-11e0-a038-0019d2ac7034}\Shell - "" = AutoRun
O33 - MountPoints2\{a903d1b0-8753-11e0-a038-0019d2ac7034}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a903d1b0-8753-11e0-a038-0019d2ac7034}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/07 17:46:01 | 000,130,088 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\sdccoinstaller.dll
[2012/03/07 17:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2012/03/07 17:45:22 | 000,023,552 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SophosBootTasks.exe
[2012/03/07 17:42:26 | 000,014,976 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\drivers\SophosBootDriver.sys
[2012/03/07 16:56:04 | 000,000,000 | ---D | C] -- C:\stdtsa
[2012/03/07 16:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\manindersingh.PDM\Desktop\New Folder (3)
[2012/03/07 16:27:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/03/07 14:13:48 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Documents and Settings\manindersingh.PDM\Desktop\aswMBR.exe
[2012/03/07 13:58:09 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\manindersingh.PDM\Desktop\OTL.exe
[2012/03/06 21:35:49 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/03/06 21:35:49 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/03/06 21:35:49 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/03/06 21:29:07 | 000,909,088 | ---- | C] (Sun Microsystems, Inc.) -- C:\JavaSetup6u31.exe
[2012/03/06 18:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/06 16:10:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\manindersingh.PDM\My Documents\My Videos
[2012/03/06 16:10:36 | 000,607,260 | R--- | C] (Swearware) -- C:\dds.scr
[2012/03/01 13:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\manindersingh.PDM\Local Settings\Application Data\PackageAware
[2012/02/29 20:46:49 | 011,851,968 | ---- | C] (PlotSoft LLC) -- C:\Documents and Settings\manindersingh.PDM\My Documents\PDFill.exe
[2012/02/29 19:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\manindersingh.PDM\Desktop\New Folder (2)
[2012/02/29 16:23:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/28 19:08:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/28 19:05:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/28 19:05:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/28 19:05:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/28 19:05:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/28 19:05:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/28 19:03:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/28 18:59:04 | 004,420,957 | R--- | C] (Swearware) -- C:\Documents and Settings\manindersingh.PDM\My Documents\ComboFix.exe
[2012/02/28 18:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\manindersingh.PDM\Application Data\TeamViewer
[2012/02/28 18:20:35 | 000,000,000 | ---D | C] -- C:\backups
[2012/02/28 18:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 6
[2012/02/28 18:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012/02/24 17:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/02/24 17:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\manindersingh.PDM\Application Data\IObit
[2012/02/24 17:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/02/24 17:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\manindersingh.PDM\Application Data\SUPERAntiSpyware.com
[2012/02/24 17:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/02/24 17:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\manindersingh.PDM\Start Menu\Programs\HiJackThis
[2012/02/24 17:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/02/24 16:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2012/02/24 15:23:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/02/24 15:23:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/02/24 15:04:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\manindersingh.PDM\Desktop\New Folder
[2012/02/20 18:00:06 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/02/20 18:00:06 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/02/20 17:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/02/17 20:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\manindersingh.PDM\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/10 15:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\manindersingh.PDM\Desktop\Unused Desktop Shortcuts
[2012/02/09 22:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/02/09 22:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/09 21:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\manindersingh.PDM\Application Data\Malwarebytes
[2012/02/09 21:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F4D55EDB2D739527000A9F32D151FC4E
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\manindersingh.PDM\Desktop\*.tmp files -> C:\Documents and Settings\manindersingh.PDM\Desktop\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/09 13:22:25 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EB22759F-340B-476C-BA27-B915678A756E}.job
[2012/03/09 13:14:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc0f9037e9f10c.job
[2012/03/09 13:14:08 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012/03/09 13:13:56 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cc0f90386388fa.job
[2012/03/09 13:13:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/09 13:13:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/07 20:17:48 | 000,014,161 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\My Documents\Sales_Manager_-_UK.39144034.zip
[2012/03/07 20:17:43 | 000,015,468 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\My Documents\Director_Sales_-_New_York.39144013.zip
[2012/03/07 19:40:36 | 000,005,494 | RHS- | M] () -- C:\Documents and Settings\manindersingh.PDM\ntuser.pol
[2012/03/07 18:33:51 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
