Hi
Thank you for your help. The logs are as below :
Regards
Kumar
Gemini Paints
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-16 14:40:35
-----------------------------
14:40:35.812 OS Version: Windows 5.1.2600 Service Pack 2
14:40:35.812 Number of processors: 2 586 0xF0D
14:40:35.812 ComputerName: COMPAQ1 UserName: win
14:40:36.406 Initialize success
14:40:56.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
14:40:56.156 Disk 0 Vendor: WDC_WD1600AAJS-22PSA0 05.06H05 Size: 152627MB BusType: 3
14:40:56.156 Disk 0 MBR read successfully
14:40:56.156 Disk 0 MBR scan
14:40:56.156 Disk 0 Windows XP default MBR code
14:40:56.156 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38162 MB offset 63
14:40:56.156 Disk 0 Partition - 00 0F Extended LBA 114463 MB offset 78156225
14:40:56.171 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 38154 MB offset 78156288
14:40:56.171 Disk 0 Partition - 00 05 Extended 38154 MB offset 156296385
14:40:56.171 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 38154 MB offset 156296448
14:40:56.171 Disk 0 Partition - 00 05 Extended 38154 MB offset 312576705
14:40:56.203 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 38154 MB offset 234436608
14:40:56.203 Disk 0 scanning sectors +312576705
14:40:56.265 Disk 0 scanning C:\WINDOWS\system32\drivers
14:41:01.156 Service scanning
14:41:05.296 Service SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
14:41:05.359 Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
14:41:05.828 Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
14:41:05.843 Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
14:41:06.437 Modules scanning
14:41:21.671 Disk 0 trace - called modules:
14:41:21.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:41:21.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8652dab8]
14:41:21.687 3 CLASSPNP.SYS[f75c905b] -> nt!IofCallDriver -> \Device\00000068[0x86575ca0]
14:41:21.687 5 ACPI.sys[f745f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-6[0x8658ad98]
14:41:21.687 Scan finished successfully
14:41:32.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\win\Desktop\MBR.dat"
14:41:32.687 The log file has been saved successfully to "C:\Documents and Settings\win\Desktop\aswMBR.txt"
OTL logfile created on: 16/06/2012 2:44:41 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\win\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy
1015.29 Mb Total Physical Memory | 741.08 Mb Available Physical Memory | 72.99% Memory free
2.39 Gb Paging File | 1.99 Gb Available in Paging File | 83.46% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 25.44 Gb Free Space | 68.27% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 10.01 Gb Free Space | 26.88% Space Free | Partition Type: NTFS
Drive E: | 37.26 Gb Total Space | 34.03 Gb Free Space | 91.33% Space Free | Partition Type: NTFS
Drive F: | 37.26 Gb Total Space | 28.81 Gb Free Space | 77.32% Space Free | Partition Type: NTFS
Computer Name: COMPAQ1 | User Name: win | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/06/16 14:42:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\win\Desktop\OTL.exe
PRC - [2009/05/12 23:12:36 | 002,440,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/05/12 21:55:30 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/05/12 21:55:28 | 001,803,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/03/17 01:25:56 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/03/17 01:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/07/06 13:14:02 | 005,730,304 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
PRC - [2007/04/07 20:01:32 | 004,075,520 | ---- | M] (Gemini Paints) -- C:\Documents and Settings\win\Desktop\Inventory_new.exe
PRC - [2004/08/04 00:56:56 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\scrcons.exe
PRC - [2004/08/04 00:56:54 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ========== MOD - [2010/03/31 12:17:54 | 000,794,624 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPM1210GC.DLL
MOD - [2010/03/31 11:50:34 | 002,363,392 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpm1210su.dll
MOD - [2007/07/06 13:14:02 | 005,730,304 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Storm\update\%SESSIONNAME%\grrxv.cc3 -- (RemoteAccess)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\pylzsc.exe -- (Nationalwxf)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\abkby.exe -- (National2.0)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Update.dll -- (I33198453K)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Storm\update\%SESSIONNAME%\wdwed.cc3 -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\ProgramFiles\Debugswwsswwa.dll -- (DeBuGXssxXjrq)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\6to4ex.dll -- (6to4)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\Local User\360safe.dll -- (360svc)
