sribashyam
2013-09-01, 14:49
Dear Expert,
I am using a Lenovo All-in-One PC running Win XP SP3, 2 GB RAM.. I have a Seagate FreeAgent 1TB external HDD connected to this computer which has all the media files predominantely jpegs.
Suddenly, the 1st level of folders and files inside my external HDD are hidden but all the other files and sub-folders are properly visible. Even after altering their hidden status through the command prompt command - "attrib....." once the computer gets restarted they become hidden again.
Kindly help me to get out of this problem. I did the DDS log and aswmr logs and backed up the registry using ERUNT and finally also cleaned the system using Spybot Search & Destroy application which cleared quite a handful of issues, except some issues relating to Babylon Toolbar..
Please find DDS Log below for your reference....
DDS LOG....
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by WORKS at 5:32:45 on 2013-09-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1304 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\WORKS\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Movies Toolbar\SafetyNut\SafetyNutManager.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\jmesoft\hotkey.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Movies Toolbar\SafetyNut\safetynut.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://indiasearcher.in/r.asp#
uDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
mStart Page = hxxp://indiasearcher.in/r.asp#
mSearch Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Page_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Search_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uURLSearchHooks: UsProvider Class: {539F76FD-084E-4858-86D5-62F02F54AE86} - c:\program files\minibar\Minibar.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Movies Toolbar (Dist. by Somoto Ltd.): {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - c:\program files\movies toolbar\safetynut\srtool~1\ie\searchresultsDx.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\ips\IPSBHO.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\works\application data\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: MinibarBHO: {AA74D58F-ACD0-450D-A85E-6C04B171C044} - c:\program files\minibar\Minibar.dll
TB: Movies Toolbar (Dist. by Somoto Ltd.): {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - c:\program files\movies toolbar\safetynut\srtool~1\ie\searchresultsDx.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Softonic for Windows] "h:\softonic\Softonic.exe" -minimize
uRun: [51f3] c:\documents and settings\works\application data\47e\51f3.js
uRun: [NTRedirect] c:\windows\system32\rundll32.exe "c:\documents and settings\works\application data\babsolution\shared\enhancedNT.dll",Run
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [jmekey] c:\program files\jmesoft\hotkey.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Yahoo Messenger] <no file>
StartupFolder: c:\documents and settings\works\start menu\programs\startup\07b.js
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\07b.js
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDriveAutoRun = dword:0
uPolicies-Explorer: NoWindowsUpdate = 1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - c:\program files\minibar\Minibar.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1347200712011
TCP: Interfaces\{3FDB8253-FDAF-49B7-B34C-D969FCBB237D} : NameServer = 192.168.1.100
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
Notify: SEP - c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\WinLogoutNotifier.dll
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\wincert\win32c~1.dll c:\progra~1\movies~1\safety~1\safety~2.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\SymDS.sys [2011-6-17 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\SymEFA.sys [2011-6-17 756856]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\bashdefs\20130822.011\BHDrvx86.sys [2013-8-28 1002072]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\Ironx86.sys [2011-6-17 136312]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\works\application data\defaulttab\defaulttab\DTUpdate.exe [2013-8-16 107520]
R2 SafetyNutManager;SafetyNut Manager;c:\program files\movies toolbar\safetynut\SafetyNutManager.exe [2013-8-26 3394056]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-9-1 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-9-1 1033688]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\ccSvcHst.exe [2011-6-17 137224]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-8-28 108120]
R3 FEIExpress;Intel(R) 10/100 Network Connection Driver;c:\windows\system32\drivers\fei5132.sys [2009-10-2 158408]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\ipsdefs\20130830.001\IDSXpx86.sys [2013-8-31 373728]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\virusdefs\20130831.007\NAVENG.SYS [2013-8-31 93272]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\virusdefs\20130831.007\NAVEX15.SYS [2013-8-31 1612376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-9-1 171928]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-8-3 1691480]
S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\SyDvCtrl32.sys [2011-6-17 23984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\ct_ztemt_u_usbser.sys --> c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [?]
.