[2012/03/07 17:49:19 | 000,004,858 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/03/07 17:27:52 | 090,600,384 | -H-- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\std20sasfx.exe
[2012/03/07 16:28:59 | 000,000,492 | RHS- | M] () -- C:\boot.ini
[2012/03/07 14:15:06 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\MBR.dat
[2012/03/07 14:13:48 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Documents and Settings\manindersingh.PDM\Desktop\aswMBR.exe
[2012/03/07 13:58:14 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\manindersingh.PDM\Desktop\OTL.exe
[2012/03/06 21:35:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/03/06 21:35:31 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/03/06 21:35:31 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/03/06 21:35:31 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/03/06 21:35:31 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/03/06 21:30:10 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/06 21:29:07 | 000,909,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\JavaSetup6u31.exe
[2012/03/06 18:44:23 | 074,920,720 | ---- | M] () -- C:\avast_free_antivirus_setup.exe
[2012/03/06 18:19:22 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/03/06 16:10:36 | 000,607,260 | R--- | M] (Swearware) -- C:\dds.scr
[2012/03/02 20:16:44 | 000,659,968 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\My Documents\MicrosoftFixit50195.msi
[2012/02/29 21:07:16 | 000,222,450 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\BPeSA filled excl event.pdf
[2012/02/29 20:52:19 | 005,613,950 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\My Documents\pdfedit!.exe
[2012/02/29 20:46:49 | 011,851,968 | ---- | M] (PlotSoft LLC) -- C:\Documents and Settings\manindersingh.PDM\My Documents\PDFill.exe
[2012/02/29 20:42:05 | 000,171,815 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\IOF2012_Summit_BF_BPeSA_V4.pdf
[2012/02/29 19:33:58 | 000,170,875 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\IOF2012_Summit_BF_BPeSA_V3.pdf
[2012/02/29 16:00:51 | 000,226,251 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\IOF2012-Programme-March.pdf
[2012/02/28 19:21:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/28 18:59:17 | 004,420,957 | R--- | M] (Swearware) -- C:\Documents and Settings\manindersingh.PDM\My Documents\ComboFix.exe
[2012/02/28 18:03:32 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 6.lnk
[2012/02/24 17:32:19 | 000,002,008 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\HiJackThis.lnk
[2012/02/23 21:25:38 | 000,371,235 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\koovs-Coupon__14_.pdf
[2012/02/22 18:34:22 | 000,918,308 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\My Documents\mkmytrip[1].rtf
[2012/02/20 20:02:55 | 002,910,876 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\DSC02545.JPG
[2012/02/20 20:02:10 | 000,015,034 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\34_2.jpg
[2012/02/20 18:37:31 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/02/20 16:18:45 | 000,108,745 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\MakeMyTrip-Invoice-NF2513410340245.pdf
[2012/02/20 15:21:23 | 000,058,937 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\My Documents\gg
[2012/02/10 18:19:59 | 000,282,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/09 20:23:42 | 000,390,381 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\IOF-MediaPack-2012.pdf
[2012/02/09 20:16:42 | 000,202,990 | ---- | M] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\IOF-2012-Programme.pdf
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\manindersingh.PDM\Desktop\*.tmp files -> C:\Documents and Settings\manindersingh.PDM\Desktop\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/07 20:17:48 | 000,014,161 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\My Documents\Sales_Manager_-_UK.39144034.zip
[2012/03/07 20:17:42 | 000,015,468 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\My Documents\Director_Sales_-_New_York.39144013.zip
[2012/03/07 18:04:27 | 090,600,384 | -H-- | C] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\std20sasfx.exe
[2012/03/07 17:46:47 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
[2012/03/07 14:15:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\MBR.dat
[2012/03/06 18:44:18 | 074,920,720 | ---- | C] () -- C:\avast_free_antivirus_setup.exe
[2012/03/02 20:16:42 | 000,659,968 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\My Documents\MicrosoftFixit50195.msi
[2012/02/29 21:07:16 | 000,222,450 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\BPeSA filled excl event.pdf
[2012/02/29 20:52:19 | 005,613,950 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\My Documents\pdfedit!.exe
[2012/02/29 20:42:04 | 000,171,815 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\IOF2012_Summit_BF_BPeSA_V4.pdf
[2012/02/29 19:33:55 | 000,170,875 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\IOF2012_Summit_BF_BPeSA_V3.pdf
[2012/02/29 16:00:49 | 000,226,251 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\IOF2012-Programme-March.pdf
[2012/02/28 19:08:35 | 000,000,377 | ---- | C] () -- C:\Boot.bak
[2012/02/28 19:08:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/28 19:05:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/28 19:05:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/28 19:05:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/28 19:05:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/28 19:05:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/28 18:03:32 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 6.lnk
[2012/02/24 17:32:19 | 000,002,008 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\HiJackThis.lnk
[2012/02/23 21:25:36 | 000,371,235 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\Desktop\koovs-Coupon__14_.pdf
[2012/02/22 18:34:22 | 000,918,308 | ---- | C] () -- C:\Documents and Settings\manindersingh.PDM\My Documents\mkmytrip[1].rtf
 

