Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus blocking antivirus softwares from loading


  • This topic is locked This topic is locked
24 replies to this topic

#1 B.M.Jaffr Ali

B.M.Jaffr Ali

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chennai, India.
  • Local time:01:04 AM

Posted 24 February 2010 - 09:46 AM

I have recently reinstalled xp in my compaq presario laptop. I could not load antivirus becouse it is not going to the site. I used Kaspersky before so I wanted to continue. Initially I thought there is some bug in the network. Later I realized, some virus infected which does not enable accessing any of antivirus website, and hence non of free antivirus or licenced antivirus could be installed. AVG, avast, kaspersky or any other websites could not be accessed by the browser.

I had installed Malwarebytes antimalware and did many scan. It detected some things which I removed. Still the problem continued. I come across this help through the link. I solicit help to get back my system virus free.


DDS (Ver_09-12-01.01) - NTFSx86
Run by B M Jaffar Ali at 18:34:09.67 on Wed 02/24/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1270.897 [GMT 5.5:30]

AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Opera\opera.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\B M Jaffar Ali\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 4.0\distillr\AcroTray.exe
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 7.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Notify: Sebring - c:\windows\system32\LgNotify.dll
LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\kkqmjd.sys --> c:\windows\system32\drivers\kkqmjd.sys [?]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2002-10-3 31504]
S2 wywxr;Update Support;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-2-24 27064]

=============== Created Last 30 ================

2010-02-24 13:02:11 0 ----a-w- c:\documents and settings\b m jaffar ali\defogger_reenable
2010-02-24 09:45:51 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-02-23 14:57:37 0 d-----w- c:\docume~1\bmjaff~1\applic~1\Malwarebytes
2010-02-23 14:57:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-23 14:57:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-23 14:57:32 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-23 14:57:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2004-10-01 09:30:16 118784 ----a-w- c:\program files\Uninstall_CDS.exe
2009-03-21 14:06:58 166275 --sha-r- c:\windows\system32\fgidyc.dll
2009-06-05 09:30:23 360480 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-05 09:30:23 40480 --sha-w- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 18:34:26.29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:34 PM

Posted 26 February 2010 - 08:12 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:34 PM

Posted 06 March 2010 - 04:11 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:34 PM

Posted 08 March 2010 - 11:16 AM

Hi,

topic has been reopened. Please post your logs.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 B.M.Jaffr Ali

B.M.Jaffr Ali
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chennai, India.
  • Local time:01:04 AM

Posted 09 March 2010 - 01:46 AM

HI I COULD NOT TRACK THIS TOPIC AS ADVISED FOR FASTER FOLLOW-UP/ RESPONSE. IT SAYS ' ERROR MESSAGE', 'YOUR ARE ALREADY SUBSCRIBED TO THIS FORUM'.
PLEASE FIND BELOW MY POST AS PER THE INSTRUCTION.
-------

OTL logfile created on: 3/9/2010 11:50:04 AM - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\B M Jaffar Ali\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 9.83 Gb Free Space | 49.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54.52 Gb Total Space | 7.44 Gb Free Space | 13.64% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AU-TBFHDECDHYO2
Current User Name: B M Jaffar Ali
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/09 11:48:03 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B M Jaffar Ali\Desktop\OTL.exe
PRC - [2009/11/20 19:01:18 | 000,910,120 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008/04/14 05:42:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/08 17:24:46 | 000,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2004/03/03 16:47:10 | 000,376,832 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe
PRC - [2004/03/03 16:43:42 | 000,184,320 | ---- | M] (Intel) -- C:\WINDOWS\system32\1XConfig.exe
PRC - [2004/03/03 16:43:12 | 000,311,363 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe
PRC - [2004/03/03 16:42:36 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [1999/03/12 08:07:38 | 000,121,344 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe


========== Modules (SafeList) ==========

MOD - [2010/03/09 11:48:03 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B M Jaffar Ali\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2005/07/08 17:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2004/03/03 16:43:12 | 000,311,363 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/03/03 16:42:36 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (abp470n5)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/05/11 19:40:05 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2009/03/27 19:09:20 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2008/06/20 16:38:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/14 00:26:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 00:23:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2006/03/31 15:41:40 | 000,193,056 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/03/21 23:41:30 | 000,349,696 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2006/03/21 23:40:46 | 000,038,144 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/08/24 15:23:14 | 003,289,088 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/07/08 19:47:32 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005/07/08 17:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/07/08 17:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004/12/15 16:18:34 | 000,207,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/12/15 16:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 16:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/09/21 10:49:46 | 003,151,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel®
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/05 15:16:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/09/15 10:20:18 | 000,011,258 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2002/10/03 00:09:08 | 000,031,504 | ---- | M] (Robert Schlabbach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RMSPPPOE.SYS -- (RMSPPPOE) WAN Miniport (PPP over Ethernet Protocol)
DRV - [2002/01/07 21:01:02 | 000,448,512 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nipalk.sys -- (NIPALK)
DRV - [2001/08/23 11:30:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 11:30:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2052111302-1935655697-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2052111302-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2001/08/23 17:30:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2052111302-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2052111302-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-21-2052111302-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-2052111302-1935655697-839522115-1003\..Trusted Domains: kaspersky.com ([www] * in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.1 192.168.2.201
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Sebring: DllName - c:\WINDOWS\system32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/18 21:17:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{07e14e1a-79cd-11de-9395-00150050f3fc}\Shell - "" = AutoRun
O33 - MountPoints2\{07e14e1a-79cd-11de-9395-00150050f3fc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{07e14e1b-79cd-11de-9395-00150050f3fc}\Shell - "" = AutoRun
O33 - MountPoints2\{07e14e1b-79cd-11de-9395-00150050f3fc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{08f028ae-25ae-11de-92a5-00150050f3fc}\Shell\AutoRun\command - "" = F:\DRIVE\file.exe -- File not found
O33 - MountPoints2\{08f028ae-25ae-11de-92a5-00150050f3fc}\Shell\open\command - "" = F:\DRIVE\file.exe -- File not found
O33 - MountPoints2\{1a283e28-2409-11de-92a0-0016364b8a1f}\Shell\autOplay\CommAND - "" = F:\lcvk.exe -- File not found
O33 - MountPoints2\{1a283e28-2409-11de-92a0-0016364b8a1f}\Shell\AutoRun\command - "" = F:\lcvk.exe -- File not found
O33 - MountPoints2\{1a283e28-2409-11de-92a0-0016364b8a1f}\Shell\ExpLOre\Command - "" = F:\lcvk.exe -- File not found
O33 - MountPoints2\{1a283e28-2409-11de-92a0-0016364b8a1f}\Shell\open\comMAnd - "" = F:\lcvk.exe -- File not found
O33 - MountPoints2\{32d74f68-1b7a-11de-927d-00150050f3fc}\Shell - "" = AutoRun
O33 - MountPoints2\{32d74f68-1b7a-11de-927d-00150050f3fc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3d7da074-4529-11de-930d-00150050f3fc}\Shell\AutoPLAy\comMANd - "" = F:\hlgf.cmd -- File not found
O33 - MountPoints2\{3d7da074-4529-11de-930d-00150050f3fc}\Shell\AutoRun\command - "" = F:\hlgf.cmd -- File not found
O33 - MountPoints2\{3d7da074-4529-11de-930d-00150050f3fc}\Shell\expLore\COmManD - "" = F:\hlgf.cmd -- File not found
O33 - MountPoints2\{3d7da074-4529-11de-930d-00150050f3fc}\Shell\open\cOMmand - "" = F:\hlgf.cmd -- File not found
O33 - MountPoints2\{6369d4c2-1876-11de-9276-0016364b8a1f}\Shell - "" = AutoRun
O33 - MountPoints2\{6369d4c2-1876-11de-9276-0016364b8a1f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6c0727f2-37da-11de-92e3-00150050f3fc}\Shell\Autoplay\coMMaND - "" = G:\dsgjo.pif -- File not found
O33 - MountPoints2\{6c0727f2-37da-11de-92e3-00150050f3fc}\Shell\AutoRun\command - "" = G:\dsgjo.pif -- File not found
O33 - MountPoints2\{6c0727f2-37da-11de-92e3-00150050f3fc}\Shell\eXpLOre\CommAnD - "" = G:\dsgjo.pif -- File not found
O33 - MountPoints2\{6c0727f2-37da-11de-92e3-00150050f3fc}\Shell\OpeN\COmmaNd - "" = G:\dsgjo.pif -- File not found
O33 - MountPoints2\{8eca84c8-ed4e-11de-94d4-0016364b8a1f}\Shell - "" = AutoRun
O33 - MountPoints2\{8eca84c8-ed4e-11de-94d4-0016364b8a1f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8f9826ad-3b01-11de-92ee-00150050f3fc}\Shell\AUToplay\ComMaNd - "" = F:\hqqj.exe -- File not found
O33 - MountPoints2\{8f9826ad-3b01-11de-92ee-00150050f3fc}\Shell\AutoRun\command - "" = F:\hqqj.exe -- File not found
O33 - MountPoints2\{8f9826ad-3b01-11de-92ee-00150050f3fc}\Shell\exPLore\Command - "" = F:\hqqj.exe -- File not found
O33 - MountPoints2\{8f9826ad-3b01-11de-92ee-00150050f3fc}\Shell\opEn\commaNd - "" = F:\hqqj.exe -- File not found
O33 - MountPoints2\{d80d7a5d-2d8d-11de-92c0-00150050f3fc}\Shell\AutoplAY\comMand - "" = F:\ipwued.exe -- File not found
O33 - MountPoints2\{d80d7a5d-2d8d-11de-92c0-00150050f3fc}\Shell\AutoRun\command - "" = F:\ipwued.exe -- File not found
O33 - MountPoints2\{d80d7a5d-2d8d-11de-92c0-00150050f3fc}\Shell\EXplORe\CommaNd - "" = F:\ipwued.exe -- File not found
O33 - MountPoints2\{d80d7a5d-2d8d-11de-92c0-00150050f3fc}\Shell\OpeN\coMmAnd - "" = F:\ipwued.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/03/18 23:31:26 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wywxr - C:\WINDOWS\system32\fgidyc.dll ()




ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/09 11:47:56 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\B M Jaffar Ali\Desktop\OTL.exe
[2010/03/03 06:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B M Jaffar Ali\Local Settings\Application Data\Cimaware
[2010/02/24 15:35:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\B M Jaffar Ali\Recent
[2010/02/24 15:15:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B M Jaffar Ali\Local Settings\Application Data\VS Revo Group
[2010/02/24 15:15:51 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2010/02/24 15:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B M Jaffar Ali\Local Settings\Application Data\Opera
[2010/02/24 15:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B M Jaffar Ali\Application Data\Opera
[2010/02/24 15:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/02/23 20:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B M Jaffar Ali\Application Data\Malwarebytes
[2010/02/23 20:27:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/23 20:27:32 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/23 20:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/23 20:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/30 15:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/03/28 13:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/03/18 21:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/03/18 21:17:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/03/18 21:17:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2 C:\Documents and Settings\B M Jaffar Ali\Desktop\*.tmp files -> C:\Documents and Settings\B M Jaffar Ali\Desktop\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/09 11:48:03 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B M Jaffar Ali\Desktop\OTL.exe
[2010/03/09 10:44:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/09 10:43:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/09 10:43:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/09 09:43:12 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\B M Jaffar Ali\NTUSER.DAT
[2010/03/09 09:43:12 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\B M Jaffar Ali\ntuser.ini
[2010/03/08 20:36:33 | 004,472,320 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\AUKBC-DSTproposal7marchWr.doc
[2010/03/08 19:14:00 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\aukbc name tag.ppt
[2010/03/08 12:50:46 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\cover letter CNK-dst proposal.doc
[2010/03/08 11:26:12 | 000,061,739 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\ACCEPTANCE LETTER.pdf
[2010/03/08 11:02:17 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\signed statement from investigators.doc
[2010/03/08 10:24:17 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\consentletter.doc
[2010/03/08 10:22:43 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\PL - 90, KBCRF, Chennai(1).xls
[2010/03/08 08:08:47 | 004,485,120 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\DST proposal OLDFINAL.doc
[2010/03/08 07:54:09 | 004,477,952 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\DST proposal DRAFT PREFINAL VER.doc
[2010/03/08 07:51:35 | 000,071,680 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\P.Manohar CV.doc
[2010/03/06 19:06:21 | 001,950,208 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\AfricanSchoolXRDtutorial.ppt
[2010/03/06 18:50:03 | 000,045,346 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\AUKBC.pdf
[2010/03/06 16:05:28 | 000,099,328 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Summary_form.doc
[2010/03/06 11:14:58 | 000,520,192 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\VAISHNAVI ( MS Synopsis)-Mar-05-2010-FINAL.doc
[2010/03/05 17:04:05 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\PM CO invest bio.doc
[2010/03/05 16:30:21 | 000,977,014 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\PNAS-1975-Anderson-2989-93.pdf
[2010/03/05 16:19:56 | 000,044,384 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/05 16:19:42 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\alkalinephosphatase.doc
[2010/03/05 16:13:05 | 000,081,496 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\508501.pdf
[2010/03/05 16:12:49 | 000,062,542 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\1684302a.pdf
[2010/03/04 19:33:04 | 000,067,584 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Invitation_for_preliminary_project_proposal_for_DST_Cluster_Meeting---corrected[1].doc
[2010/03/04 19:06:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/04 18:56:52 | 000,145,424 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\MDRA-Act.pdf
[2010/03/04 18:55:36 | 000,194,812 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\revised-memorandum.pdf
[2010/03/04 18:55:28 | 000,109,016 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\emoluments-research-assistants.pdf
[2010/03/04 18:55:13 | 000,068,630 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Advt-Sc.C_Sc.D.pdf
[2010/03/04 18:54:58 | 000,014,451 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Indo-Dutch_Pre_announcement_call_proposals_.pdf
[2010/03/04 11:46:34 | 000,007,321 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Jaffar-Apollo proposal 4th March 2010.pdf
[2010/03/04 11:13:12 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Word 2003.lnk
[2010/03/03 12:00:22 | 000,029,233 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\npl231109.pdf
[2010/03/03 11:58:03 | 000,097,234 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\format-TSG.pdf
[2010/03/03 07:17:32 | 000,194,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/03 06:55:16 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\~$IST-AUKBC-DST280210 (WordFIX).doc
[2010/03/03 06:51:23 | 000,001,401 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\WordFIX.lnk
[2010/03/03 06:49:47 | 004,166,256 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\wordfixinstaller.exe
[2010/03/03 06:14:24 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/03/03 06:13:58 | 000,000,615 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/03 06:06:15 | 001,227,264 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\NIIST-AUKBC-DST030310.doc
[2010/03/02 20:38:40 | 004,421,120 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\NIIST-AUKBC-DST280210.doc
[2010/03/02 18:55:45 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/02 18:34:39 | 000,035,631 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\MILESTONE.jpg
[2010/03/02 18:34:22 | 004,323,840 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\TIO2 RESEARCH.ppt
[2010/03/02 17:37:27 | 000,159,973 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\DSCN0077.JPG
[2010/03/02 17:37:21 | 000,160,046 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\DSCN0071.JPG
[2010/03/02 16:33:04 | 004,263,936 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\AUKBC Proposal on nanotitania based laminar flow hood.pps
[2010/03/02 12:54:50 | 004,263,424 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\AUKBC Proposal on nano titania for bioinstrument.pps
[2010/03/02 11:04:20 | 000,211,911 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Smitha letter NOC027.jpg
[2010/03/02 11:04:14 | 000,228,361 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Smitha letter 026.jpg
[2010/03/02 11:03:52 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\CERTIFICATE II.doc
[2010/03/02 11:03:45 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\NO OBJECTION CERTIFICATE.doc
[2010/03/01 19:13:20 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\FLUROBACT CULTURE STOCK LIST -FEB2010.xls
[2010/03/01 18:26:31 | 000,100,876 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Bactericidal Activity of Photocatalytic TiO2 Reaction.pdf
[2010/03/01 18:21:15 | 000,781,850 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Green Quest - Photocatalyst Mechanism.mht
[2010/03/01 18:16:52 | 000,254,291 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\ie801916v%2Elowlink%2Epdf_v03.pdf
[2010/03/01 18:08:31 | 000,248,606 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\PureAppl.Chem..pdf
[2010/03/01 16:01:57 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\letter format.doc
[2010/03/01 15:48:07 | 000,082,432 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/01 15:46:40 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Desktop 1st March 2010.lnk
[2010/02/28 18:57:59 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Microsoft Office PowerPoint 2003.lnk
[2010/02/25 22:33:02 | 000,023,213 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\My Documents\download.htm
[2010/02/24 18:32:11 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\defogger_reenable
[2010/02/24 15:20:35 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/24 15:15:51 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2010/02/24 15:12:29 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/02/24 13:49:15 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/24 13:47:32 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\~$ps forinstallationav.doc
[2 C:\Documents and Settings\B M Jaffar Ali\Desktop\*.tmp files -> C:\Documents and Settings\B M Jaffar Ali\Desktop\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/08 19:14:00 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\aukbc name tag.ppt
[2010/03/08 12:32:02 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\cover letter CNK-dst proposal.doc
[2010/03/08 11:26:12 | 000,061,739 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\ACCEPTANCE LETTER.pdf
[2010/03/08 11:02:17 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\signed statement from investigators.doc
[2010/03/08 10:24:17 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\consentletter.doc
[2010/03/08 10:24:06 | 004,472,320 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\AUKBC-DSTproposal7marchWr.doc
[2010/03/08 10:22:43 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\PL - 90, KBCRF, Chennai(1).xls
[2010/03/06 19:05:54 | 001,950,208 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\AfricanSchoolXRDtutorial.ppt
[2010/03/06 18:50:03 | 000,045,346 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\AUKBC.pdf
[2010/03/06 16:04:08 | 000,099,328 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Summary_form.doc
[2010/03/05 17:23:32 | 000,071,680 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\P.Manohar CV.doc
[2010/03/05 17:08:04 | 000,520,192 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\VAISHNAVI ( MS Synopsis)-Mar-05-2010-FINAL.doc
[2010/03/05 17:04:04 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\PM CO invest bio.doc
[2010/03/05 16:29:30 | 000,977,014 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\PNAS-1975-Anderson-2989-93.pdf
[2010/03/05 16:19:42 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\alkalinephosphatase.doc
[2010/03/05 16:13:04 | 000,081,496 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\508501.pdf
[2010/03/05 16:12:45 | 000,062,542 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\1684302a.pdf
[2010/03/04 19:33:04 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Invitation_for_preliminary_project_proposal_for_DST_Cluster_Meeting---corrected[1].doc
[2010/03/04 18:56:52 | 000,145,424 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\MDRA-Act.pdf
[2010/03/04 18:55:35 | 000,194,812 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\revised-memorandum.pdf
[2010/03/04 18:55:27 | 000,109,016 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\emoluments-research-assistants.pdf
[2010/03/04 18:55:13 | 000,068,630 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Advt-Sc.C_Sc.D.pdf
[2010/03/04 18:54:58 | 000,014,451 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Indo-Dutch_Pre_announcement_call_proposals_.pdf
[2010/03/04 16:29:11 | 004,485,120 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\DST proposal OLDFINAL.doc
[2010/03/04 11:46:34 | 000,007,321 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Jaffar-Apollo proposal 4th March 2010.pdf
[2010/03/03 12:00:22 | 000,029,233 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\npl231109.pdf
[2010/03/03 11:58:03 | 000,097,234 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\format-TSG.pdf
[2010/03/03 09:20:01 | 004,477,952 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\DST proposal DRAFT PREFINAL VER.doc
[2010/03/03 06:55:16 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\~$IST-AUKBC-DST280210 (WordFIX).doc
[2010/03/03 06:51:23 | 000,001,401 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\WordFIX.lnk
[2010/03/03 06:48:21 | 004,166,256 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\wordfixinstaller.exe
[2010/03/03 06:06:14 | 001,227,264 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\NIIST-AUKBC-DST030310.doc
[2010/03/03 05:59:48 | 004,421,120 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\NIIST-AUKBC-DST280210.doc
[2010/03/02 18:34:37 | 000,035,631 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\MILESTONE.jpg
[2010/03/02 17:37:27 | 000,159,973 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\DSCN0077.JPG
[2010/03/02 17:37:21 | 000,160,046 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\DSCN0071.JPG
[2010/03/02 16:32:41 | 004,263,936 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\AUKBC Proposal on nanotitania based laminar flow hood.pps
[2010/03/02 12:54:49 | 004,263,424 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\AUKBC Proposal on nano titania for bioinstrument.pps
[2010/03/02 11:04:20 | 000,211,911 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Smitha letter NOC027.jpg
[2010/03/02 11:04:14 | 000,228,361 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Smitha letter 026.jpg
[2010/03/02 11:03:52 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\CERTIFICATE II.doc
[2010/03/02 11:03:45 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\NO OBJECTION CERTIFICATE.doc
[2010/03/01 18:30:32 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\FLUROBACT CULTURE STOCK LIST -FEB2010.xls
[2010/03/01 18:26:31 | 000,100,876 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Bactericidal Activity of Photocatalytic TiO2 Reaction.pdf
[2010/03/01 18:21:15 | 000,781,850 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Green Quest - Photocatalyst Mechanism.mht
[2010/03/01 18:16:49 | 000,254,291 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\ie801916v%2Elowlink%2Epdf_v03.pdf
[2010/03/01 18:08:31 | 000,248,606 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\PureAppl.Chem..pdf
[2010/03/01 16:01:56 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\letter format.doc
[2010/03/01 15:46:40 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Desktop 1st March 2010.lnk
[2010/03/01 14:33:17 | 004,323,840 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\TIO2 RESEARCH.ppt
[2010/02/25 22:33:02 | 000,023,213 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\My Documents\download.htm
[2010/02/24 18:32:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\defogger_reenable
[2010/02/24 15:15:51 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2010/02/24 15:12:28 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/02/24 13:47:32 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\~$ps forinstallationav.doc
[2010/02/23 20:27:36 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/14 17:58:21 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\PdfPorts.dll
[2009/05/14 15:05:17 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2009/05/14 14:48:59 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/04/17 18:18:20 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2009/04/02 13:05:23 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/02 09:41:51 | 000,082,432 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/31 14:08:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/31 13:41:33 | 000,118,784 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2009/03/27 18:15:21 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/03/27 18:15:21 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/03/27 18:15:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/03/27 18:15:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/03/27 18:15:21 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/03/27 18:15:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/08/04 00:56:44 | 000,166,275 | RHS- | C] () -- C:\WINDOWS\System32\fgidyc.dll
[2004/01/13 19:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/04/17 12:35:00 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/04/17 12:35:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/01/07 16:10:02 | 000,003,168 | ---- | C] () -- C:\WINDOWS\System32\nipalpg.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/21 19:36:58 | 000,166,275 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\fgidyc.dll
[2008/04/14 05:41:58 | 000,071,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/04/30 12:02:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/04/30 12:02:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2009/04/30 12:02:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sp3.cab:AGP440.sys
[2008/04/14 00:06:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\agp440.sys
[2008/04/14 00:06:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:05:44 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/04/30 12:02:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/04/30 12:02:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2009/04/30 12:02:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sp3.cab:atapi.sys
[2008/04/14 00:10:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys
[2008/04/14 00:10:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\eventlog.dll
[2008/04/14 05:41:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netlogon.dll
[2008/04/14 05:42:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\scecli.dll
[2008/04/14 05:42:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

------------------

OTL Extras logfile created on: 3/9/2010 11:50:05 AM - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\B M Jaffar Ali\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 9.83 Gb Free Space | 49.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54.52 Gb Total Space | 7.44 Gb Free Space | 13.64% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AU-TBFHDECDHYO2
Current User Name: B M Jaffar Ali
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"6740:TCP" = 6740:TCP:*:Enabled:wpfxvrwt

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe" = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe:*:Enabled:ipsec -- ()
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:ipsec -- (Malwarebytes Corporation)
"C:\WINDOWS\system32\ZCfgSvc.exe" = C:\WINDOWS\system32\ZCfgSvc.exe:*:Enabled:ipsec -- (Intel Corporation)
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe" = C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe:*:Enabled:ipsec -- (Adobe Systems Incorporated)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{05A42BD0-8AE0-4EAD-A00F-883F79422E88}" = NI LabVIEW Advanced Analysis 6.1
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}" = Opera 10.10
"{22CB4CF1-25D1-4DE4-AC2D-77DC388889ED}" = NI LabVIEW Full 6.1
"{28802CE3-0CFB-4F7F-BB9E-89B9A4694F68}" = NI-PAL 1.5.6f0 Engine
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5380063E-2909-4d72-BFA3-625881F2E78B}" = Intel® PROSet for Wireless
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.1.1
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DFF7F4F-9626-4ECA-A750-68CE1E5F1921}" = NI LabVIEW Picture Control Toolkit 6.1
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{CC8971B9-9132-4C04-A8D4-628663C9E9F0}" = NI LabVIEW Run-Time Engine 6.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{EA1FFC52-3B2A-4FE8-A6CD-1EB914D8B644}" = Sony Sound Forge 7.0
"{ED050097-F9E6-49BF-B90E-FDA123474454}" = NI LabVIEW 6.1
"{FD080429-C59A-482E-9841-255622141E23}" = NI LabVIEW CIN Tools 6.1
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3080103C" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.7
"ExpressRip" = Express Rip
"Golden" = Golden Records Vinyl to CD Converter
"InCD!UninstallKey" = InCD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NI LabVIEW 6.1" = NI LabVIEW 6.1
"Prism" = Prism Video Converter
"RASPPPOE" = PPP over Ethernet Protocol 0.98
"RealPlayer 6.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.83
"SoundTap" = SoundTap Streaming Audio Recorder
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WavePad" = WavePad Sound Editor
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2052111302-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Cimaware OfficeFIX 6.xx" = Cimaware OfficeFIX 6.xx

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/30/2009 11:25:00 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 7/30/2009 12:03:56 PM | Computer Name = AU-TBFHDECDHYO2 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 8/4/2009 3:26:57 AM | Computer Name = AU-TBFHDECDHYO2 | Source = MsiInstaller | ID = 10005
Description = Product: NI LabVIEW 6.1 -- 1: 0 2:

Error - 8/17/2009 1:56:04 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ws2_32.dll, version 5.1.2600.5512, fault address 0x00006a55.

Error - 8/24/2009 3:35:43 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/27/2009 6:16:20 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3372, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/28/2009 7:03:26 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/28/2009 7:04:43 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/3/2009 1:10:32 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/7/2009 2:21:03 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.

[ System Events ]
Error - 3/5/2010 5:49:56 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Service Control Manager | ID = 7023
Description = The Update Support service terminated with the following error: %%1114

Error - 3/6/2010 1:13:15 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.20.15 for the Network Card with network
address 00150050F3FC has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 3/6/2010 1:13:33 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Service Control Manager | ID = 7023
Description = The Update Support service terminated with the following error: %%1114

Error - 3/7/2010 9:47:40 PM | Computer Name = AU-TBFHDECDHYO2 | Source = Service Control Manager | ID = 7023
Description = The Update Support service terminated with the following error: %%1114

Error - 3/8/2010 12:50:10 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Service Control Manager | ID = 7023
Description = The Update Support service terminated with the following error: %%1114

Error - 3/8/2010 12:50:13 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.20.10 for the Network Card with network
address 00150050F3FC has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 3/8/2010 9:25:59 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Service Control Manager | ID = 7023
Description = The Update Support service terminated with the following error: %%1114

Error - 3/8/2010 11:03:53 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Print | ID = 6161
Description = The document Microsoft Word - AUKBC-DSTproposal7marchWr.doc owned
by B M Jaffar Ali failed to print on printer HP LaserJet 1020. Data type: RAW. Size
of the spool file in bytes: 26747659. Number of bytes printed: 23970390. Total
number of pages in the document: 34. Number of pages printed: 0. Client machine:
\\AU-TBFHDECDHYO2. Win32 error code returned by the print processor: 13 (0xd).

