Topic '[Malware] Sophos Glitch - Clean?' in forum 'Security Cleanup'

Topic '[Malware] Sophos Glitch - Clean?' in forum 'Security Cleanup' - dslreports.com http://www.dslreports.com/forum/Malware-Sophos-Glitch-Clean-27601886 en Fri, 24 May 2013 08:10:42 EDT Fri, 24 May 2013 08:10:42 EDT Re: [Malware] Sophos Glitch - Clean? http://www.dslreports.com/forum/Re-Malware-Sophos-Glitch-Clean-27604404 http://www.dslreports.com/forum/Re-Malware-Sophos-Glitch-Clean-27604404 Tue, 09 Oct 2012 11:12:30 EDT Re: [Malware] Sophos Glitch - Clean? http://www.dslreports.com/forum/Re-Malware-Sophos-Glitch-Clean-27604339
Cleaning Up:

Delete TFC:

Delete the TFC icon on your Desktop

Delete OTL:

Double click the OTL icon on your Desktop
Press the 'Cleanup' button

Delete Security Check:

Delete the SecurityCheck icon on your Desktop

Delete Malware Bytes:

We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.

Delete Sophos AntiRootkit

If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.

Other Programs:

If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum]]> http://www.dslreports.com/forum/Re-Malware-Sophos-Glitch-Clean-27604339 Tue, 09 Oct 2012 10:57:46 EDT Re: [Malware] Sophos Glitch - Clean? http://www.dslreports.com/forum/Re-Malware-Sophos-Glitch-Clean-27601903 OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=96068b05008e6f4bbee339248bd01803
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-05 04:42:01
# local_time=2012-10-05 09:42:01 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=8449 16775142 50 97 0 80851077 0 0
# scanned=69188
# found=0
# cleaned=0
# scan_time=1697
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=96068b05008e6f4bbee339248bd01803
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-08 07:32:27
# local_time=2012-10-08 12:32:27 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=8449 16775141 50 97 0 81119895 0 0
# scanned=67160
# found=0
# cleaned=0
# scan_time=2307]]> http://www.dslreports.com/forum/Re-Malware-Sophos-Glitch-Clean-27601903 Mon, 08 Oct 2012 15:49:05 EDT Re: [Malware] Sophos Glitch - Clean? http://www.dslreports.com/forum/Re-Malware-Sophos-Glitch-Clean-27601894 Windows XP Service Pack 3 x86
Internet Explorer 8
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Disabled!
Sophos Anti-Virus
Antivirus up to date!
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.65.0.1400
CCleaner
Java(TM) 6 Update 29
[color=red]Java version out of Date![/color]
Adobe Flash Player 11.4.402.278
Adobe Reader X (10.1.4)
[u]````````Process Check: objlist.exe by Laurent````````[/u]
Sophos Sophos Anti-Virus SAVAdminService.exe
Sophos Sophos Anti-Virus Web Control swc_service.exe
Sophos Sophos Anti-Virus Web Intelligence swi_service.exe
Sophos Sophos Client Firewall SCFManager.exe
Sophos Sophos Client Firewall SCFService.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 6%
[u]````````````````````End of Log``````````````````````[/u] ]]> http://www.dslreports.com/forum/Re-Malware-Sophos-Glitch-Clean-27601894 Mon, 08 Oct 2012 15:47:38 EDT Re: [Malware] Sophos Glitch - Clean? http://www.dslreports.com/forum/Re-Malware-Sophos-Glitch-Clean-27601893 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Documents and Settings\Patron\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.64% Memory free
3.85 Gb Paging File | 3.09 Gb Available in Paging File | 80.40% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 52.68 Gb Free Space | 70.72% Space Free | Partition Type: NTFS

Computer Name: MANFHC7 | User Name: Patron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Unable to open value key
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AllAlertsDisabled" = 1
"TermService" = 1
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"9535:UDP" = 9535:UDP:*:enabled:LANDesk(R) Remote Control Agent UDP Port
"9535:TCP" = 9535:TCP:*:enabled:LANDesk(R) Remote Control Agent TCP Port
"67:UDP" = 67:UDP:*:enabled:LANDesk(R) PXE UDP Port
"67:TCP" = 67:TCP:*:enabled:LANDesk(R) PXE TCP Port