·
Registered
Joined
·
22 Posts
Discussion Starter #13
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.09.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
manindersingh :: DMV50666 [administrator]
3/9/2012 2:56:03 PM
mbam-log-2012-03-09 (15-32-49).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 390586
Time elapsed: 35 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop|NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceActiveDesktopOn (PUM.Hijack.Desktop) -> Bad: (1) Good: (0) -> No action taken.
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
D:\System Volume Information\_restore{457493D0-B8D6-45A2-8194-715751B2AC47}\RP179\A0114054.exe (Adware.Agent) -> No action taken.
(end)
 

·
Registered
Joined
·
2,045 Posts
It looks like you ran another OTL scan instead of the fix I posted - Please try these instructions again (read them carefully):

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code:
    :Files
    dir C:\Documents and Settings\All Users\Application Data\F4D55EDB2D739527000A9F32D151FC4E /c
    :Commands
    [ResetHosts]
    [EmptyTemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Now run MBAM again, but this time let it fix everything but this:

D:\System Volume Information\_restore{457493D0-B8D6-45A2-8194-715751B2AC47}\RP179\A0114054.exe (Adware.Agent)

Please include the following in your next post:
  • OTL Fix log
  • MBAM log
 

·
Registered
Joined
·
22 Posts
Discussion Starter #15
All processes killed
========== FILES ==========
< dir C:\Documents and Settings\All Users\Application Data\F4D55EDB2D739527000A9F32D151FC4E /c >
C:\Documents and Settings\manindersingh.PDM\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\manindersingh.PDM\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: itadmin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: manindersingh
->Temp folder emptied: 1157235860 bytes
->Temporary Internet Files folder emptied: 3576037292 bytes
->Java cache emptied: 290314 bytes
->FireFox cache emptied: 42603528 bytes
->Flash cache emptied: 124859 bytes

User: manindersingh.PDM
->Temp folder emptied: 41863516 bytes
->Temporary Internet Files folder emptied: 9787036 bytes
->Java cache emptied: 1191262 bytes
->FireFox cache emptied: 97957920 bytes
->Flash cache emptied: 40347 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 29682 bytes
->Flash cache emptied: 39611 bytes

User: pshekhar
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: satyaa
->Temp folder emptied: 198980 bytes
->Temporary Internet Files folder emptied: 3711661 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

User: vishnur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5243058 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1857 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3636751 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3313578 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4,714.00 mb