=============== File Associations ===============
.
ShellExec: hpqpssp.exe: Open=c:\program files\hp\digital imaging\bin\hpqpssp.exe
ShellExec: hpqpstp.exe: Open=c:\program files\hp\digital imaging\bin\hpqpstp.exe
.
=============== Created Last 30 ================
.
2013-09-01 11:31:52 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-09-01 11:31:34 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-09-01 11:31:24 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-08-31 23:15:53 -------- d-sh--w- c:\documents and settings\works\IECompatCache
2013-08-26 21:07:10 -------- d-----w- c:\documents and settings\works\AppData
2013-08-26 20:38:30 -------- d-----w- c:\documents and settings\works\local settings\application data\AppsHat Mobile Apps
2013-08-26 20:38:15 -------- d-----w- c:\program files\Minibar
2013-08-26 20:38:14 -------- d-----w- c:\documents and settings\works\local settings\application data\Minibar
2013-08-26 20:37:56 -------- d-----w- c:\documents and settings\all users\application data\Wincert
2013-08-26 20:37:42 -------- d-----w- c:\documents and settings\works\application data\somotomoviestoolbar1
2013-08-26 20:37:28 -------- d-----w- c:\program files\Movies Toolbar
2013-08-26 20:37:27 -------- d-----w- c:\documents and settings\all users\application data\SafetyNut
2013-08-24 22:58:37 -------- d-----w- C:\My Music
2013-08-24 22:39:20 344064 ----a-w- c:\windows\system32\msvcr70.dll
2013-08-24 22:39:20 -------- d-----w- c:\program files\Weeny Free Audio Cutter
2013-08-22 19:28:07 -------- d-sh--w- c:\program files\58e
2013-08-22 19:28:07 -------- d-sh--w- c:\documents and settings\works\application data\47e
2013-08-22 19:28:07 -------- d-sh--w- C:\46f1
2013-08-16 20:49:18 -------- d-----w- c:\documents and settings\works\local settings\application data\avgchrome
2013-08-16 20:47:01 -------- d--h--w- c:\windows\system32\GroupPolicy
2013-08-16 20:46:56 -------- d-----w- c:\documents and settings\works\application data\DefaultTab
.
==================== Find3M ====================
.
2013-08-16 21:01:23 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-08-16 21:01:23 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-07-31 12:39:33 715038 ----a-w- c:\windows\unins000.exe
.
============= FINISH: 5:33:28.35 ===============
aswMBR LOG.....
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-01 05:33:43
-----------------------------
05:33:43.156 OS Version: Windows 5.1.2600 Service Pack 3
05:33:43.156 Number of processors: 4 586 0x1C0A
05:33:43.156 ComputerName: WORKS UserName: WORKS
05:33:43.906 Initialize success
05:33:51.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
05:33:51.515 Disk 0 Vendor: ST9500325AS 0010LVM1 Size: 476940MB BusType: 3
05:33:51.703 Disk 0 MBR read successfully
05:33:51.703 Disk 0 MBR scan
05:33:51.703 Disk 0 Windows XP default MBR code
05:33:51.703 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99998 MB offset 63
05:33:51.703 Disk 0 Partition - 00 0F Extended LBA 376939 MB offset 204796620
05:33:51.781 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 376939 MB offset 204796683
05:33:51.812 Disk 0 scanning sectors +976768065
05:33:52.000 Disk 0 scanning C:\WINDOWS\system32\drivers
05:34:00.328 Service scanning
05:34:11.375 Modules scanning
05:34:16.875 Disk 0 trace - called modules:
05:34:16.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
05:34:16.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6c8ab8]
05:34:16.890 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000071[0x8a6f5930]
05:34:16.890 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a695940]
05:34:16.890 Scan finished successfully
05:34:23.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\WORKS\Desktop\MBR.dat"
05:34:23.234 The log file has been saved successfully to "C:\Documents and Settings\WORKS\Desktop\aswMBR.txt"
Hope I have given all the information to you as per your request to participate in this forum...Looking forward to your timely help.
Thanks in advance....