SRV - [2012/06/10 11:09:06 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2009/05/12 23:12:36 | 002,440,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/05/12 21:55:28 | 001,803,592 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/03/20 19:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/03/17 01:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/03/17 01:25:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/02/01 22:43:02 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2007/07/06 13:14:02 | 005,730,304 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\win\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/05/30 13:30:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/30 13:30:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/15 13:30:00 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120617.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/15 13:30:00 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120617.009\NAVENG.SYS -- (NAVENG)
DRV - [2011/06/21 17:46:10 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2010/04/23 13:21:52 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/05/12 21:58:06 | 000,091,976 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/05/12 21:56:32 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/03/04 14:07:52 | 000,319,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/03/04 14:07:52 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/03/04 14:07:52 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/11/18 18:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/14 12:24:18 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/09/09 14:54:42 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/08/21 11:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2008/08/21 11:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2007/05/31 16:49:24 | 000,096,896 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/03/26 20:51:06 | 004,395,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/10/11 08:42:00 | 000,076,416 | R--- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2004/08/04 01:05:44 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.symantec....ponse/index.jsp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
http://search.msn.com/spbasic.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "
http://www.google.co.in/"FF - prefs.js..extensions.enabledItems:
[email protected]:1.2.0
FF - prefs.js..keyword.URL: "
http://search.babylo...01e90a59c06&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\5.bin\NPFunWeb.dll (Fun Web Products, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/10 11:09:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/21 15:06:49 | 000,000,000 | ---D | M]
[2010/09/28 12:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\win\Application Data\Mozilla\Extensions
[2012/04/30 16:30:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\win\Application Data\Mozilla\Firefox\Profiles\r8y1fqfb.default\extensions
[2011/12/17 16:00:21 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\win\Application Data\Mozilla\Firefox\Profiles\r8y1fqfb.default\extensions\
[email protected][2010/09/28 12:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/10 11:09:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/17 15:59:44 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/02/21 15:06:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/21 15:06:44 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2001/08/23 17:30:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [smss] C:\Program Files\smss.exe File not found
O4 - HKLM..\Run: [Yahoo Messenger] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://windowsupdate...b?1324612835078 (WUWebControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8707D81-75E1-4A8F-8B83-DE6EBF49720A}: NameServer = 203.145.184.13,203.145.184.32
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () -
http://l.yimg.com/zz...h-min-265196.jsO24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O27 - HKLM IFEO\AYAgent.aye: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\AYAgentSrv.aye: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\AYRTSrv.aye: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\AYScanner.aye: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\AYUpdSrv.aye: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\egui.exe: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\ekrn.exe: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\V3PScan.exe: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\V3SP.exe: Debugger - c:\windows\system32\altv.exe File not found
O27 - HKLM IFEO\V3Svc.exe: Debugger - c:\windows\system32\altv.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/23 10:50:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4045eeba-54e8-11df-9ce7-001e90a59c06}\Shell - "" = AutoRun
O33 - MountPoints2\{4045eeba-54e8-11df-9ce7-001e90a59c06}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4045eeba-54e8-11df-9ce7-001e90a59c06}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{4045eebd-54e8-11df-9ce7-001e90a59c06}\Shell\AutoRun\command - "" = H:\ROOT\SYSTEM\MaY.exe
O33 - MountPoints2\{4045eebd-54e8-11df-9ce7-001e90a59c06}\Shell\open\command - "" = H:\ROOT\SYSTEM\MaY.exe
O33 - MountPoints2\{4cad76b8-b0cd-11df-9e92-001e90a59c06}\Shell\AutoRun\command - "" = H:\wMhNPu.eXE
O33 - MountPoints2\{4cad76b8-b0cd-11df-9e92-001e90a59c06}\Shell\OPeN\comMANd - "" = H:\WmhNPu.Exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - C:\WINDOWS\system32\6to4ex.dll File not found
NetSvcs: HidServ - C:\Documents and Settings\All Users\Application Data\Storm\update\%SESSIONNAME%\wdwed.cc3 File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Remoteaccess - C:\Documents and Settings\All Users\Application Data\Storm\update\%SESSIONNAME%\grrxv.cc3 File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: 360svc - C:\Documents and Settings\Local User\360safe.dll File not found
NetSvcs: netsvcs_0x0 - File not found
NetSvcs: netsvcs_0x1 - File not found
NetSvcs: netsvcs_0x2 - File not found
NetSvcs: netsvcs_0x3 - File not found
NetSvcs: netsvcs_0x4 - File not found
NetSvcs: netsvcs_0x5 - File not found
NetSvcs: netsvcs_0x6 - File not found
NetSvcs: netsvcs_0x7 - File not found
NetSvcs: netsvcs_0x8 - File not found
NetSvcs: netsvcs_0x9 - File not found
NetSvcs: netsvcs_0x10 - File not found
NetSvcs: netsvcs_0x11 - File not found
NetSvcs: netsvcs_0x12 - File not found
NetSvcs: DeBuGXssxXjrq - C:\ProgramFiles\Debugswwsswwa.dll File not found
NetSvcs: netsvcs_0x13 - File not found
NetSvcs: netsvcs_0x14 - File not found
NetSvcs: netsvcs_0x15 - File not found
NetSvcs: netsvcs_0x16 - File not found
NetSvcs: netsvcs_0x17 - File not found
NetSvcs: netsvcs_0x18 - File not found
NetSvcs: netsvcs_0x19 - File not found
NetSvcs: netsvcs_0x20 - File not found
NetSvcs: netsvcs_0x21 - File not found
NetSvcs: netsvcs_0x22 - File not found
NetSvcs: netsvcs_0x23 - File not found
NetSvcs: netsvcs_0x24 - File not found
NetSvcs: netsvcs_0x25 - File not found
NetSvcs: netsvcs_0x26 - File not found
NetSvcs: netsvcs_0x27 - File not found
NetSvcs: netsvcs_0x28 - File not found
NetSvcs: netsvcs_0x29 - File not found
NetSvcs: netsvcs_0x30 - File not found
NetSvcs: netsvcs_0x31 - File not found
NetSvcs: netsvcs_0x32 - File not found
NetSvcs: netsvcs_0x33 - File not found
NetSvcs: netsvcs_0x34 - File not found
NetSvcs: netsvcs_0x35 - File not found
NetSvcs: netsvcs_0x36 - File not found
NetSvcs: netsvcs_0x37 - File not found
NetSvcs: netsvcs_0x38 - File not found
NetSvcs: netsvcs_0x39 - File not found
NetSvcs: netsvcs_0x40 - File not found
NetSvcs: netsvcs_0x41 - File not found
NetSvcs: netsvcs_0x42 - File not found
NetSvcs: netsvcs_0x43 - File not found
NetSvcs: netsvcs_0x44 - File not found
NetSvcs: netsvcs_0x45 - File not found
NetSvcs: netsvcs_0x46 - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2012/06/16 14:42:31 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\win\Desktop\OTL.exe
[2012/06/16 14:40:26 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\win\Desktop\aswMBR.exe
[2012/06/13 21:24:04 | 000,188,416 | ---- | C] (Sogou.com Inc.) -- C:\18181.exe
[2012/06/11 21:35:51 | 000,112,060 | ---- | C] (深圳市迅雷网络技术有限公司) -- C:\11188.exe
[2012/06/11 19:16:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\191641
[2012/06/11 18:55:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\XXXXXX2157070F
[2012/06/11 12:24:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\tt
[2012/06/11 12:24:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\kk