OTL by OldTimer - Version 3.2.35.1 log created on 03122012_141941
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\manindersingh\Local Settings\Temp\Temporary Internet Files\Content.IE5\8UBQUA0G\97dIZNTE09PVdTaWj7lnMXPoj7PvgOwB9B2Z4Ng0yJW6yn1zg9cK3snwTioP3DLdwauRL3zDhiWq7HJflZU62yvItvrXm75hZ1z8H5_8Ua1b3jXyGznVll80iVf1VtpW8uegrYTBpf8lKiVAyliWmSmUV65CtpG5xCB28d16VI[1].png not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temp\fla1.tmp not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temp\fla2.tmp not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temp\fla3.tmp not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temp\fla4.tmp not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temp\~DF91CB.tmp not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temp\~DF91D8.tmp not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temp\~DF9226.tmp not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temp\~DF9233.tmp not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temp\~DF934E.tmp not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temp\~DF935B.tmp not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\YFD7HZTP\281411[1].html not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\YFD7HZTP\281411[2].html not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\YFD7HZTP\4536[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\YFD7HZTP\acb[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\YFD7HZTP\adoapn_AppNexusDemoActionTag_1[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\YFD7HZTP\c=851_rand=457102712_pv=y_rt=ifr[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\YFD7HZTP\c=851_rand=545491899_pv=y_rt=ifr[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\YFD7HZTP\c=851_rand=637918519_pv=y_rt=ifr[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\YFD7HZTP\c=939_rand=610478521_pv=y_rt=ifr[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\YFD7HZTP\ctrl_notify[1].htc not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\YFD7HZTP\ctrl_tree[1].htc not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\YFD7HZTP\iframe3[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\YFD7HZTP\iframe3[2].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\YFD7HZTP\likebox[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\YFD7HZTP\ManinderS[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\YFD7HZTP\md[2].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\YFD7HZTP\net[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\JUKUXW1D\281411[1].html not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\JUKUXW1D\4651[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\JUKUXW1D\acb[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\JUKUXW1D\ca[1].html not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\JUKUXW1D\ctrl_view[1].htc not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\JUKUXW1D\d[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\JUKUXW1D\px[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\JUKUXW1D\px[2].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\JUKUXW1D\search-netsite-virus-633599[1].html not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\JUKUXW1D\st[1] not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\JUKUXW1D\st[2] not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\JUKUXW1D\st[3] not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\JUKUXW1D\welcome[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\GR6SUZNE\2554[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\GR6SUZNE\281411[1].html not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\GR6SUZNE\acb[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\GR6SUZNE\c=851_rand=266811217_pv=y_rt=ifr[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\GR6SUZNE\c=939_rand=134993305_pv=y_rt=ifr[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\GR6SUZNE\Inbox[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\GR6SUZNE\st[1] not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\GR6SUZNE\st[2] not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\2EVR0A0X\acb[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\2EVR0A0X\acb[2].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\2EVR0A0X\blank[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\2EVR0A0X\c=939_rand=273544731_pv=y_rt=ifr[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\2EVR0A0X\c=939_rand=988875218_pv=y_rt=ifr[1].htm not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\2EVR0A0X\ctrl_reminder[1].htc not found!
File\Folder C:\Documents and Settings\manindersingh.PDM\Local Settings\Temporary Internet Files\Content.IE5\2EVR0A0X\st[3] not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_87c.dat not found!
Registry entries deleted on Reboot...
 

·
Registered
Joined
·
22 Posts
Discussion Starter #16
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.12.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
manindersingh :: DMV50666 [administrator]
3/12/2012 3:20:44 PM
mbam-log-2012-03-12 (16-02-25).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 383079
Time elapsed: 41 minute(s), 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop|NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceActiveDesktopOn (PUM.Hijack.Desktop) -> Bad: (1) Good: (0) -> No action taken.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 

·
Registered
Joined
·
2,045 Posts
How is your computer running now? Please do this next:

Please go to here to run an online scan with ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running now?
  • ESET log
 

·
Registered
Joined
·
22 Posts
Discussion Starter #18
\C Drive\Documents and Settings\manindersingh.DMVENTURES\Local Settings\Temporary Internet Files\Content.IE5\GEDR3LJU\ajs[1].php HTML/Iframe.B.Gen virus
D:\winzip155.exe Win32/OpenCandy application
D:\winzip160.exe Win32/OpenCandy application
D:\05-07-2007 BACKUP\My Documents\My Pictures\about.Brontok.A.html Win32/Brontok.A virus
D:\13-11-07\My Documents\My Pictures\about.Brontok.A.html Win32/Brontok.A virus
Operating memory a variant of Win32/PSW.Papras.CA trojan
 

·
Registered
Joined
·
22 Posts
Discussion Starter #19
computer is better but not fully clean I reckon.

I havent delegated the viruses found in in the eset scan waiting for your instructions to delete
 

·
Registered
Joined
·
2,045 Posts
Please do this next:

Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

  • Once the Microsoft Windows Recovery Console is installed click on Yes[/b], to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please include the following in your next post:
  • TDSSKiller log
  • ComboFix log
 
1 - 20 of 26 Posts
Status
Not open for further replies.
Top