Error - 3/8/2010 11:55:33 PM | Computer Name = AU-TBFHDECDHYO2 | Source = Service Control Manager | ID = 7023
Description = The Update Support service terminated with the following error: %%1114

Error - 3/9/2010 1:14:23 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Service Control Manager | ID = 7023
Description = The Update Support service terminated with the following error: %%1114


< End of report >

HI I COULD NOT TRACK THIS TOPIC AS ADVISED FOR FASTER FOLLOW-UP/ RESPONSE. IT SAYS ' ERROR MESSAGE', 'YOUR ARE ALREADY SUBSCRIBED TO THIS FORUM'.
PLEASE FIND BELOW MY POST AS PER THE INSTRUCTION.
-------

OTL logfile created on: 3/9/2010 11:50:04 AM - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\B M Jaffar Ali\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 9.83 Gb Free Space | 49.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54.52 Gb Total Space | 7.44 Gb Free Space | 13.64% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AU-TBFHDECDHYO2
Current User Name: B M Jaffar Ali
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/09 11:48:03 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B M Jaffar Ali\Desktop\OTL.exe
PRC - [2009/11/20 19:01:18 | 000,910,120 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008/04/14 05:42:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/08 17:24:46 | 000,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2004/03/03 16:47:10 | 000,376,832 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe
PRC - [2004/03/03 16:43:42 | 000,184,320 | ---- | M] (Intel) -- C:\WINDOWS\system32\1XConfig.exe
PRC - [2004/03/03 16:43:12 | 000,311,363 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe
PRC - [2004/03/03 16:42:36 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [1999/03/12 08:07:38 | 000,121,344 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe


========== Modules (SafeList) ==========

MOD - [2010/03/09 11:48:03 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B M Jaffar Ali\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2005/07/08 17:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2004/03/03 16:43:12 | 000,311,363 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/03/03 16:42:36 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (abp470n5)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/05/11 19:40:05 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2009/03/27 19:09:20 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2008/06/20 16:38:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/14 00:26:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 00:23:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2006/03/31 15:41:40 | 000,193,056 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/03/21 23:41:30 | 000,349,696 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2006/03/21 23:40:46 | 000,038,144 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/08/24 15:23:14 | 003,289,088 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/07/08 19:47:32 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005/07/08 17:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/07/08 17:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004/12/15 16:18:34 | 000,207,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/12/15 16:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 16:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/09/21 10:49:46 | 003,151,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel®
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/05 15:16:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/09/15 10:20:18 | 000,011,258 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2002/10/03 00:09:08 | 000,031,504 | ---- | M] (Robert Schlabbach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RMSPPPOE.SYS -- (RMSPPPOE) WAN Miniport (PPP over Ethernet Protocol)
DRV - [2002/01/07 21:01:02 | 000,448,512 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nipalk.sys -- (NIPALK)
DRV - [2001/08/23 11:30:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 11:30:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2052111302-1935655697-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2052111302-1935655697-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2001/08/23 17:30:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2052111302-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2052111302-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-21-2052111302-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-2052111302-1935655697-839522115-1003\..Trusted Domains: kaspersky.com ([www] * in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.1 192.168.2.201
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Sebring: DllName - c:\WINDOWS\system32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/18 21:17:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{07e14e1a-79cd-11de-9395-00150050f3fc}\Shell - "" = AutoRun
O33 - MountPoints2\{07e14e1a-79cd-11de-9395-00150050f3fc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{07e14e1b-79cd-11de-9395-00150050f3fc}\Shell - "" = AutoRun
O33 - MountPoints2\{07e14e1b-79cd-11de-9395-00150050f3fc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{08f028ae-25ae-11de-92a5-00150050f3fc}\Shell\AutoRun\command - "" = F:\DRIVE\file.exe -- File not found
O33 - MountPoints2\{08f028ae-25ae-11de-92a5-00150050f3fc}\Shell\open\command - "" = F:\DRIVE\file.exe -- File not found
O33 - MountPoints2\{1a283e28-2409-11de-92a0-0016364b8a1f}\Shell\autOplay\CommAND - "" = F:\lcvk.exe -- File not found
O33 - MountPoints2\{1a283e28-2409-11de-92a0-0016364b8a1f}\Shell\AutoRun\command - "" = F:\lcvk.exe -- File not found
O33 - MountPoints2\{1a283e28-2409-11de-92a0-0016364b8a1f}\Shell\ExpLOre\Command - "" = F:\lcvk.exe -- File not found
O33 - MountPoints2\{1a283e28-2409-11de-92a0-0016364b8a1f}\Shell\open\comMAnd - "" = F:\lcvk.exe -- File not found
O33 - MountPoints2\{32d74f68-1b7a-11de-927d-00150050f3fc}\Shell - "" = AutoRun
O33 - MountPoints2\{32d74f68-1b7a-11de-927d-00150050f3fc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3d7da074-4529-11de-930d-00150050f3fc}\Shell\AutoPLAy\comMANd - "" = F:\hlgf.cmd -- File not found
O33 - MountPoints2\{3d7da074-4529-11de-930d-00150050f3fc}\Shell\AutoRun\command - "" = F:\hlgf.cmd -- File not found
O33 - MountPoints2\{3d7da074-4529-11de-930d-00150050f3fc}\Shell\expLore\COmManD - "" = F:\hlgf.cmd -- File not found
O33 - MountPoints2\{3d7da074-4529-11de-930d-00150050f3fc}\Shell\open\cOMmand - "" = F:\hlgf.cmd -- File not found
O33 - MountPoints2\{6369d4c2-1876-11de-9276-0016364b8a1f}\Shell - "" = AutoRun
O33 - MountPoints2\{6369d4c2-1876-11de-9276-0016364b8a1f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6c0727f2-37da-11de-92e3-00150050f3fc}\Shell\Autoplay\coMMaND - "" = G:\dsgjo.pif -- File not found
O33 - MountPoints2\{6c0727f2-37da-11de-92e3-00150050f3fc}\Shell\AutoRun\command - "" = G:\dsgjo.pif -- File not found
O33 - MountPoints2\{6c0727f2-37da-11de-92e3-00150050f3fc}\Shell\eXpLOre\CommAnD - "" = G:\dsgjo.pif -- File not found
O33 - MountPoints2\{6c0727f2-37da-11de-92e3-00150050f3fc}\Shell\OpeN\COmmaNd - "" = G:\dsgjo.pif -- File not found
O33 - MountPoints2\{8eca84c8-ed4e-11de-94d4-0016364b8a1f}\Shell - "" = AutoRun
O33 - MountPoints2\{8eca84c8-ed4e-11de-94d4-0016364b8a1f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8f9826ad-3b01-11de-92ee-00150050f3fc}\Shell\AUToplay\ComMaNd - "" = F:\hqqj.exe -- File not found
O33 - MountPoints2\{8f9826ad-3b01-11de-92ee-00150050f3fc}\Shell\AutoRun\command - "" = F:\hqqj.exe -- File not found
O33 - MountPoints2\{8f9826ad-3b01-11de-92ee-00150050f3fc}\Shell\exPLore\Command - "" = F:\hqqj.exe -- File not found
O33 - MountPoints2\{8f9826ad-3b01-11de-92ee-00150050f3fc}\Shell\opEn\commaNd - "" = F:\hqqj.exe -- File not found
O33 - MountPoints2\{d80d7a5d-2d8d-11de-92c0-00150050f3fc}\Shell\AutoplAY\comMand - "" = F:\ipwued.exe -- File not found
O33 - MountPoints2\{d80d7a5d-2d8d-11de-92c0-00150050f3fc}\Shell\AutoRun\command - "" = F:\ipwued.exe -- File not found
O33 - MountPoints2\{d80d7a5d-2d8d-11de-92c0-00150050f3fc}\Shell\EXplORe\CommaNd - "" = F:\ipwued.exe -- File not found
O33 - MountPoints2\{d80d7a5d-2d8d-11de-92c0-00150050f3fc}\Shell\OpeN\coMmAnd - "" = F:\ipwued.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/03/18 23:31:26 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wywxr - C:\WINDOWS\system32\fgidyc.dll ()




ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/09 11:47:56 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\B M Jaffar Ali\Desktop\OTL.exe
[2010/03/03 06:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B M Jaffar Ali\Local Settings\Application Data\Cimaware
[2010/02/24 15:35:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\B M Jaffar Ali\Recent
[2010/02/24 15:15:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B M Jaffar Ali\Local Settings\Application Data\VS Revo Group
[2010/02/24 15:15:51 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2010/02/24 15:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B M Jaffar Ali\Local Settings\Application Data\Opera
[2010/02/24 15:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B M Jaffar Ali\Application Data\Opera
[2010/02/24 15:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/02/23 20:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B M Jaffar Ali\Application Data\Malwarebytes
[2010/02/23 20:27:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/23 20:27:32 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/23 20:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/23 20:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/30 15:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/03/28 13:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/03/18 21:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/03/18 21:17:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/03/18 21:17:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2 C:\Documents and Settings\B M Jaffar Ali\Desktop\*.tmp files -> C:\Documents and Settings\B M Jaffar Ali\Desktop\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/09 11:48:03 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B M Jaffar Ali\Desktop\OTL.exe
[2010/03/09 10:44:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/09 10:43:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/09 10:43:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/09 09:43:12 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\B M Jaffar Ali\NTUSER.DAT
[2010/03/09 09:43:12 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\B M Jaffar Ali\ntuser.ini
[2010/03/08 20:36:33 | 004,472,320 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\AUKBC-DSTproposal7marchWr.doc
[2010/03/08 19:14:00 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\aukbc name tag.ppt
[2010/03/08 12:50:46 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\cover letter CNK-dst proposal.doc
[2010/03/08 11:26:12 | 000,061,739 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\ACCEPTANCE LETTER.pdf
[2010/03/08 11:02:17 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\signed statement from investigators.doc
[2010/03/08 10:24:17 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\consentletter.doc
[2010/03/08 10:22:43 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\PL - 90, KBCRF, Chennai(1).xls
[2010/03/08 08:08:47 | 004,485,120 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\DST proposal OLDFINAL.doc
[2010/03/08 07:54:09 | 004,477,952 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\DST proposal DRAFT PREFINAL VER.doc
[2010/03/08 07:51:35 | 000,071,680 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\P.Manohar CV.doc
[2010/03/06 19:06:21 | 001,950,208 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\AfricanSchoolXRDtutorial.ppt
[2010/03/06 18:50:03 | 000,045,346 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\AUKBC.pdf
[2010/03/06 16:05:28 | 000,099,328 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Summary_form.doc
[2010/03/06 11:14:58 | 000,520,192 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\VAISHNAVI ( MS Synopsis)-Mar-05-2010-FINAL.doc
[2010/03/05 17:04:05 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\PM CO invest bio.doc
[2010/03/05 16:30:21 | 000,977,014 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\PNAS-1975-Anderson-2989-93.pdf
[2010/03/05 16:19:56 | 000,044,384 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/05 16:19:42 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\alkalinephosphatase.doc
[2010/03/05 16:13:05 | 000,081,496 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\508501.pdf
[2010/03/05 16:12:49 | 000,062,542 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\1684302a.pdf
[2010/03/04 19:33:04 | 000,067,584 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Invitation_for_preliminary_project_proposal_for_DST_Cluster_Meeting---corrected[1].doc
[2010/03/04 19:06:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/04 18:56:52 | 000,145,424 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\MDRA-Act.pdf
[2010/03/04 18:55:36 | 000,194,812 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\revised-memorandum.pdf
[2010/03/04 18:55:28 | 000,109,016 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\emoluments-research-assistants.pdf
[2010/03/04 18:55:13 | 000,068,630 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Advt-Sc.C_Sc.D.pdf
[2010/03/04 18:54:58 | 000,014,451 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Indo-Dutch_Pre_announcement_call_proposals_.pdf
[2010/03/04 11:46:34 | 000,007,321 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Jaffar-Apollo proposal 4th March 2010.pdf
[2010/03/04 11:13:12 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Word 2003.lnk
[2010/03/03 12:00:22 | 000,029,233 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\npl231109.pdf
[2010/03/03 11:58:03 | 000,097,234 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\format-TSG.pdf
[2010/03/03 07:17:32 | 000,194,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/03 06:55:16 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\~$IST-AUKBC-DST280210 (WordFIX).doc
[2010/03/03 06:51:23 | 000,001,401 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\WordFIX.lnk
[2010/03/03 06:49:47 | 004,166,256 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\wordfixinstaller.exe
[2010/03/03 06:14:24 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/03/03 06:13:58 | 000,000,615 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/03 06:06:15 | 001,227,264 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\NIIST-AUKBC-DST030310.doc
[2010/03/02 20:38:40 | 004,421,120 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\NIIST-AUKBC-DST280210.doc
[2010/03/02 18:55:45 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/02 18:34:39 | 000,035,631 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\MILESTONE.jpg
[2010/03/02 18:34:22 | 004,323,840 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\TIO2 RESEARCH.ppt
[2010/03/02 17:37:27 | 000,159,973 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\DSCN0077.JPG
[2010/03/02 17:37:21 | 000,160,046 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\DSCN0071.JPG
[2010/03/02 16:33:04 | 004,263,936 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\AUKBC Proposal on nanotitania based laminar flow hood.pps
[2010/03/02 12:54:50 | 004,263,424 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\AUKBC Proposal on nano titania for bioinstrument.pps
[2010/03/02 11:04:20 | 000,211,911 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Smitha letter NOC027.jpg
[2010/03/02 11:04:14 | 000,228,361 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Smitha letter 026.jpg
[2010/03/02 11:03:52 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\CERTIFICATE II.doc
[2010/03/02 11:03:45 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\NO OBJECTION CERTIFICATE.doc
[2010/03/01 19:13:20 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\FLUROBACT CULTURE STOCK LIST -FEB2010.xls
[2010/03/01 18:26:31 | 000,100,876 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Bactericidal Activity of Photocatalytic TiO2 Reaction.pdf
[2010/03/01 18:21:15 | 000,781,850 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Green Quest - Photocatalyst Mechanism.mht
[2010/03/01 18:16:52 | 000,254,291 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\ie801916v%2Elowlink%2Epdf_v03.pdf
[2010/03/01 18:08:31 | 000,248,606 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\PureAppl.Chem..pdf
[2010/03/01 16:01:57 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\letter format.doc
[2010/03/01 15:48:07 | 000,082,432 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/01 15:46:40 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Desktop 1st March 2010.lnk
[2010/02/28 18:57:59 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Microsoft Office PowerPoint 2003.lnk
[2010/02/25 22:33:02 | 000,023,213 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\My Documents\download.htm
[2010/02/24 18:32:11 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\defogger_reenable
[2010/02/24 15:20:35 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/24 15:15:51 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2010/02/24 15:12:29 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/02/24 13:49:15 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/24 13:47:32 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\~$ps forinstallationav.doc
[2 C:\Documents and Settings\B M Jaffar Ali\Desktop\*.tmp files -> C:\Documents and Settings\B M Jaffar Ali\Desktop\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/08 19:14:00 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\aukbc name tag.ppt
[2010/03/08 12:32:02 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\cover letter CNK-dst proposal.doc
[2010/03/08 11:26:12 | 000,061,739 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\ACCEPTANCE LETTER.pdf
[2010/03/08 11:02:17 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\signed statement from investigators.doc
[2010/03/08 10:24:17 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\consentletter.doc
[2010/03/08 10:24:06 | 004,472,320 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\AUKBC-DSTproposal7marchWr.doc
[2010/03/08 10:22:43 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\PL - 90, KBCRF, Chennai(1).xls
[2010/03/06 19:05:54 | 001,950,208 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\AfricanSchoolXRDtutorial.ppt
[2010/03/06 18:50:03 | 000,045,346 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\AUKBC.pdf
[2010/03/06 16:04:08 | 000,099,328 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Summary_form.doc
[2010/03/05 17:23:32 | 000,071,680 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\P.Manohar CV.doc
[2010/03/05 17:08:04 | 000,520,192 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\VAISHNAVI ( MS Synopsis)-Mar-05-2010-FINAL.doc
[2010/03/05 17:04:04 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\PM CO invest bio.doc
[2010/03/05 16:29:30 | 000,977,014 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\PNAS-1975-Anderson-2989-93.pdf
[2010/03/05 16:19:42 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\alkalinephosphatase.doc
[2010/03/05 16:13:04 | 000,081,496 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\508501.pdf
[2010/03/05 16:12:45 | 000,062,542 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\1684302a.pdf
[2010/03/04 19:33:04 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Invitation_for_preliminary_project_proposal_for_DST_Cluster_Meeting---corrected[1].doc
[2010/03/04 18:56:52 | 000,145,424 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\MDRA-Act.pdf
[2010/03/04 18:55:35 | 000,194,812 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\revised-memorandum.pdf
[2010/03/04 18:55:27 | 000,109,016 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\emoluments-research-assistants.pdf
[2010/03/04 18:55:13 | 000,068,630 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Advt-Sc.C_Sc.D.pdf
[2010/03/04 18:54:58 | 000,014,451 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Indo-Dutch_Pre_announcement_call_proposals_.pdf
[2010/03/04 16:29:11 | 004,485,120 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\DST proposal OLDFINAL.doc
[2010/03/04 11:46:34 | 000,007,321 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Jaffar-Apollo proposal 4th March 2010.pdf
[2010/03/03 12:00:22 | 000,029,233 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\npl231109.pdf
[2010/03/03 11:58:03 | 000,097,234 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\format-TSG.pdf
[2010/03/03 09:20:01 | 004,477,952 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\DST proposal DRAFT PREFINAL VER.doc
[2010/03/03 06:55:16 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\~$IST-AUKBC-DST280210 (WordFIX).doc
[2010/03/03 06:51:23 | 000,001,401 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\WordFIX.lnk
[2010/03/03 06:48:21 | 004,166,256 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\wordfixinstaller.exe
[2010/03/03 06:06:14 | 001,227,264 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\NIIST-AUKBC-DST030310.doc
[2010/03/03 05:59:48 | 004,421,120 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\NIIST-AUKBC-DST280210.doc
[2010/03/02 18:34:37 | 000,035,631 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\MILESTONE.jpg
[2010/03/02 17:37:27 | 000,159,973 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\DSCN0077.JPG
[2010/03/02 17:37:21 | 000,160,046 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\DSCN0071.JPG
[2010/03/02 16:32:41 | 004,263,936 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\AUKBC Proposal on nanotitania based laminar flow hood.pps
[2010/03/02 12:54:49 | 004,263,424 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\AUKBC Proposal on nano titania for bioinstrument.pps
[2010/03/02 11:04:20 | 000,211,911 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Smitha letter NOC027.jpg
[2010/03/02 11:04:14 | 000,228,361 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Smitha letter 026.jpg
[2010/03/02 11:03:52 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\CERTIFICATE II.doc
[2010/03/02 11:03:45 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\NO OBJECTION CERTIFICATE.doc
[2010/03/01 18:30:32 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\FLUROBACT CULTURE STOCK LIST -FEB2010.xls
[2010/03/01 18:26:31 | 000,100,876 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Bactericidal Activity of Photocatalytic TiO2 Reaction.pdf
[2010/03/01 18:21:15 | 000,781,850 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Green Quest - Photocatalyst Mechanism.mht
[2010/03/01 18:16:49 | 000,254,291 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\ie801916v%2Elowlink%2Epdf_v03.pdf
[2010/03/01 18:08:31 | 000,248,606 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\PureAppl.Chem..pdf
[2010/03/01 16:01:56 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\letter format.doc
[2010/03/01 15:46:40 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Desktop 1st March 2010.lnk
[2010/03/01 14:33:17 | 004,323,840 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\TIO2 RESEARCH.ppt
[2010/02/25 22:33:02 | 000,023,213 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\My Documents\download.htm
[2010/02/24 18:32:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\defogger_reenable
[2010/02/24 15:15:51 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2010/02/24 15:12:28 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/02/24 13:47:32 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\~$ps forinstallationav.doc
[2010/02/23 20:27:36 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/14 17:58:21 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\PdfPorts.dll
[2009/05/14 15:05:17 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2009/05/14 14:48:59 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/04/17 18:18:20 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2009/04/02 13:05:23 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/02 09:41:51 | 000,082,432 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/31 14:08:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/31 13:41:33 | 000,118,784 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2009/03/27 18:15:21 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/03/27 18:15:21 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/03/27 18:15:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/03/27 18:15:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/03/27 18:15:21 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/03/27 18:15:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/08/04 00:56:44 | 000,166,275 | RHS- | C] () -- C:\WINDOWS\System32\fgidyc.dll
[2004/01/13 19:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/04/17 12:35:00 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/04/17 12:35:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/01/07 16:10:02 | 000,003,168 | ---- | C] () -- C:\WINDOWS\System32\nipalpg.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/21 19:36:58 | 000,166,275 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\fgidyc.dll
[2008/04/14 05:41:58 | 000,071,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/04/30 12:02:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/04/30 12:02:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2009/04/30 12:02:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sp3.cab:AGP440.sys
[2008/04/14 00:06:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\agp440.sys
[2008/04/14 00:06:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:05:44 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/04/30 12:02:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/04/30 12:02:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2009/04/30 12:02:15 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sp3.cab:atapi.sys
[2008/04/14 00:10:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys
[2008/04/14 00:10:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\eventlog.dll
[2008/04/14 05:41:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netlogon.dll
[2008/04/14 05:42:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\scecli.dll
[2008/04/14 05:42:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

------------------

OTL Extras logfile created on: 3/9/2010 11:50:05 AM - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\B M Jaffar Ali\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 9.83 Gb Free Space | 49.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54.52 Gb Total Space | 7.44 Gb Free Space | 13.64% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AU-TBFHDECDHYO2
Current User Name: B M Jaffar Ali
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"6740:TCP" = 6740:TCP:*:Enabled:wpfxvrwt

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe" = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe:*:Enabled:ipsec -- ()
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:ipsec -- (Malwarebytes Corporation)
"C:\WINDOWS\system32\ZCfgSvc.exe" = C:\WINDOWS\system32\ZCfgSvc.exe:*:Enabled:ipsec -- (Intel Corporation)
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe" = C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe:*:Enabled:ipsec -- (Adobe Systems Incorporated)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{05A42BD0-8AE0-4EAD-A00F-883F79422E88}" = NI LabVIEW Advanced Analysis 6.1
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}" = Opera 10.10
"{22CB4CF1-25D1-4DE4-AC2D-77DC388889ED}" = NI LabVIEW Full 6.1
"{28802CE3-0CFB-4F7F-BB9E-89B9A4694F68}" = NI-PAL 1.5.6f0 Engine
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5380063E-2909-4d72-BFA3-625881F2E78B}" = Intel® PROSet for Wireless
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.1.1
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DFF7F4F-9626-4ECA-A750-68CE1E5F1921}" = NI LabVIEW Picture Control Toolkit 6.1
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{CC8971B9-9132-4C04-A8D4-628663C9E9F0}" = NI LabVIEW Run-Time Engine 6.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{EA1FFC52-3B2A-4FE8-A6CD-1EB914D8B644}" = Sony Sound Forge 7.0
"{ED050097-F9E6-49BF-B90E-FDA123474454}" = NI LabVIEW 6.1
"{FD080429-C59A-482E-9841-255622141E23}" = NI LabVIEW CIN Tools 6.1
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3080103C" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.7
"ExpressRip" = Express Rip
"Golden" = Golden Records Vinyl to CD Converter
"InCD!UninstallKey" = InCD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NI LabVIEW 6.1" = NI LabVIEW 6.1
"Prism" = Prism Video Converter
"RASPPPOE" = PPP over Ethernet Protocol 0.98
"RealPlayer 6.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.83
"SoundTap" = SoundTap Streaming Audio Recorder
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WavePad" = WavePad Sound Editor
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2052111302-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Cimaware OfficeFIX 6.xx" = Cimaware OfficeFIX 6.xx

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/30/2009 11:25:00 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 7/30/2009 12:03:56 PM | Computer Name = AU-TBFHDECDHYO2 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 8/4/2009 3:26:57 AM | Computer Name = AU-TBFHDECDHYO2 | Source = MsiInstaller | ID = 10005
Description = Product: NI LabVIEW 6.1 -- 1: 0 2:

Error - 8/17/2009 1:56:04 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ws2_32.dll, version 5.1.2600.5512, fault address 0x00006a55.

Error - 8/24/2009 3:35:43 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/27/2009 6:16:20 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3372, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/28/2009 7:03:26 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/28/2009 7:04:43 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/3/2009 1:10:32 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/7/2009 2:21:03 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.

[ System Events ]
Error - 3/5/2010 5:49:56 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Service Control Manager | ID = 7023
Description = The Update Support service terminated with the following error: %%1114

Error - 3/6/2010 1:13:15 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.20.15 for the Network Card with network
address 00150050F3FC has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 3/6/2010 1:13:33 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Service Control Manager | ID = 7023
Description = The Update Support service terminated with the following error: %%1114

Error - 3/7/2010 9:47:40 PM | Computer Name = AU-TBFHDECDHYO2 | Source = Service Control Manager | ID = 7023
Description = The Update Support service terminated with the following error: %%1114

Error - 3/8/2010 12:50:10 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Service Control Manager | ID = 7023
Description = The Update Support service terminated with the following error: %%1114

Error - 3/8/2010 12:50:13 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.20.10 for the Network Card with network
address 00150050F3FC has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 3/8/2010 9:25:59 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Service Control Manager | ID = 7023
Description = The Update Support service terminated with the following error: %%1114

Error - 3/8/2010 11:03:53 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Print | ID = 6161
Description = The document Microsoft Word - AUKBC-DSTproposal7marchWr.doc owned
by B M Jaffar Ali failed to print on printer HP LaserJet 1020. Data type: RAW. Size
of the spool file in bytes: 26747659. Number of bytes printed: 23970390. Total
number of pages in the document: 34. Number of pages printed: 0. Client machine:
\\AU-TBFHDECDHYO2. Win32 error code returned by the print processor: 13 (0xd).

Error - 3/8/2010 11:55:33 PM | Computer Name = AU-TBFHDECDHYO2 | Source = Service Control Manager | ID = 7023
Description = The Update Support service terminated with the following error: %%1114

Error - 3/9/2010 1:14:23 AM | Computer Name = AU-TBFHDECDHYO2 | Source = Service Control Manager | ID = 7023
Description = The Update Support service terminated with the following error: %%1114


< End of report >

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:34 PM

Posted 09 March 2010 - 11:40 AM

Hi,

click on my controls, scroll down to subscriptions, click on view topics, check this topic and at the bottom select Change to: immediate email notification and click on apply. You should be getting replies from now on.

Please also click on view forums, select all forums that are listed and select unsubscribe and click apply.