[2012/06/11 12:24:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\bb
[2012/06/10 11:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/10 11:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2012/06/17 11:05:30 | 000,665,987 | ---- | M] () -- C:\brirish bang.JPG
[2012/06/17 08:46:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/17 08:45:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/16 14:42:45 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\win\Desktop\OTL.exe
[2012/06/16 14:41:32 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\win\Desktop\MBR.dat
[2012/06/16 14:40:26 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\win\Desktop\aswMBR.exe
[2012/06/16 12:31:53 | 000,003,375 | ---- | M] () -- C:\Report.html
[2012/06/13 21:24:04 | 000,188,416 | ---- | M] (Sogou.com Inc.) -- C:\18181.exe
[2012/06/12 10:42:48 | 000,007,084 | ---- | M] () -- C:\WINDOWS\System32\2157070F.key
[2012/06/12 09:46:53 | 000,081,920 | ---- | M] () -- C:\boot1.exe
[2012/06/12 09:41:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Default
[2012/06/11 23:56:05 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\2157070F
[2012/06/11 22:48:41 | 000,155,910 | ---- | M] () -- C:\WINDOWS\System32\803881AD.key
[2012/06/11 21:35:51 | 000,112,060 | ---- | M] (深圳市迅雷网络技术有限公司) -- C:\11188.exe
[2012/06/11 10:53:13 | 000,000,208 | ---- | M] () -- C:\WINDOWS\POD.INI
[2012/05/28 08:25:57 | 059,000,832 | ---- | M] () -- C:\paint195.mdb
[2012/05/23 23:07:39 | 000,000,001 | ---- | M] () -- C:\33061.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== File not found -- C:\WINDOWS\NewArea.exe
[2012/06/17 11:05:29 | 000,665,987 | ---- | C] () -- C:\brirish bang.JPG
[2012/06/16 14:41:32 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\win\Desktop\MBR.dat
[2012/06/12 09:46:53 | 000,081,920 | ---- | C] () -- C:\boot1.exe
[2012/06/12 09:41:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Default
[2012/06/11 19:49:41 | 000,007,084 | ---- | C] () -- C:\WINDOWS\System32\2157070F.key
[2012/06/11 18:55:42 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\2157070F
[2012/06/11 12:01:10 | 000,155,910 | ---- | C] () -- C:\WINDOWS\System32\803881AD.key
[2012/05/23 23:07:39 | 000,000,001 | ---- | C] () -- C:\33061.exe
[2012/05/20 09:54:52 | 059,000,832 | ---- | C] () -- C:\paint195.mdb
[2012/03/07 14:44:10 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\xml13659.dll
[2011/12/25 10:39:47 | 000,102,400 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.ADODB.dll
[2011/12/25 10:39:47 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.DAO.dll
[2011/12/25 10:39:47 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.MSFlexGridLib.dll
[2011/12/25 10:39:47 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll
[2011/12/25 10:39:47 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AxInterop.MSFlexGridLib.dll
[2011/12/25 10:39:47 | 000,014,848 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.MSScriptControl.dll
[2011/12/25 10:39:47 | 000,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.VBA.dll
[2011/12/25 10:39:47 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.JRO.dll
[2011/12/25 10:39:47 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\mscorlib.dll
[2011/11/30 17:06:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\amd.dll
[2011/06/05 11:57:29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/05 11:57:28 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\win\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/24 14:16:43 | 002,247,450 | ---- | C] () -- C:\WINDOWS\System32\keyboar.dat
[2011/02/27 10:01:17 | 000,065,595 | ---- | C] () -- C:\Program Files\Donvert2.exe
[2011/02/23 13:26:00 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\win\Application Data\a.exe
[2010/09/28 12:49:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/31 23:18:11 | 000,003,733 | ---- | C] () -- C:\WINDOWS\System32\perfc008.dat
[2010/08/13 16:59:11 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/06/19 00:41:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\sys.dll
========== LOP Check ========== [2011/12/17 15:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/12/17 16:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/12/17 15:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2010/09/25 19:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Storm
[2011/04/11 18:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\win\Application Data\Aventail