Sribashyam
I am using a Lenovo All-in-One PC running Win XP SP3, 2 GB RAM.. I have a Seagate FreeAgent 1TB external HDD connected to this computer which has all the media files predominantely jpegs.
Suddenly, the 1st level of folders and files inside my external HDD are hidden but all the other files and sub-folders are properly visible. Even after altering their hidden status through the command prompt command - "attrib....." once the computer gets restarted they become hidden again.
Kindly help me to get out of this problem. I did the DDS log and aswmr logs and backed up the registry using ERUNT and finally also cleaned the system using Spybot Search & Destroy application which cleared quite a handful of issues, except some issues relating to Babylon Toolbar..
Please find DDS Log below for your reference....
DDS LOG....
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by WORKS at 5:32:45 on 2013-09-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1304 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\WORKS\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Movies Toolbar\SafetyNut\SafetyNutManager.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\jmesoft\hotkey.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Movies Toolbar\SafetyNut\safetynut.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://indiasearcher.in/r.asp#
uDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
mStart Page = hxxp://indiasearcher.in/r.asp#
mSearch Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Page_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Search_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uURLSearchHooks: UsProvider Class: {539F76FD-084E-4858-86D5-62F02F54AE86} - c:\program files\minibar\Minibar.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Movies Toolbar (Dist. by Somoto Ltd.): {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - c:\program files\movies toolbar\safetynut\srtool~1\ie\searchresultsDx.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\ips\IPSBHO.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\works\application data\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: MinibarBHO: {AA74D58F-ACD0-450D-A85E-6C04B171C044} - c:\program files\minibar\Minibar.dll
TB: Movies Toolbar (Dist. by Somoto Ltd.): {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - c:\program files\movies toolbar\safetynut\srtool~1\ie\searchresultsDx.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Softonic for Windows] "h:\softonic\Softonic.exe" -minimize
uRun: [51f3] c:\documents and settings\works\application data\47e\51f3.js
uRun: [NTRedirect] c:\windows\system32\rundll32.exe "c:\documents and settings\works\application data\babsolution\shared\enhancedNT.dll",Run
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [jmekey] c:\program files\jmesoft\hotkey.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Yahoo Messenger] <no file>
StartupFolder: c:\documents and settings\works\start menu\programs\startup\07b.js
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\07b.js
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDriveAutoRun = dword:0
uPolicies-Explorer: NoWindowsUpdate = 1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - c:\program files\minibar\Minibar.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1347200712011
TCP: Interfaces\{3FDB8253-FDAF-49B7-B34C-D969FCBB237D} : NameServer = 192.168.1.100
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
Notify: SEP - c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\WinLogoutNotifier.dll
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\wincert\win32c~1.dll c:\progra~1\movies~1\safety~1\safety~2.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\SymDS.sys [2011-6-17 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\SymEFA.sys [2011-6-17 756856]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\bashdefs\20130822.011\BHDrvx86.sys [2013-8-28 1002072]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c01029f\136b.105\x86\Ironx86.sys [2011-6-17 136312]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\works\application data\defaulttab\defaulttab\DTUpdate.exe [2013-8-16 107520]
R2 SafetyNutManager;SafetyNut Manager;c:\program files\movies toolbar\safetynut\SafetyNutManager.exe [2013-8-26 3394056]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-9-1 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-9-1 1033688]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\ccSvcHst.exe [2011-6-17 137224]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-8-28 108120]
R3 FEIExpress;Intel(R) 10/100 Network Connection Driver;c:\windows\system32\drivers\fei5132.sys [2009-10-2 158408]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\ipsdefs\20130830.001\IDSXpx86.sys [2013-8-31 373728]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\virusdefs\20130831.007\NAVENG.SYS [2013-8-31 93272]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.671.4971.105\data\definitions\virusdefs\20130831.007\NAVEX15.SYS [2013-8-31 1612376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-9-1 171928]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-8-3 1691480]
S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\SyDvCtrl32.sys [2011-6-17 23984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\ct_ztemt_u_usbser.sys --> c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [?]
.