Please run the following fix with OTL:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl

    O33 - MountPoints2\{07e14e1a-79cd-11de-9395-00150050f3fc}\Shell - "" = AutoRun
    O33 - MountPoints2\{07e14e1a-79cd-11de-9395-00150050f3fc}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{07e14e1b-79cd-11de-9395-00150050f3fc}\Shell - "" = AutoRun
    O33 - MountPoints2\{07e14e1b-79cd-11de-9395-00150050f3fc}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{08f028ae-25ae-11de-92a5-00150050f3fc}\Shell\AutoRun\command - "" = F:\DRIVE\file.exe -- File not found
    O33 - MountPoints2\{08f028ae-25ae-11de-92a5-00150050f3fc}\Shell\open\command - "" = F:\DRIVE\file.exe -- File not found
    O33 - MountPoints2\{1a283e28-2409-11de-92a0-0016364b8a1f}\Shell\autOplay\CommAND - "" = F:\lcvk.exe -- File not found
    O33 - MountPoints2\{1a283e28-2409-11de-92a0-0016364b8a1f}\Shell\AutoRun\command - "" = F:\lcvk.exe -- File not found
    O33 - MountPoints2\{1a283e28-2409-11de-92a0-0016364b8a1f}\Shell\ExpLOre\Command - "" = F:\lcvk.exe -- File not found
    O33 - MountPoints2\{1a283e28-2409-11de-92a0-0016364b8a1f}\Shell\open\comMAnd - "" = F:\lcvk.exe -- File not found
    O33 - MountPoints2\{32d74f68-1b7a-11de-927d-00150050f3fc}\Shell - "" = AutoRun
    O33 - MountPoints2\{32d74f68-1b7a-11de-927d-00150050f3fc}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{3d7da074-4529-11de-930d-00150050f3fc}\Shell\AutoPLAy\comMANd - "" = F:\hlgf.cmd -- File not found
    O33 - MountPoints2\{3d7da074-4529-11de-930d-00150050f3fc}\Shell\AutoRun\command - "" = F:\hlgf.cmd -- File not found
    O33 - MountPoints2\{3d7da074-4529-11de-930d-00150050f3fc}\Shell\expLore\COmManD - "" = F:\hlgf.cmd -- File not found
    O33 - MountPoints2\{3d7da074-4529-11de-930d-00150050f3fc}\Shell\open\cOMmand - "" = F:\hlgf.cmd -- File not found
    O33 - MountPoints2\{6369d4c2-1876-11de-9276-0016364b8a1f}\Shell - "" = AutoRun
    O33 - MountPoints2\{6369d4c2-1876-11de-9276-0016364b8a1f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6c0727f2-37da-11de-92e3-00150050f3fc}\Shell\Autoplay\coMMaND - "" = G:\dsgjo.pif -- File not found
    O33 - MountPoints2\{6c0727f2-37da-11de-92e3-00150050f3fc}\Shell\AutoRun\command - "" = G:\dsgjo.pif -- File not found
    O33 - MountPoints2\{6c0727f2-37da-11de-92e3-00150050f3fc}\Shell\eXpLOre\CommAnD - "" = G:\dsgjo.pif -- File not found
    O33 - MountPoints2\{6c0727f2-37da-11de-92e3-00150050f3fc}\Shell\OpeN\COmmaNd - "" = G:\dsgjo.pif -- File not found
    O33 - MountPoints2\{8eca84c8-ed4e-11de-94d4-0016364b8a1f}\Shell - "" = AutoRun
    O33 - MountPoints2\{8eca84c8-ed4e-11de-94d4-0016364b8a1f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{8f9826ad-3b01-11de-92ee-00150050f3fc}\Shell\AUToplay\ComMaNd - "" = F:\hqqj.exe -- File not found
    O33 - MountPoints2\{8f9826ad-3b01-11de-92ee-00150050f3fc}\Shell\AutoRun\command - "" = F:\hqqj.exe -- File not found
    O33 - MountPoints2\{8f9826ad-3b01-11de-92ee-00150050f3fc}\Shell\exPLore\Command - "" = F:\hqqj.exe -- File not found
    O33 - MountPoints2\{8f9826ad-3b01-11de-92ee-00150050f3fc}\Shell\opEn\commaNd - "" = F:\hqqj.exe -- File not found
    O33 - MountPoints2\{d80d7a5d-2d8d-11de-92c0-00150050f3fc}\Shell\AutoplAY\comMand - "" = F:\ipwued.exe -- File not found
    O33 - MountPoints2\{d80d7a5d-2d8d-11de-92c0-00150050f3fc}\Shell\AutoRun\command - "" = F:\ipwued.exe -- File not found
    O33 - MountPoints2\{d80d7a5d-2d8d-11de-92c0-00150050f3fc}\Shell\EXplORe\CommaNd - "" = F:\ipwued.exe -- File not found
    O33 - MountPoints2\{d80d7a5d-2d8d-11de-92c0-00150050f3fc}\Shell\OpeN\coMmAnd - "" = F:\ipwued.exe -- File not found
    NetSvcs: wywxr - C:\WINDOWS\system32\fgidyc.dll ()
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\S-1-5-21-2052111302-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\S-1-5-21-2052111302-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    DRV - File not found [Kernel | On_Demand | Running] -- -- (abp470n5)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "6740:TCP" =-
    :files
    C:\Windows\tasks\at*.job
    :services
    wywxr
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Please also run a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 B.M.Jaffr Ali

B.M.Jaffr Ali
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chennai, India.
  • Local time:01:04 AM

Posted 10 March 2010 - 04:07 PM

Some remarks first before log upload.
While running OTL as directed, computer performed the task for unusually long time, then wanted to reboot. In the process, it stuck at blank screen, curser functioning, computer on but no clue what is happening for about 30min. I was not sure it can take that much time for reboot, so I had switched off and started again. I could see OTL.LOG opened automatically. I paste the same here. Let me know if I had exceeded the brief.

On GMER.EXE, I had used the one I had downloaded last week for same work. Is that fine?

Before sending this log file, I had checked if browser going to antivirus home pages. I could go to AVAST and download the antivirus file (not installed). I could go to McAfee indirectly ( by opening tab in google search, not by typing direct home page). However, Kaspersky home is still not accessible. Looking forward to know when I can install Antivirus and any information on status of my laptop. THANKS A LOT. Please find the log files.
--------
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07e14e1a-79cd-11de-9395-00150050f3fc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07e14e1a-79cd-11de-9395-00150050f3fc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07e14e1a-79cd-11de-9395-00150050f3fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07e14e1a-79cd-11de-9395-00150050f3fc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07e14e1b-79cd-11de-9395-00150050f3fc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07e14e1b-79cd-11de-9395-00150050f3fc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07e14e1b-79cd-11de-9395-00150050f3fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07e14e1b-79cd-11de-9395-00150050f3fc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f028ae-25ae-11de-92a5-00150050f3fc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08f028ae-25ae-11de-92a5-00150050f3fc}\ not found.
File F:\DRIVE\file.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08f028ae-25ae-11de-92a5-00150050f3fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08f028ae-25ae-11de-92a5-00150050f3fc}\ not found.
File F:\DRIVE\file.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a283e28-2409-11de-92a0-0016364b8a1f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a283e28-2409-11de-92a0-0016364b8a1f}\ not found.
File F:\lcvk.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a283e28-2409-11de-92a0-0016364b8a1f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a283e28-2409-11de-92a0-0016364b8a1f}\ not found.
File F:\lcvk.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a283e28-2409-11de-92a0-0016364b8a1f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a283e28-2409-11de-92a0-0016364b8a1f}\ not found.
File F:\lcvk.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a283e28-2409-11de-92a0-0016364b8a1f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a283e28-2409-11de-92a0-0016364b8a1f}\ not found.
File F:\lcvk.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32d74f68-1b7a-11de-927d-00150050f3fc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32d74f68-1b7a-11de-927d-00150050f3fc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32d74f68-1b7a-11de-927d-00150050f3fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32d74f68-1b7a-11de-927d-00150050f3fc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d7da074-4529-11de-930d-00150050f3fc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d7da074-4529-11de-930d-00150050f3fc}\ not found.
File F:\hlgf.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d7da074-4529-11de-930d-00150050f3fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d7da074-4529-11de-930d-00150050f3fc}\ not found.
File F:\hlgf.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d7da074-4529-11de-930d-00150050f3fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d7da074-4529-11de-930d-00150050f3fc}\ not found.
File F:\hlgf.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d7da074-4529-11de-930d-00150050f3fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d7da074-4529-11de-930d-00150050f3fc}\ not found.
File F:\hlgf.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6369d4c2-1876-11de-9276-0016364b8a1f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6369d4c2-1876-11de-9276-0016364b8a1f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6369d4c2-1876-11de-9276-0016364b8a1f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6369d4c2-1876-11de-9276-0016364b8a1f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c0727f2-37da-11de-92e3-00150050f3fc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c0727f2-37da-11de-92e3-00150050f3fc}\ not found.
File G:\dsgjo.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c0727f2-37da-11de-92e3-00150050f3fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c0727f2-37da-11de-92e3-00150050f3fc}\ not found.
File G:\dsgjo.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c0727f2-37da-11de-92e3-00150050f3fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c0727f2-37da-11de-92e3-00150050f3fc}\ not found.
File G:\dsgjo.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c0727f2-37da-11de-92e3-00150050f3fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c0727f2-37da-11de-92e3-00150050f3fc}\ not found.
File G:\dsgjo.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eca84c8-ed4e-11de-94d4-0016364b8a1f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8eca84c8-ed4e-11de-94d4-0016364b8a1f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eca84c8-ed4e-11de-94d4-0016364b8a1f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8eca84c8-ed4e-11de-94d4-0016364b8a1f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f9826ad-3b01-11de-92ee-00150050f3fc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f9826ad-3b01-11de-92ee-00150050f3fc}\ not found.
File F:\hqqj.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f9826ad-3b01-11de-92ee-00150050f3fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f9826ad-3b01-11de-92ee-00150050f3fc}\ not found.
File F:\hqqj.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f9826ad-3b01-11de-92ee-00150050f3fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f9826ad-3b01-11de-92ee-00150050f3fc}\ not found.
File F:\hqqj.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f9826ad-3b01-11de-92ee-00150050f3fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f9826ad-3b01-11de-92ee-00150050f3fc}\ not found.
File F:\hqqj.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d80d7a5d-2d8d-11de-92c0-00150050f3fc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d80d7a5d-2d8d-11de-92c0-00150050f3fc}\ not found.
File F:\ipwued.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d80d7a5d-2d8d-11de-92c0-00150050f3fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d80d7a5d-2d8d-11de-92c0-00150050f3fc}\ not found.
File F:\ipwued.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d80d7a5d-2d8d-11de-92c0-00150050f3fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d80d7a5d-2d8d-11de-92c0-00150050f3fc}\ not found.
File F:\ipwued.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d80d7a5d-2d8d-11de-92c0-00150050f3fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d80d7a5d-2d8d-11de-92c0-00150050f3fc}\ not found.
File F:\ipwued.exe not found.
wywxr removed from NetSvcs value successfully!
Service wywxr stopped successfully!
Service wywxr deleted successfully!
File move failed. C:\WINDOWS\system32\fgidyc.dll scheduled to be moved on reboot.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools not found.
Registry value HKEY_USERS\S-1-5-21-2052111302-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2052111302-1935655697-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Error: Unable to stop service abp470n5!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\abp470n5 deleted successfully.
File EY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] not found.
========== FILES ==========
File\Folder C:\Windows\tasks\at*.job not found.
========== SERVICES/DRIVERS ==========
Error: No service named wywxr was found to stop!
Service\Driver key wywxr not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 2318 bytes
->Temporary Internet Files folder emptied: 46994 bytes
->FireFox cache emptied: 33392750 bytes

User: All Users

User: B M Jaffar Ali
->Temp folder emptied: 2688259 bytes
->Temporary Internet Files folder emptied: 366361 bytes
->Flash cache emptied: 39952 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 11861 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1512015 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 36.00 mb


OTL by OldTimer - Version 3.1.35.0 log created on 03102010_184710

Files\Folders moved on Reboot...
C:\WINDOWS\system32\fgidyc.dll moved successfully.

Registry entries deleted on Reboot...
----------
---------
OTL logfile created on: 3/10/2010 7:32:40 PM - Run 2
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\B M Jaffar Ali\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 76.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 9.90 Gb Free Space | 49.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54.52 Gb Total Space | 7.02 Gb Free Space | 12.87% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AU-TBFHDECDHYO2
Current User Name: B M Jaffar Ali
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\B M Jaffar Ali\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\WINDOWS\system32\ZCfgSvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\1XConfig.exe (Intel)
PRC - C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation )
PRC - C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\B M Jaffar Ali\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (S24EventMonitor) -- C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) -- C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (abp470n5) -- File not found
DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (NCHSSVAD) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDrm.sys (Nero AG)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Nero AG)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (w22n51) Intel® -- C:\WINDOWS\system32\drivers\w22n51.sys (Intel® Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (RMSPPPOE) WAN Miniport (PPP over Ethernet Protocol) -- C:\WINDOWS\system32\drivers\RMSPPPOE.SYS (Robert Schlabbach)
DRV - (NIPALK) -- C:\WINDOWS\system32\drivers\nipalk.sys (National Instruments Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2001/08/23 17:30:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: kaspersky.com ([www] * in Trusted sites)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Sebring: DllName - c:\WINDOWS\system32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/18 21:17:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/10 18:47:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/10 18:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B M Jaffar Ali\Desktop\uploaded replies
[2010/03/10 12:59:35 | 000,000,000 | ---D | C] -- C:\PFiles
[2010/03/10 12:51:54 | 000,388,536 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\B M Jaffar Ali\Desktop\wmpfirefoxplugin.exe
[2010/03/09 11:47:56 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\B M Jaffar Ali\Desktop\OTL.exe
[2010/03/03 06:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B M Jaffar Ali\Local Settings\Application Data\Cimaware
[2010/02/24 15:35:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\B M Jaffar Ali\Recent
[2010/02/24 15:15:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B M Jaffar Ali\Local Settings\Application Data\VS Revo Group
[2010/02/24 15:15:51 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2010/02/24 15:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B M Jaffar Ali\Local Settings\Application Data\Opera
[2010/02/24 15:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B M Jaffar Ali\Application Data\Opera
[2010/02/24 15:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/02/23 20:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B M Jaffar Ali\Application Data\Malwarebytes
[2010/02/23 20:27:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/23 20:27:32 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/23 20:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/23 20:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/30 15:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/03/28 13:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/03/18 21:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/03/18 21:17:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/03/18 21:17:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2 C:\Documents and Settings\B M Jaffar Ali\Desktop\*.tmp files -> C:\Documents and Settings\B M Jaffar Ali\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/10 19:28:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/10 19:27:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/10 19:27:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/10 19:05:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\B M Jaffar Ali\ntuser.ini
[2010/03/10 18:15:26 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\B M Jaffar Ali\NTUSER.DAT
[2010/03/10 17:17:55 | 000,178,902 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\po - jaffer - aukbc.pdf
[2010/03/10 17:15:48 | 000,092,555 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\po - jaffer - aukbc-1.pdf
[2010/03/10 12:52:41 | 000,388,536 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\B M Jaffar Ali\Desktop\wmpfirefoxplugin.exe
[2010/03/10 12:44:11 | 000,152,205 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\xpp-single.pdf
[2010/03/10 11:49:49 | 000,386,035 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\A Simple Method for the Reconstitution of Membrane Proteins into Giant Unilamellar Vesicles.pdf
[2010/03/10 11:26:27 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/10 11:16:29 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\TIO2.lnk
[2010/03/09 11:48:03 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B M Jaffar Ali\Desktop\OTL.exe
[2010/03/05 16:19:56 | 000,044,384 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/04 19:06:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/04 11:13:12 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Word 2003.lnk
[2010/03/03 07:17:32 | 000,194,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/03 06:55:16 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\~$IST-AUKBC-DST280210 (WordFIX).doc
[2010/03/03 06:51:23 | 000,001,401 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\WordFIX.lnk
[2010/03/03 06:49:47 | 004,166,256 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\wordfixinstaller.exe
[2010/03/03 06:14:24 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/03/03 06:13:58 | 000,000,615 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/01 15:48:07 | 000,082,432 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/01 15:46:40 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Desktop 1st March 2010.lnk
[2010/02/28 18:57:59 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Microsoft Office PowerPoint 2003.lnk
[2010/02/25 22:33:02 | 000,023,213 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\My Documents\download.htm
[2010/02/24 18:32:11 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\defogger_reenable
[2010/02/24 15:20:35 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/24 15:15:51 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2010/02/24 15:12:29 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/02/24 13:49:15 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/24 13:47:32 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\~$ps forinstallationav.doc
[2 C:\Documents and Settings\B M Jaffar Ali\Desktop\*.tmp files -> C:\Documents and Settings\B M Jaffar Ali\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/10 17:17:20 | 000,178,902 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\po - jaffer - aukbc.pdf
[2010/03/10 17:15:28 | 000,092,555 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\po - jaffer - aukbc-1.pdf
[2010/03/10 12:44:11 | 000,152,205 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\xpp-single.pdf
[2010/03/10 11:49:13 | 000,386,035 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\A Simple Method for the Reconstitution of Membrane Proteins into Giant Unilamellar Vesicles.pdf
[2010/03/10 11:16:29 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\TIO2.lnk
[2010/03/03 06:55:16 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\~$IST-AUKBC-DST280210 (WordFIX).doc
[2010/03/03 06:51:23 | 000,001,401 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\WordFIX.lnk
[2010/03/03 06:48:21 | 004,166,256 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\wordfixinstaller.exe
[2010/03/01 15:46:40 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Desktop 1st March 2010.lnk
[2010/02/25 22:33:02 | 000,023,213 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\My Documents\download.htm
[2010/02/24 18:32:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\defogger_reenable
[2010/02/24 15:15:51 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2010/02/24 15:12:28 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/02/24 13:47:32 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\~$ps forinstallationav.doc
[2010/02/23 20:27:36 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/14 17:58:21 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\PdfPorts.dll
[2009/05/14 15:05:17 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2009/05/14 14:48:59 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/04/17 18:18:20 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2009/04/02 13:05:23 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/02 09:41:51 | 000,082,432 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/31 14:08:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/31 13:41:33 | 000,118,784 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2009/03/27 18:15:21 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/03/27 18:15:21 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/03/27 18:15:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/03/27 18:15:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/03/27 18:15:21 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/03/27 18:15:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/01/13 19:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/04/17 12:35:00 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/04/17 12:35:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/01/07 16:10:02 | 000,003,168 | ---- | C] () -- C:\WINDOWS\System32\nipalpg.dll
< End of report >
----------
-------------
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-10 21:00:52
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\BMJAFF~1\LOCALS~1\Temp\fxqyafow.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\kkqmjd.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:34 PM

