DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by raghuvir.s at 11:54:00 on 2012-12-19 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.740 [GMT 5.5:30] . AV: Kaspersky Anti-Virus *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Anti-Virus *Enabled* . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe C:\WINDOWS\system32\hasplms.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe C:\Program Files\BUFFALO\Backup_Utility\BUTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Everything\Everything.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://google.com/ uWindow Title = Internet Explorer, optimized for Bing and MSN uDefault_Page_URL = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.google.com mDefault_Page_URL = hxxp://www.google.com uProxyServer = 172.16.10.15:8080 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com mCustomizeSearch = hxxp://www.google.com uURLSearchHooks: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: MG Suggestor: {429D37EE-1709-412e-A210-A81A65D56C88} - c:\program files\mg suggestor\MGSuggestor.dll BHO: DIALux 3.1 ULDBrowserHelper Class: {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - c:\program files\dialux\DLXShellExtension.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: Proxy Help: {F386E548-C533-472E-8C61-C026FB14FEA9} - c:\windows\system32\Newtabs_v9.dll TB: Freecorder 6: {6B34ACCF-1B63-4E1A-8633-461917C75544} - c:\program files\freecorder 6\tbcore3.dll TB: Freecorder 6: {6B34ACCF-1B63-4E1A-8633-461917C75544} - c:\program files\freecorder 6\tbcore3.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\avp.exe" mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe mRun: [Backup Utility TaskTray Tool] "c:\program files\buffalo\backup_utility\BUTray.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Everything] "c:\program files\everything\Everything.exe" -startup StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun_KL_notset = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\ie_banner_deny.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Free YouTube Download - c:\documents and settings\raghuvir.s.rspindia\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm IE: Free YouTube to iPod Converter - c:\documents and settings\raghuvir.s.rspindia\application data\dvdvideosoftiehelpers\freeyoutubetoipodconverter.htm IE: Free YouTube to MP3 Converter - c:\documents and settings\raghuvir.s.rspindia\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 - IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {5E6D5FF7-A4CD-4d85-BB22-A429B57C5317} - {429D37EE-1709-412e-A210-A81A65D56C88} - c:\program files\mg suggestor\MGSuggestor.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 172.16.10.50 TCP: Interfaces\{58F55EA3-2AC7-4346-9217-5A9C8EA5C66F} : NameServer = 125.22.47.125 TCP: Interfaces\{58F55EA3-2AC7-4346-9217-5A9C8EA5C66F} : DHCPNameServer = 172.16.10.50 Handler: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - c:\program files\dialux\DLXToolBox.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: igfxcui - igfxdev.dll Notify: klogon - c:\windows\system32\klogon.dll AppInit_DLLs= SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\raghuvir.s.rspindia\application data\mozilla\firefox\profiles\1hdflggp.default\ FF - prefs.js: browser.search.selectedEngine - MyStart Search FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb165?a=6OyWsjTTsT&i=26 FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyWsjTTsT&&i=26&search= FF - prefs.js: network.proxy.ftp - 172.16.10.15 FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.http - 172.16.10.15 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - 172.16.10.15 FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - 172.16.10.15 FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\documents and settings\raghuvir.s.rspindia\application data\mozilla\firefox\profiles\1hdflggp.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\plugins\np-mswmp.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\funwebproducts\installr\2.bin\NPFUNWEB.DLL FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll FF - ExtSQL: 2012-12-03 12:47; {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9}; c:\documents and settings\raghuvir.s.rspindia\application data\mozilla\firefox\profiles\1hdflggp.default\extensions\{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} FF - ExtSQL: 2012-12-07 15:59; ffxtlbr@incredibar.com; c:\documents and settings\raghuvir.s.rspindia\application data\mozilla\firefox\profiles\1hdflggp.default\extensions\ffxtlbr@incredibar.com . ---- FIREFOX POLICIES ---- FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyWsjTTsT&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 709d732e000000000000001641efd63b FF - user.js: extensions.incredibar_i.instlDay - 15681 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1415:59:31 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6OyWsjTTsT FF - user.js: extensions.incredibar_i.upn2n - 92262579812891987 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10665 FF - user.js: extensions.incredibar_i.ppd - . ============= SERVICES / DRIVERS =============== . R0 BFRD4G;BUFFALO RAM Disk Driver;c:\windows\system32\drivers\BFRD4G.sys [2011-7-29 36344] R0 bftpdskc;BUFFALO TurboPC Cache Filter;c:\windows\system32\drivers\bftpdskc.sys [2012-6-8 41856] R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-11-12 126480] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-1-12 231512] R2 AVP;Kaspersky Anti-Virus 6.0;c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\avp.exe [2010-3-12 311680] R2 FileOpenManagerSvc;FileOpen Manager Service;c:\program files\fileopen\services\FileOpenManagerSvc32.exe [2012-4-30 213888] R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?] R2 klnagent;Kaspersky Lab Network Agent;c:\program files\kaspersky lab\networkagent 8\klnagent.exe [2010-10-20 141688] R2 MSSQL$SIZINGMSDE;SQL Server (SIZINGMSDE);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2007-2-10 29178224] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2009-9-3 24848] S3 bautopw;BUFFALO eco manager for HD Filter;c:\windows\system32\drivers\bautopw.sys [2012-11-28 7680] S3 bftpusbx;BUFFALO TurboPC USB Filter;c:\windows\system32\drivers\bftpusbx.sys [2012-6-8 11776] S3 DialComService;DIAL Communication Service;c:\program files\dial gmbh\dial communication framework\DialComService.exe [2011-2-14 1623552] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-6-4 36608] S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys --> c:\windows\system32\drivers\klim5.sys [?] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336] S4 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-2-28 14336] S4 BFBackupUtilityService;Backup Utility Service;c:\program files\buffalo\backup_utility\buservice.exe -service_execute --> c:\program files\buffalo\backup_utility\BUService.exe -Service_Execute [?] S4 BFBackupUtilityVSSService;Backup Utility VSS Service for Windows XP;c:\program files\buffalo\backup_utility\buvssservicexp.exe -service_execute --> c:\program files\buffalo\backup_utility\BUVSSServiceXP.exe -Service_Execute [?] . =============== File Associations =============== . FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1" . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2012-12-06 03:44:04 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-06 03:44:04 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-19 06:32:40 59 ----a-w- c:\windows\wpd99.drv 2012-11-19 06:32:39 51716 ----a-w- c:\windows\system32\pdf995mon.dll 2012-11-19 06:32:39 249856 ----a-w- c:\windows\system32\pdfmona.dll 2012-10-24 21:42:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-24 21:42:26 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-10-17 11:07:32 397312 ----a-w- c:\windows\system32\TubeFinder.exe 2011-08-18 07:03:54 454120 ----a-w- c:\program files\cnet_advdp_exe.exe . ============= FINISH: 12:00:46.14 ===============