[2011/12/17 15:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\win\Application Data\Babylon
[2011/12/18 11:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\win\Application Data\MySQL
[2011/06/06 15:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\win\Application Data\TeamViewer
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe >[2012/06/11 21:35:51 | 000,112,060 | ---- | M] (深圳市迅雷网络技术有限公司) -- C:\11188.exe
[2012/06/13 21:24:04 | 000,188,416 | ---- | M] (Sogou.com Inc.) -- C:\18181.exe
[2012/05/23 23:07:39 | 000,000,001 | ---- | M] () -- C:\33061.exe
[2012/06/12 09:46:53 | 000,081,920 | ---- | M] () -- C:\boot1.exe
[2007/04/07 20:01:32 | 004,075,520 | ---- | M] (Gemini Paints) -- C:\Inventory_new.exe
[2010/08/12 21:28:26 | 000,903,364 | RHS- | M] () -- C:\sgnshp.exe
[2011/03/31 16:54:43 | 003,269,184 | ---- | M] (TeamViewer GmbH) -- C:\TeamViewer_Setup_en.exe
[2010/08/20 12:20:57 | 000,176,128 | ---- | M] () -- C:\upload.exe
[2006/02/28 16:33:27 | 000,570,868 | RHS- | M] () -- C:\xxhoju.exe
< MD5 for: EXPLORER.EXE >[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: SERVICES >[2001/08/23 17:30:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
< MD5 for: SERVICES.EXE >[2004/08/04 00:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\system32\dllcache\services.exe
[2004/08/04 00:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\system32\services.exe
< MD5 for: SERVICES.LNK >[2010/04/23 10:50:53 | 000,001,602 | ---- | M] () MD5=D881EEEE4F02DBFE0A350DD3C86A28BC -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
< MD5 for: SERVICES.MSC >[2001/08/23 17:30:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc
< MD5 for: SVCHOST.EXE >[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: USERINIT.EXE >[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
< >< End of report >
OTL Extras logfile created on: 16/06/2012 2:44:41 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\win\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy
1015.29 Mb Total Physical Memory | 741.08 Mb Available Physical Memory | 72.99% Memory free
2.39 Gb Paging File | 1.99 Gb Available in Paging File | 83.46% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 25.44 Gb Free Space | 68.27% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 10.01 Gb Free Space | 26.88% Space Free | Partition Type: NTFS
Drive E: | 37.26 Gb Total Space | 34.03 Gb Free Space | 91.33% Space Free | Partition Type: NTFS
Drive F: | 37.26 Gb Total Space | 28.81 Gb Free Space | 77.32% Space Free | Partition Type: NTFS
Computer Name: COMPAQ1 | User Name: win | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3306:TCP" = 3306:TCP:*:Enabled:Mysql
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40A07E01-709A-4C88-9A0C-25473E778497}" = GEMINISETUP
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"{7635D07D-B727-496F-94CA-8AC60E0C40CE}" = Microsoft Report Viewer Redistributable 2005
"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)
"{8AA037A8-E104-493A-A962-8D58535A0198}" = MySQL Server 5.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{98FA9751-E7E0-4509-BE22-0E66BE8592B4}" = MySQL Tools for 5.0
"{9B0B46B3-10DF-4ADA-9501-0129D784563D}" = Aventail Web Proxy Agent
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{D689B418-235A-4290-A0A5-A75E490E0351}" = Symantec Endpoint Protection
"{DA1A4DBF-48A1-4ABE-8890-DD60DF92B498}" = MySQL Connector/ODBC 3.51
"{EFBB2251-22CC-4484-9B49-07ED25248CB6}" = MySQL Connector Net 5.0.6
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DreamCoder for MySQL Free Edition_is1" = DreamCoder for MySQL 4.2
"HDMI" = Intel® Graphics Media Accelerator Driver
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"MosChip Technology" = MosChip Multi-IO Controller
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"ST6UNST #1" = Gemini Inventory System
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 1.0.1
"WinZip" = WinZip
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"c895048403dc6db3" = GEMINI
"fa33ce86aa49d492" = GEMINI - 1
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 15/06/2012 12:16:38 AM | Computer Name = COMPAQ1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Backdoor.Nitol in File: Unavailable by: Startup
scan. Action: Delete failed : Leave Alone failed. Action Description:
Error - 15/06/2012 11:44:15 AM | Computer Name = COMPAQ1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Downloader in File: C:\WINDOWS\amd.dll by: Auto-Protect
scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.