Posted 10 March 2010 - 04:53 PM

Hi,

please run the following fix:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    DRV - File not found [Kernel | On_Demand | Running] -- -- (abp470n5)
    :REG
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "6740:TCP" =-
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 B.M.Jaffr Ali

B.M.Jaffr Ali
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chennai, India.
  • Local time:01:04 AM

Posted 11 March 2010 - 02:00 AM

========== OTL ==========
Error: Unable to stop service abp470n5!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\abp470n5 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\6740:TCP deleted successfully.

OTL by OldTimer - Version 3.1.35.0 log created on 03112010_115323

----------------

OTL logfile created on: 3/11/2010 12:18:38 PM - Run 3
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\B M Jaffar Ali\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 76.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 9.74 Gb Free Space | 48.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54.52 Gb Total Space | 6.48 Gb Free Space | 11.89% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AU-TBFHDECDHYO2
Current User Name: B M Jaffar Ali
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\B M Jaffar Ali\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\WINDOWS\system32\ZCfgSvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\1XConfig.exe (Intel)
PRC - C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation )
PRC - C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\B M Jaffar Ali\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (S24EventMonitor) -- C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) -- C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (abp470n5) -- File not found
DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (NCHSSVAD) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDrm.sys (Nero AG)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Nero AG)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (w22n51) Intel® -- C:\WINDOWS\system32\drivers\w22n51.sys (Intel® Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (RMSPPPOE) WAN Miniport (PPP over Ethernet Protocol) -- C:\WINDOWS\system32\drivers\RMSPPPOE.SYS (Robert Schlabbach)
DRV - (NIPALK) -- C:\WINDOWS\system32\drivers\nipalk.sys (National Instruments Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2001/08/23 17:30:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: kaspersky.com ([www] * in Trusted sites)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Sebring: DllName - c:\WINDOWS\system32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/18 21:17:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/10 18:47:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/10 18:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B M Jaffar Ali\Desktop\uploaded replies
[2010/03/10 12:59:35 | 000,000,000 | ---D | C] -- C:\PFiles
[2010/03/10 12:51:54 | 000,388,536 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\B M Jaffar Ali\Desktop\wmpfirefoxplugin.exe
[2010/03/09 11:47:56 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\B M Jaffar Ali\Desktop\OTL.exe
[2010/03/03 06:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B M Jaffar Ali\Local Settings\Application Data\Cimaware
[2010/02/24 15:35:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\B M Jaffar Ali\Recent
[2010/02/24 15:15:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B M Jaffar Ali\Local Settings\Application Data\VS Revo Group
[2010/02/24 15:15:51 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2010/02/24 15:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B M Jaffar Ali\Local Settings\Application Data\Opera
[2010/02/24 15:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B M Jaffar Ali\Application Data\Opera
[2010/02/24 15:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/02/23 20:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B M Jaffar Ali\Application Data\Malwarebytes
[2010/02/23 20:27:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/23 20:27:32 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/23 20:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/23 20:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/30 15:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/03/28 13:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/03/18 21:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/03/18 21:17:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/03/18 21:17:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2 C:\Documents and Settings\B M Jaffar Ali\Desktop\*.tmp files -> C:\Documents and Settings\B M Jaffar Ali\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/11 11:40:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/11 11:40:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/11 11:40:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/11 02:42:18 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\B M Jaffar Ali\NTUSER.DAT
[2010/03/11 02:42:18 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\B M Jaffar Ali\ntuser.ini
[2010/03/11 01:57:36 | 045,942,928 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\setup_av_free.exe
[2010/03/10 17:17:55 | 000,178,902 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\po - jaffer - aukbc.pdf
[2010/03/10 17:15:48 | 000,092,555 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\po - jaffer - aukbc-1.pdf
[2010/03/10 12:52:41 | 000,388,536 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\B M Jaffar Ali\Desktop\wmpfirefoxplugin.exe
[2010/03/10 12:44:11 | 000,152,205 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\xpp-single.pdf
[2010/03/10 11:49:49 | 000,386,035 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\A Simple Method for the Reconstitution of Membrane Proteins into Giant Unilamellar Vesicles.pdf
[2010/03/10 11:26:27 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/10 11:16:29 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\TIO2.lnk
[2010/03/09 11:48:03 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B M Jaffar Ali\Desktop\OTL.exe
[2010/03/05 16:19:56 | 000,044,384 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/04 19:06:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/04 11:13:12 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Word 2003.lnk
[2010/03/03 07:17:32 | 000,194,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/03 06:55:16 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\~$IST-AUKBC-DST280210 (WordFIX).doc
[2010/03/03 06:51:23 | 000,001,401 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\WordFIX.lnk
[2010/03/03 06:49:47 | 004,166,256 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\wordfixinstaller.exe
[2010/03/03 06:14:24 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/03/03 06:13:58 | 000,000,615 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/01 15:48:07 | 000,082,432 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/01 15:46:40 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Desktop 1st March 2010.lnk
[2010/02/28 18:57:59 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Microsoft Office PowerPoint 2003.lnk
[2010/02/25 22:33:02 | 000,023,213 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\My Documents\download.htm
[2010/02/24 18:32:11 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\B M Jaffar Ali\defogger_reenable
[2010/02/24 15:20:35 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/24 15:15:51 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2010/02/24 15:12:29 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/02/24 13:49:15 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/24 13:47:32 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\~$ps forinstallationav.doc
[2 C:\Documents and Settings\B M Jaffar Ali\Desktop\*.tmp files -> C:\Documents and Settings\B M Jaffar Ali\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/11 01:49:56 | 045,942,928 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\setup_av_free.exe
[2010/03/10 17:17:20 | 000,178,902 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\po - jaffer - aukbc.pdf
[2010/03/10 17:15:28 | 000,092,555 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\po - jaffer - aukbc-1.pdf
[2010/03/10 12:44:11 | 000,152,205 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\xpp-single.pdf
[2010/03/10 11:49:13 | 000,386,035 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\A Simple Method for the Reconstitution of Membrane Proteins into Giant Unilamellar Vesicles.pdf
[2010/03/10 11:16:29 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\TIO2.lnk
[2010/03/03 06:55:16 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\~$IST-AUKBC-DST280210 (WordFIX).doc
[2010/03/03 06:51:23 | 000,001,401 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\WordFIX.lnk
[2010/03/03 06:48:21 | 004,166,256 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\wordfixinstaller.exe
[2010/03/01 15:46:40 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\Desktop 1st March 2010.lnk
[2010/02/25 22:33:02 | 000,023,213 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\My Documents\download.htm
[2010/02/24 18:32:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\defogger_reenable
[2010/02/24 15:15:51 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2010/02/24 15:12:28 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/02/24 13:47:32 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Desktop\~$ps forinstallationav.doc
[2010/02/23 20:27:36 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/14 17:58:21 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\PdfPorts.dll
[2009/05/14 15:05:17 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2009/05/14 14:48:59 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/04/17 18:18:20 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2009/04/02 13:05:23 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/02 09:41:51 | 000,082,432 | ---- | C] () -- C:\Documents and Settings\B M Jaffar Ali\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/31 14:08:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/31 13:41:33 | 000,118,784 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2009/03/27 18:15:21 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/03/27 18:15:21 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/03/27 18:15:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/03/27 18:15:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/03/27 18:15:21 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/03/27 18:15:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/01/13 19:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/04/17 12:35:00 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/04/17 12:35:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/01/07 16:10:02 | 000,003,168 | ---- | C] () -- C:\WINDOWS\System32\nipalpg.dll
< End of report >
-------
Regards,
jaffar

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:34 PM

Posted 11 March 2010 - 02:39 PM

Hi,
it seems we need to bring out the big tools.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 B.M.Jaffr Ali

B.M.Jaffr Ali
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chennai, India.
  • Local time:01:04 AM

Posted 12 March 2010 - 02:07 AM

ComboFix 10-03-11.03 - B M Jaffar Ali 03/12/2010 12:10:09.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1270.958 [GMT 5.5:30]
Running from: c:\documents and settings\B M Jaffar Ali\Desktop\xiFobmoC.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1436613272-8151343398-421582269-6421
c:\recycler\S-1-5-21-1550597196-3203258889-353054675-9863
c:\recycler\S-1-5-21-2221786981-9258242416-562244105-0329
c:\recycler\S-1-5-21-3804211406-2340582972-050631858-0145
c:\recycler\S-1-5-21-4266098296-0015636288-347200625-2176
c:\recycler\S-1-5-21-4483897247-8472466941-441851251-1291
c:\recycler\S-1-5-21-5294964939-8623946133-740770808-5425
c:\recycler\S-1-5-21-6085141376-2050964953-958140324-4285
c:\recycler\S-1-5-21-6806685948-0764219890-209090922-6116
c:\recycler\S-1-5-21-7196106191-3580489304-307900066-2214
c:\recycler\S-1-5-21-7913312669-4702946691-009808586-8476
c:\recycler\S-1-5-21-8068197166-8292826489-107404019-0810
c:\recycler\S-1-5-21-8916414657-9405523111-135681784-0682
c:\recycler\S-1-5-21-9186979803-7713727980-225151560-7014
c:\recycler\S-1-5-21-9728693426-8830199933-366488197-8227
c:\recycler\S-1-5-21-9877881779-1568348430-379665836-0657
c:\windows\EventSystem.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ABP470N5
-------\Service_abp470n5


((((((((((((((((((((((((( Files Created from 2010-02-12 to 2010-03-12 )))))))))))))))))))))))))))))))
.