=============== File Associations ===============
.
ShellExec: hpqpssp.exe: Open=c:\program files\hp\digital imaging\bin\hpqpssp.exe
ShellExec: hpqpstp.exe: Open=c:\program files\hp\digital imaging\bin\hpqpstp.exe
.
=============== Created Last 30 ================
.
2013-09-01 11:31:52 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-09-01 11:31:34 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-09-01 11:31:24 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-08-31 23:15:53 -------- d-sh--w- c:\documents and settings\works\IECompatCache
2013-08-26 21:07:10 -------- d-----w- c:\documents and settings\works\AppData
2013-08-26 20:38:30 -------- d-----w- c:\documents and settings\works\local settings\application data\AppsHat Mobile Apps
2013-08-26 20:38:15 -------- d-----w- c:\program files\Minibar
2013-08-26 20:38:14 -------- d-----w- c:\documents and settings\works\local settings\application data\Minibar
2013-08-26 20:37:56 -------- d-----w- c:\documents and settings\all users\application data\Wincert
2013-08-26 20:37:42 -------- d-----w- c:\documents and settings\works\application data\somotomoviestoolbar1
2013-08-26 20:37:28 -------- d-----w- c:\program files\Movies Toolbar
2013-08-26 20:37:27 -------- d-----w- c:\documents and settings\all users\application data\SafetyNut
2013-08-24 22:58:37 -------- d-----w- C:\My Music
2013-08-24 22:39:20 344064 ----a-w- c:\windows\system32\msvcr70.dll
2013-08-24 22:39:20 -------- d-----w- c:\program files\Weeny Free Audio Cutter
2013-08-22 19:28:07 -------- d-sh--w- c:\program files\58e
2013-08-22 19:28:07 -------- d-sh--w- c:\documents and settings\works\application data\47e
2013-08-22 19:28:07 -------- d-sh--w- C:\46f1
2013-08-16 20:49:18 -------- d-----w- c:\documents and settings\works\local settings\application data\avgchrome
2013-08-16 20:47:01 -------- d--h--w- c:\windows\system32\GroupPolicy
2013-08-16 20:46:56 -------- d-----w- c:\documents and settings\works\application data\DefaultTab
.
==================== Find3M ====================
.
2013-08-16 21:01:23 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-08-16 21:01:23 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-07-31 12:39:33 715038 ----a-w- c:\windows\unins000.exe
.
============= FINISH: 5:33:28.35 ===============
aswMBR LOG.....
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-01 05:33:43
-----------------------------
05:33:43.156 OS Version: Windows 5.1.2600 Service Pack 3
05:33:43.156 Number of processors: 4 586 0x1C0A
05:33:43.156 ComputerName: WORKS UserName: WORKS
05:33:43.906 Initialize success
05:33:51.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
05:33:51.515 Disk 0 Vendor: ST9500325AS 0010LVM1 Size: 476940MB BusType: 3
05:33:51.703 Disk 0 MBR read successfully
05:33:51.703 Disk 0 MBR scan
05:33:51.703 Disk 0 Windows XP default MBR code
05:33:51.703 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99998 MB offset 63
05:33:51.703 Disk 0 Partition - 00 0F Extended LBA 376939 MB offset 204796620
05:33:51.781 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 376939 MB offset 204796683
05:33:51.812 Disk 0 scanning sectors +976768065
05:33:52.000 Disk 0 scanning C:\WINDOWS\system32\drivers
05:34:00.328 Service scanning
05:34:11.375 Modules scanning
05:34:16.875 Disk 0 trace - called modules:
05:34:16.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
05:34:16.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6c8ab8]
05:34:16.890 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000071[0x8a6f5930]
05:34:16.890 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a695940]
05:34:16.890 Scan finished successfully
05:34:23.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\WORKS\Desktop\MBR.dat"
05:34:23.234 The log file has been saved successfully to "C:\Documents and Settings\WORKS\Desktop\aswMBR.txt"
Hope I have given all the information to you as per your request to participate in this forum...Looking forward to your timely help.
Thanks in advance....
Sribashyam