Error - 15/06/2012 11:44:25 AM | Computer Name = COMPAQ1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Downloader in File: C:\WINDOWS\amd.dll by: Auto-Protect
scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.
Error - 15/06/2012 2:16:56 PM | Computer Name = COMPAQ1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Downloader in File: C:\WINDOWS\amd.dll by: Auto-Protect
scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.
Error - 15/06/2012 2:17:52 PM | Computer Name = COMPAQ1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Downloader in File: C:\WINDOWS\amd.dll by: Auto-Protect
scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.
Error - 16/06/2012 11:16:14 PM | Computer Name = COMPAQ1 | Source = MySQL | ID = 100
Description = Can't open shared library 'amd.dll' (errno: 0 ) For more information,
see Help and Support Center at
http://www.mysql.com. Error - 16/06/2012 11:16:14 PM | Computer Name = COMPAQ1 | Source = MySQL | ID = 100
Description = Can't open shared library 'C:FZ.dll' (errno: 0 ) For more information,
see Help and Support Center at
http://www.mysql.com. Error - 16/06/2012 11:16:14 PM | Computer Name = COMPAQ1 | Source = MySQL | ID = 100
Description = Can't open shared library 'sql.dll' (errno: 0 ) For more information,
see Help and Support Center at
http://www.mysql.com. Error - 16/06/2012 5:07:02 AM | Computer Name = COMPAQ1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.2180, fault address 0x00052d7d.
Error - 16/06/2012 5:20:09 AM | Computer Name = COMPAQ1 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Panddos in File: C:\WINDOWS\NewArea.exe
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.
[ System Events ]
Error - 15/06/2012 12:17:23 AM | Computer Name = COMPAQ1 | Source = Service Control Manager | ID = 7023
Description = The Microsoft Device Mana service terminated with the following error:
%%126
Error - 15/06/2012 12:17:23 AM | Computer Name = COMPAQ1 | Source = Service Control Manager | ID = 7023
Description = The Microsoft Device ManagwsxerXsX service terminated with the following
error: %%126
Error - 15/06/2012 12:17:23 AM | Computer Name = COMPAQ1 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126
Error - 15/06/2012 12:17:23 AM | Computer Name = COMPAQ1 | Source = Service Control Manager | ID = 7023
Description = The Routing and Remote Access service terminated with the following
error: %%126
Error - 16/06/2012 11:17:40 PM | Computer Name = COMPAQ1 | Source = Service Control Manager | ID = 7023
Description = The Microsoft Device Managerjuiouou1 service terminated with the following
error: %%126
Error - 16/06/2012 11:17:40 PM | Computer Name = COMPAQ1 | Source = Service Control Manager | ID = 7023
Description = The Microsoft Device Manager service terminated with the following
error: %%126
Error - 16/06/2012 11:17:40 PM | Computer Name = COMPAQ1 | Source = Service Control Manager | ID = 7023
Description = The Microsoft Device ManagwsxerXsX service terminated with the following
error: %%126
Error - 16/06/2012 11:17:40 PM | Computer Name = COMPAQ1 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126
Error - 16/06/2012 11:17:40 PM | Computer Name = COMPAQ1 | Source = Service Control Manager | ID = 7023
Description = The Microsoft Device Mana service terminated with the following error:
%%126
Error - 16/06/2012 11:17:40 PM | Computer Name = COMPAQ1 | Source = Service Control Manager | ID = 7023
Description = The Routing and Remote Access service terminated with the following
error: %%126
< End of report >