2010-03-10 13:17 . 2010-03-10 13:17 -------- d-----w- C:\_OTL
2010-03-10 07:29 . 2010-03-10 07:29 -------- d-----w- C:\PFiles
2010-03-03 01:21 . 2010-03-03 01:29 -------- d-----w- c:\documents and settings\B M Jaffar Ali\Local Settings\Application Data\Cimaware
2010-02-24 09:45 . 2010-02-24 09:45 -------- d-----w- c:\documents and settings\B M Jaffar Ali\Local Settings\Application Data\VS Revo Group
2010-02-24 09:45 . 2009-12-30 05:50 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-02-24 09:42 . 2010-02-24 09:42 -------- d-----w- c:\documents and settings\B M Jaffar Ali\Local Settings\Application Data\Opera
2010-02-24 09:42 . 2010-02-24 09:42 -------- d-----w- c:\program files\Opera
2010-02-23 14:57 . 2010-02-23 14:57 -------- d-----w- c:\documents and settings\B M Jaffar Ali\Application Data\Malwarebytes
2010-02-23 14:57 . 2010-03-12 05:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-23 14:57 . 2010-02-23 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-23 04:53 . 2010-02-23 06:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-02-22 09:15 . 2010-02-22 09:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 10:49 . 2009-03-19 09:26 44384 ----a-w- c:\documents and settings\B M Jaffar Ali\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-04 13:36 . 2009-06-02 15:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-24 09:45 . 2009-06-05 10:31 -------- d-----w- c:\program files\VS Revo Group
2010-02-24 09:39 . 2009-03-18 18:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-16 09:13 . 2009-05-14 12:28 -------- d-----w- c:\program files\Common Files\Adobe
2004-10-01 09:30 . 2009-03-31 08:11 118784 ----a-w- c:\program files\Uninstall_CDS.exe
2001-11-30 13:56 . 2001-11-30 13:56 98304 ----a-w- c:\program files\internet explorer\plugins\LVActiveXControl.dll
2009-06-05 09:30 . 2009-05-25 06:40 360480 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-05 09:30 . 2009-05-25 06:40 40480 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe [2009-10-25 121344]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-03-03 11:18 110592 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Adobe\\Acrobat 4.0\\Distillr\\AcroTray.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\ZCfgSvc.exe"=
"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\AcroRd32Info.exe"=

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/3/2002 12:09 AM 31504]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/24/2010 3:15 PM 27064]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: kaspersky.com\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 12:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2052111302-1935655697-839522115-1003\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:7c,4b,f3,c5,6b,0f,3a,c3,eb,7d,57,cd,7f,80,6a,5d,45,f1,e5,af,
71,e7,b7,a8,f8,d9,cb,10,df,ff,3f,3a,73,3b,87,c0,0e,61,0f,40,a4,f8,60,bb,65,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\S24EvMon.exe
c:\windows\system32\ZCfgSvc.exe
c:\windows\system32\RegSrvc.exe
c:\windows\system32\1XConfig.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2010-03-12 12:17:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-12 06:47

Pre-Run: 11,085,860,864 bytes free
Post-Run: 10,921,684,992 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 0F31780FF558D286F63E9ED62053B36B
jaffar

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:34 PM

Posted 12 March 2010 - 10:55 AM

Hi,

this is looking good. How is your PC doing?

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
"DisableRegistryTools"=-


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 B.M.Jaffr Ali

B.M.Jaffr Ali
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chennai, India.
  • Local time:01:04 AM

Posted 13 March 2010 - 03:29 AM

Hi Mytri,

I did not understand your comment on my PC performance. My PC is without any antivirus and malware now. My original problem still remained. That is, I am not able to visit Kaspersky website. I could see two line telling some disable kaspersky like that. What do they mean? Is it a deliberate problem of Kaspersky when I was using their version before? I had used a licensed version for one year. After expiry, tried to install demo version. It could never got installed successfully. Now I have a licensed version with me. It will give me same problem because it not accessing kaspersky home site. Can you advise me on the potential problem if any I will face using Kaspersky?

Here is the log file you had requested. I had run ComboFix two times. First log is given last. It was run by clicking ComboFix. Later I realised, I did not drag the script on to it though it was on same directory. Again, to be sure, I repeated ComboFix by dragging and dropping script file.

Let me have your feedback to decide on AV. Thanks and regards.

jaffar
Dr.B.M.Jaffar Ali
Scientist, AU-KBC Research Centre
Anna University Chennai. INDIA.
------
ComboFix 10-03-12.02 - B M Jaffar Ali 03/13/2010 12:30:44.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1270.928 [GMT 5.5:30]
Running from: c:\documents and settings\B M Jaffar Ali\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ABP470N5
-------\Service_abp470n5


((((((((((((((((((((((((( Files Created from 2010-02-13 to 2010-03-13 )))))))))))))))))))))))))))))))
.

2010-03-12 06:52 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-03-12 06:52 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-03-12 06:52 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-03-12 06:52 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-03-12 06:51 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-03-10 13:17 . 2010-03-10 13:17 -------- d-----w- C:\_OTL
2010-03-10 07:29 . 2010-03-10 07:29 -------- d-----w- C:\PFiles
2010-03-03 01:21 . 2010-03-03 01:29 -------- d-----w- c:\documents and settings\B M Jaffar Ali\Local Settings\Application Data\Cimaware
2010-02-24 09:45 . 2010-02-24 09:45 -------- d-----w- c:\documents and settings\B M Jaffar Ali\Local Settings\Application Data\VS Revo Group
2010-02-24 09:45 . 2009-12-30 05:50 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-02-24 09:42 . 2010-02-24 09:42 -------- d-----w- c:\documents and settings\B M Jaffar Ali\Local Settings\Application Data\Opera
2010-02-24 09:42 . 2010-02-24 09:42 -------- d-----w- c:\program files\Opera
2010-02-23 14:57 . 2010-02-23 14:57 -------- d-----w- c:\documents and settings\B M Jaffar Ali\Application Data\Malwarebytes
2010-02-23 14:57 . 2010-03-12 05:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-23 14:57 . 2010-02-23 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-23 04:53 . 2010-02-23 06:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-02-22 09:15 . 2010-02-22 09:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 10:49 . 2009-03-19 09:26 44384 ----a-w- c:\documents and settings\B M Jaffar Ali\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-04 13:36 . 2009-06-02 15:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-24 09:45 . 2009-06-05 10:31 -------- d-----w- c:\program files\VS Revo Group
2010-02-24 09:39 . 2009-03-18 18:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-16 09:13 . 2009-05-14 12:28 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-31 16:50 . 2004-08-03 17:44 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:21 . 2004-08-03 19:26 667136 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2004-08-03 19:26 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-16 18:43 . 2009-03-18 15:43 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-03 19:26 33280 ----a-w- c:\windows\system32\csrsrv.dll
2004-10-01 09:30 . 2009-03-31 08:11 118784 ----a-w- c:\program files\Uninstall_CDS.exe
2001-11-30 13:56 . 2001-11-30 13:56 98304 ----a-w- c:\program files\internet explorer\plugins\LVActiveXControl.dll
2009-06-05 09:30 . 2009-05-25 06:40 360480 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-05 09:30 . 2009-05-25 06:40 40480 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-03-12_06.44.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-13 07:06 . 2010-03-13 07:06 16384 c:\windows\temp\Perflib_Perfdata_7ac.dat
+ 2008-10-16 08:39 . 2009-08-06 13:54 44768 c:\windows\system32\wups2.dll
+ 2009-03-18 18:00 . 2009-08-06 13:54 35552 c:\windows\system32\wups.dll
+ 2009-03-18 15:43 . 2009-08-06 13:54 53472 c:\windows\system32\wuauclt.exe
+ 2004-08-03 19:26 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
+ 2008-10-22 09:47 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2004-08-03 19:26 . 2009-06-12 12:31 80896 c:\windows\system32\tlntsess.exe
+ 2004-08-03 19:26 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe
+ 2009-03-27 12:52 . 2007-07-27 05:11 26488 c:\windows\system32\spupdsvc.exe
- 2009-03-27 12:52 . 2007-08-10 15:16 26488 c:\windows\system32\spupdsvc.exe
+ 2009-03-27 12:52 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2009-03-27 12:52 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2010-03-12 06:48 . 2009-08-06 13:54 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-03-12 06:48 . 2009-08-06 13:54 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2004-08-03 19:26 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
- 2004-08-03 19:26 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll
+ 2004-08-03 19:26 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
- 2004-08-03 19:26 . 2008-04-14 00:12 79872 c:\windows\system32\raschap.dll
+ 2004-08-04 00:56 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll
+ 2001-08-23 06:00 . 2009-11-27 16:07 28672 c:\windows\system32\msvidc32.dll
+ 2004-08-03 19:26 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll
- 2004-08-03 19:26 . 2008-04-14 00:12 11264 c:\windows\system32\msrle32.dll
+ 2004-08-03 19:26 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll
+ 2004-08-04 00:56 . 2009-11-27 16:07 48128 c:\windows\system32\iyuv_32.dll
+ 2001-08-23 06:00 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll
+ 2004-08-03 17:29 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2009-03-18 18:00 . 2009-08-06 13:54 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-03-18 15:43 . 2009-08-06 13:54 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-12 12:31 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2001-08-23 06:00 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
- 2009-02-20 08:10 . 2009-02-20 08:10 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-02-20 08:10 . 2009-12-22 05:20 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2004-08-03 19:26 . 2009-08-06 13:54 96480 c:\windows\system32\dllcache\cdm.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
+ 2004-08-03 19:26 . 2009-08-06 13:54 96480 c:\windows\system32\cdm.dll
- 2004-08-03 19:26 . 2008-04-14 00:11 84992 c:\windows\system32\avifil32.dll
+ 2004-08-03 19:26 . 2009-11-27 16:07 84992 c:\windows\system32\avifil32.dll
+ 2004-08-03 19:26 . 2009-07-17 19:01 58880 c:\windows\system32\atl.dll
- 2004-08-03 19:26 . 2008-04-14 00:11 58880 c:\windows\system32\atl.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\tsbyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2009-03-18 18:00 . 2009-08-06 13:54 209632 c:\windows\system32\wuweb.dll
+ 2009-03-18 18:00 . 2009-08-06 13:54 327896 c:\windows\system32\wucltui.dll
+ 2009-03-18 18:00 . 2009-08-06 13:53 575704 c:\windows\system32\wuapi.dll
+ 2004-08-03 19:26 . 2009-04-03 06:45 485376 c:\windows\system32\wmspdmod.dll
- 2004-08-03 19:26 . 2008-04-14 00:12 485376 c:\windows\system32\wmspdmod.dll
- 2004-08-03 19:26 . 2008-04-14 00:12 233472 c:\windows\system32\wmpdxm.dll
+ 2004-08-03 19:26 . 2009-07-12 06:51 233472 c:\windows\system32\wmpdxm.dll
- 2004-08-03 19:26 . 2008-04-14 00:12 132096 c:\windows\system32\wkssvc.dll
+ 2004-08-03 19:26 . 2009-06-10 06:14 132096 c:\windows\system32\wkssvc.dll
+ 2004-08-03 19:26 . 2009-12-22 05:21 627712 c:\windows\system32\urlmon.dll
+ 2004-08-03 19:26 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
+ 2004-08-03 19:26 . 2009-08-26 08:00 247326 c:\windows\system32\strmdll.dll
- 2004-08-03 19:26 . 2008-10-03 10:02 247326 c:\windows\system32\strmdll.dll
+ 2004-08-03 19:26 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
- 2004-08-03 19:26 . 2008-04-14 00:12 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-03 19:26 . 2009-06-25 08:25 147456 c:\windows\system32\schannel.dll
+ 2004-08-03 19:26 . 2009-04-15 14:51 585216 c:\windows\system32\rpcrt4.dll
+ 2004-08-03 19:26 . 2009-10-12 13:38 149504 c:\windows\system32\rastls.dll
+ 2004-08-03 19:26 . 2009-10-13 10:30 270336 c:\windows\system32\oakley.dll
- 2004-08-03 19:26 . 2008-04-14 00:12 270336 c:\windows\system32\oakley.dll
+ 2004-08-03 19:26 . 2009-08-05 09:01 204800 c:\windows\system32\mswebdvd.dll
+ 2004-08-03 19:26 . 2009-09-11 14:18 136192 c:\windows\system32\msv1_0.dll
+ 2004-08-03 19:26 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2004-08-03 19:26 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
+ 2004-08-03 19:26 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
- 2004-08-03 19:26 . 2008-05-09 10:53 512000 c:\windows\system32\jscript.dll
+ 2004-08-03 19:26 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
+ 2009-03-18 21:05 . 2010-03-12 14:34 194568 c:\windows\system32\FNTCACHE.DAT
- 2009-03-18 21:05 . 2010-03-03 01:47 194568 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-03 17:45 . 2009-12-04 18:22 455424 c:\windows\system32\drivers\mrxsmb.sys
+ 2009-03-18 18:00 . 2009-08-06 13:54 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2009-03-18 18:00 . 2009-08-06 13:54 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2009-03-18 18:00 . 2009-08-06 13:53 575704 c:\windows\system32\dllcache\wuapi.dll
- 2004-08-03 19:26 . 2008-04-14 00:12 485376 c:\windows\system32\dllcache\wmspdmod.dll
+ 2004-08-03 19:26 . 2009-04-03 06:45 485376 c:\windows\system32\dllcache\wmspdmod.dll
- 2004-08-03 19:26 . 2008-04-14 00:12 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-03 19:26 . 2009-07-12 06:51 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2009-03-27 13:00 . 2009-12-22 05:21 667136 c:\windows\system32\dllcache\wininet.dll
+ 2009-03-27 13:00 . 2009-12-22 05:21 627712 c:\windows\system32\dllcache\urlmon.dll
- 2004-08-03 19:26 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-08-03 19:26 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2009-03-27 12:59 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
+ 2009-12-08 09:23 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
+ 2009-10-13 10:30 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
+ 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-12-16 18:43 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2009-03-27 12:59 . 2009-12-04 18:22 455424 c:\windows\system32\dllcache\mrxsmb.sys
+ 2009-04-15 10:24 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 512000 c:\windows\system32\dllcache\jscript.dll
+ 2008-05-09 10:53 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
+ 2009-03-27 12:59 . 2009-12-04 18:22 455424 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2004-08-03 19:26 . 2009-11-21 15:51 471552 c:\windows\AppPatch\aclayers.dll
+ 2010-03-12 06:52 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-03-18 15:43 . 2009-08-06 13:53 1929952 c:\windows\system32\wuaueng.dll
+ 2004-08-03 19:27 . 2009-05-26 11:23 2174976 c:\windows\system32\WMVCore.dll
- 2004-08-03 19:27 . 2008-11-07 11:15 2174976 c:\windows\system32\WMVCore.dll
+ 2004-08-03 19:26 . 2009-07-12 06:51 4874240 c:\windows\system32\wmp.dll
- 2004-08-03 19:26 . 2008-04-14 00:12 4874240 c:\windows\system32\wmp.dll
+ 2004-08-03 17:47 . 2009-08-14 13:21 1850624 c:\windows\system32\win32k.sys
+ 2004-08-03 19:26 . 2009-12-22 05:21 1509888 c:\windows\system32\shdocvw.dll
+ 2004-08-03 19:26 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll
- 2004-08-03 19:26 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll
+ 2004-08-03 19:26 . 2009-11-27 17:11 1291776 c:\windows\system32\quartz.dll
+ 2004-08-03 17:50 . 2009-12-08 19:27 2189184 c:\windows\system32\ntoskrnl.exe
+ 2004-08-03 22:59 . 2009-12-08 18:43 2066048 c:\windows\system32\ntkrnlpa.exe
- 2004-08-03 22:59 . 2009-02-07 13:32 2066048 c:\windows\system32\ntkrnlpa.exe
+ 2008-04-14 00:12 . 2009-07-31 04:35 1372672 c:\windows\system32\msxml6.dll
+ 2004-08-03 19:26 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2009-03-18 15:43 . 2009-06-10 03:49 2066432 c:\windows\system32\mstscax.dll
+ 2004-08-03 19:26 . 2009-12-22 05:21 3071488 c:\windows\system32\mshtml.dll
+ 2009-03-18 15:43 . 2009-08-06 13:53 1929952 c:\windows\system32\dllcache\wuaueng.dll
- 2004-08-03 19:27 . 2008-11-07 11:15 2174976 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-03 19:27 . 2009-05-26 11:23 2174976 c:\windows\system32\dllcache\WMVCore.dll
- 2004-08-03 19:26 . 2008-04-14 00:12 4874240 c:\windows\system32\dllcache\wmp.dll
+ 2004-08-03 19:26 . 2009-07-12 06:51 4874240 c:\windows\system32\dllcache\wmp.dll
+ 2009-02-09 11:13 . 2009-08-14 13:21 1850624 c:\windows\system32\dllcache\win32k.sys
+ 2009-03-27 13:00 . 2009-12-22 05:21 1509888 c:\windows\system32\dllcache\shdocvw.dll
+ 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll
+ 2008-05-07 05:12 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2009-04-15 10:24 . 2009-12-08 19:27 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-04-15 10:24 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-04-15 10:24 . 2009-12-08 18:43 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-07 13:32 . 2009-12-08 18:43 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-02-07 13:32 . 2009-02-07 13:32 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-04-15 10:24 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-04-15 10:24 . 2009-12-08 19:26 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-04-14 00:12 . 2009-07-31 04:35 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2004-08-03 19:26 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-03-18 15:43 . 2009-06-10 03:49 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2009-03-27 13:00 . 2009-12-22 05:21 3071488 c:\windows\system32\dllcache\mshtml.dll
+ 2009-03-18 15:46 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
- 2009-03-18 15:46 . 2008-04-14 00:12 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2009-04-15 10:24 . 2009-12-08 19:27 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-04-15 10:24 . 2009-12-08 18:43 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-04-15 10:24 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-02-07 13:32 . 2009-02-07 13:32 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-02-07 13:32 . 2009-12-08 18:43 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-04-15 10:24 . 2009-12-08 19:26 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2009-04-15 10:24 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-02 04:04 . 2010-03-01 16:00 31648712 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe [2009-10-25 121344]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-03-03 11:18 110592 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Adobe\\Acrobat 4.0\\Distillr\\AcroTray.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\ZCfgSvc.exe"=
"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\AcroRd32Info.exe"=

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/3/2002 12:09 AM 31504]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/24/2010 3:15 PM 27064]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: kaspersky.com\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-13 12:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2052111302-1935655697-839522115-1003\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:7c,4b,f3,c5,6b,0f,3a,c3,eb,7d,57,cd,7f,80,6a,5d,45,f1,e5,af,
71,e7,b7,a8,f8,d9,cb,10,df,ff,3f,3a,73,3b,87,c0,0e,61,0f,40,a4,f8,60,bb,65,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\S24EvMon.exe
c:\windows\system32\RegSrvc.exe
c:\windows\system32\ZCfgSvc.exe
c:\windows\system32\1XConfig.exe
.
**************************************************************************
.
Completion time: 2010-03-13 12:39:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-13 07:09
ComboFix2.txt 2010-03-12 06:47

Pre-Run: 10,859,597,824 bytes free
Post-Run: 10,766,168,064 bytes free

- - End Of File - - 40ABDC9EACAEE0F8A4E1682BC531E315

----------
BELOW LOG FILE WITHOUT DRAG-DROP SCRIPT, DONE FIRST.

---
ComboFix 10-03-11.03 - B M Jaffar Ali 03/12/2010 12:10:09.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1270.958 [GMT 5.5:30]
Running from: c:\documents and settings\B M Jaffar Ali\Desktop\xiFobmoC.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1436613272-8151343398-421582269-6421
c:\recycler\S-1-5-21-1550597196-3203258889-353054675-9863
c:\recycler\S-1-5-21-2221786981-9258242416-562244105-0329
c:\recycler\S-1-5-21-3804211406-2340582972-050631858-0145
c:\recycler\S-1-5-21-4266098296-0015636288-347200625-2176
c:\recycler\S-1-5-21-4483897247-8472466941-441851251-1291
c:\recycler\S-1-5-21-5294964939-8623946133-740770808-5425
c:\recycler\S-1-5-21-6085141376-2050964953-958140324-4285
c:\recycler\S-1-5-21-6806685948-0764219890-209090922-6116
c:\recycler\S-1-5-21-7196106191-3580489304-307900066-2214
c:\recycler\S-1-5-21-7913312669-4702946691-009808586-8476
c:\recycler\S-1-5-21-8068197166-8292826489-107404019-0810
c:\recycler\S-1-5-21-8916414657-9405523111-135681784-0682
c:\recycler\S-1-5-21-9186979803-7713727980-225151560-7014
c:\recycler\S-1-5-21-9728693426-8830199933-366488197-8227
c:\recycler\S-1-5-21-9877881779-1568348430-379665836-0657
c:\windows\EventSystem.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ABP470N5
-------\Service_abp470n5


((((((((((((((((((((((((( Files Created from 2010-02-12 to 2010-03-12 )))))))))))))))))))))))))))))))
.

2010-03-10 13:17 . 2010-03-10 13:17 -------- d-----w- C:\_OTL
2010-03-10 07:29 . 2010-03-10 07:29 -------- d-----w- C:\PFiles
2010-03-03 01:21 . 2010-03-03 01:29 -------- d-----w- c:\documents and settings\B M Jaffar Ali\Local Settings\Application Data\Cimaware
2010-02-24 09:45 . 2010-02-24 09:45 -------- d-----w- c:\documents and settings\B M Jaffar Ali\Local Settings\Application Data\VS Revo Group
2010-02-24 09:45 . 2009-12-30 05:50 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-02-24 09:42 . 2010-02-24 09:42 -------- d-----w- c:\documents and settings\B M Jaffar Ali\Local Settings\Application Data\Opera
2010-02-24 09:42 . 2010-02-24 09:42 -------- d-----w- c:\program files\Opera
2010-02-23 14:57 . 2010-02-23 14:57 -------- d-----w- c:\documents and settings\B M Jaffar Ali\Application Data\Malwarebytes
2010-02-23 14:57 . 2010-03-12 05:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-23 14:57 . 2010-02-23 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-23 04:53 . 2010-02-23 06:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-02-22 09:15 . 2010-02-22 09:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 10:49 . 2009-03-19 09:26 44384 ----a-w- c:\documents and settings\B M Jaffar Ali\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-04 13:36 . 2009-06-02 15:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-24 09:45 . 2009-06-05 10:31 -------- d-----w- c:\program files\VS Revo Group
2010-02-24 09:39 . 2009-03-18 18:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-16 09:13 . 2009-05-14 12:28 -------- d-----w- c:\program files\Common Files\Adobe
2004-10-01 09:30 . 2009-03-31 08:11 118784 ----a-w- c:\program files\Uninstall_CDS.exe
2001-11-30 13:56 . 2001-11-30 13:56 98304 ----a-w- c:\program files\internet explorer\plugins\LVActiveXControl.dll
2009-06-05 09:30 . 2009-05-25 06:40 360480 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-05 09:30 . 2009-05-25 06:40 40480 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe [2009-10-25 121344]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-03-03 11:18 110592 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Adobe\\Acrobat 4.0\\Distillr\\AcroTray.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\ZCfgSvc.exe"=
"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\AcroRd32Info.exe"=

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/3/2002 12:09 AM 31504]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/24/2010 3:15 PM 27064]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: kaspersky.com\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 12:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2052111302-1935655697-839522115-1003\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:7c,4b,f3,c5,6b,0f,3a,c3,eb,7d,57,cd,7f,80,6a,5d,45,f1,e5,af,
71,e7,b7,a8,f8,d9,cb,10,df,ff,3f,3a,73,3b,87,c0,0e,61,0f,40,a4,f8,60,bb,65,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\S24EvMon.exe
c:\windows\system32\ZCfgSvc.exe
c:\windows\system32\RegSrvc.exe
c:\windows\system32\1XConfig.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2010-03-12 12:17:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-12 06:47

Pre-Run: 11,085,860,864 bytes free
Post-Run: 10,921,684,992 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 0F31780FF558D286F63E9ED62053B36B



#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:34 PM

Posted 13 March 2010 - 07:27 AM

Hi,


it seems that the dragging and dropping did not work correctly on the second log either.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
SecCenter::
{2C4D4BC6-0793-4956-A9F9-E252435469C0}
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
"DisableRegistryTools"=-


Save this as CFScript.txt, in the same location as ComboFix.exe, namely on your desktop.

Then go to
  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:
    ComboFix " c:\documents and settings\B M Jaffar Ali\Desktop\CFscript.txt"
  • ComboFix will start to run.
If you do not have the run-command in your Start menu:
Please right click on your taskbar, select Properties, select the Start Menu tab, click on Customize and tick the Display Run checkbox and click OK.



When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Afterwards
  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:
    ipconfig /flushdns
  • Let me know if you can access the site from Kaspersky now.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 B.M.Jaffr Ali

B.M.Jaffr Ali
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chennai, India.
  • Local time:01:04 AM

Posted 13 March 2010 - 10:16 AM

Hi Mytri,

I did the latest combofix properly. Still kaspersky website is not accessible. Getting the following standard reply for any combination involving kaspersky.

"You tried to access the address http://www.kaspersky.com/trials, which is currently unavailable. Please make sure that the Web address (URL) is correctly spelled and punctuated, then try reloading the page."

------
ComboFix 10-03-12.02 - B M Jaffar Ali 03/13/2010 20:32:29.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1270.929 [GMT 5.5:30]
Running from: c:\documents and settings\B M Jaffar Ali\Desktop\ComboFix.exe
Command switches used :: CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2010-02-13 to 2010-03-13 )))))))))))))))))))))))))))))))
.

2010-03-12 06:52 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-03-12 06:52 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-03-12 06:52 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-03-12 06:52 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-03-12 06:51 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-03-10 13:17 . 2010-03-10 13:17 -------- d-----w- C:\_OTL
2010-03-10 07:29 . 2010-03-10 07:29 -------- d-----w- C:\PFiles
2010-03-03 01:21 . 2010-03-03 01:29 -------- d-----w- c:\documents and settings\B M Jaffar Ali\Local Settings\Application Data\Cimaware
2010-02-24 09:45 . 2010-02-24 09:45 -------- d-----w- c:\documents and settings\B M Jaffar Ali\Local Settings\Application Data\VS Revo Group
2010-02-24 09:45 . 2009-12-30 05:50 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-02-24 09:42 . 2010-02-24 09:42 -------- d-----w- c:\documents and settings\B M Jaffar Ali\Local Settings\Application Data\Opera
2010-02-24 09:42 . 2010-02-24 09:42 -------- d-----w- c:\program files\Opera
2010-02-23 14:57 . 2010-02-23 14:57 -------- d-----w- c:\documents and settings\B M Jaffar Ali\Application Data\Malwarebytes
2010-02-23 14:57 . 2010-02-23 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-23 04:53 . 2010-02-23 06:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-02-22 09:15 . 2010-02-22 09:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 10:49 . 2009-03-19 09:26 44384 ----a-w- c:\documents and settings\B M Jaffar Ali\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-04 13:36 . 2009-06-02 15:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-24 09:45 . 2009-06-05 10:31 -------- d-----w- c:\program files\VS Revo Group
2010-02-24 09:39 . 2009-03-18 18:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-16 09:13 . 2009-05-14 12:28 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-31 16:50 . 2004-08-03 17:44 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:21 . 2004-08-03 19:26 667136 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2004-08-03 19:26 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-16 18:43 . 2009-03-18 15:43 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-03 19:26 33280 ----a-w- c:\windows\system32\csrsrv.dll
2004-10-01 09:30 . 2009-03-31 08:11 118784 ----a-w- c:\program files\Uninstall_CDS.exe
2001-11-30 13:56 . 2001-11-30 13:56 98304 ----a-w- c:\program files\internet explorer\plugins\LVActiveXControl.dll
2009-06-05 09:30 . 2009-05-25 06:40 360480 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-05 09:30 . 2009-05-25 06:40 40480 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((( SnapShot_2010-03-13_07.06.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-13 15:04 . 2010-03-13 15:04 16384 c:\windows\temp\Perflib_Perfdata_ff4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe [2009-10-25 121344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-03-03 11:18 110592 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Adobe\\Acrobat 4.0\\Distillr\\AcroTray.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\ZCfgSvc.exe"=
"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\AcroRd32Info.exe"=
"c:\\WINDOWS\\system32\\cmd.exe"=

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/3/2002 12:09 AM 31504]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/24/2010 3:15 PM 27064]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: kaspersky.com\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-13 20:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2052111302-1935655697-839522115-1003\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:7c,4b,f3,c5,6b,0f,3a,c3,eb,7d,57,cd,7f,80,6a,5d,45,f1,e5,af,
71,e7,b7,a8,f8,d9,cb,10,df,ff,3f,3a,73,3b,87,c0,0e,61,0f,40,a4,f8,60,bb,65,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\LgNotify.dll
.
Completion time: 2010-03-13 20:36:30
ComboFix-quarantined-files.txt 2010-03-13 15:06
ComboFix2.txt 2010-03-13 07:52
ComboFix3.txt 2010-03-13 07:09
ComboFix4.txt 2010-03-12 06:47

Pre-Run: 10,652,758,016 bytes free
Post-Run: 10,638,401,536 bytes free

- - End Of File - - 80209611D4CA6E7812BC13A18EDC92CD





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users