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"7725:TCP" = 7725:TCP:*:Enabled:Deep Freeze TCP
"7725:UDP" = 7725:UDP:*:Enabled:Deep Freeze UDP
"33354:TCP" = 33354:TCP:LocalSubNet:Enabled:LANDesk Peer Download
"9535:UDP" = 9535:UDP:*:enabled:LANDesk(R) Remote Control Agent UDP Port
"139:TCP" = 139:TCP:*:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Disabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"9535:TCP" = 9535:TCP:*:enabled:LANDesk(R) Remote Control Agent TCP Port
"67:UDP" = 67:UDP:*:enabled:LANDesk(R) PXE UDP Port
"67:TCP" = 67:TCP:*:enabled:LANDesk(R) PXE TCP Port
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: )
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\LANDesk\LDClient\wuser32.exe" = C:\Program Files\LANDesk\LDClient\wuser32.exe:*:enabled:Remote Control Agent
"C:\Program Files\LANDesk\Shared Files\residentagent.exe" = C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:enabled:LANDesk(R) Management Agent -- (Avocent Corporation)
"%windir%\system32\msgsys.exe" = %windir%\system32\msgsys.exe:*:enabled:LANDesk(R) CBA Message System -- (LANDesk Software Ltd.)
"C:\Program Files\LANDesk\LDClient\tmcsvc.exe" = C:\Program Files\LANDesk\LDClient\tmcsvc.exe:*:enabled:LANDesk(R) Targeted Multicast Client -- (LANDesk Software, Inc. and its affiliates.)
"C:\WINDOWS\system32\CBA\pds.exe" = C:\WINDOWS\system32\CBA\pds.exe:*:enabled:LANDesk(R) Ping Discovery Service -- (LANDesk Software Ltd.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: )
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Genline\GFFinder2\GFFinder2.exe" = C:\Program Files\Genline\GFFinder2\GFFinder2.exe:*:Enabled:Genline Family Finder -- ()
"C:\Program Files\Genline\GFFinder2\Engine.exe" = C:\Program Files\Genline\GFFinder2\Engine.exe:*:Enabled:Genline Family Finder -- ()
"C:\WINDOWS\system32\cba\pds.exe" = C:\WINDOWS\system32\cba\pds.exe:*:Enabled:LANDesk Ping Discovery Service -- (LANDesk Software Ltd.)
"C:\WINDOWS\system32\msgsys.exe" = C:\WINDOWS\system32\msgsys.exe:*:Enabled:LANDesk Message Service -- (LANDesk Software Ltd.)
"C:\Program Files\LANDesk\LDClient\issuser.exe" = C:\Program Files\LANDesk\LDClient\issuser.exe:*:Enabled:LANDesk Remote Control Agent -- (LANDesk Software, Inc. and its affiliates.)
"C:\Program Files\LANDesk\LDClient\tmcsvc.exe" = C:\Program Files\LANDesk\LDClient\tmcsvc.exe:*:Enabled:LANDesk Targeted Multicast -- (LANDesk Software, Inc. and its affiliates.)
"C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe" = C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe:*:Enabled:BES Client -- (IBM Corp.)
"C:\Program Files\LANDesk\Shared Files\residentagent.exe" = C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk(R) Management Agent -- (Avocent Corporation)

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03739F6A-16F6-49FB-8E00-AC4AC8FB1FC2}" = Map My Family Tree
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{049D96D7-E082-4FB5-BF64-CD3460E6877C}_is1" = RootsMagic 4.0.6.0 FHC Edition
"{06A0E027-5892-47F4-99BC-0F884C985CF9}" = Ancestral Quest 12.1
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{09DE2F51-DF0A-11D3-9DBC-00C04F522588}" = Personal Ancestral File
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{12C00299-B8B4-40D3-9663-66ABEA3198AB}" = Sophos Client Firewall
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19684E1D-3427-4216-96D8-8744D44E4159}" = Tivoli Endpoint Manager Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server Connector
"{22461A1C-BD68-4D90-9897-1DB146D55ECB}" = LogMeIn
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45734758-4041-4EA8-8E62-DE661FC3879C}" = LANDesk(R) Common Base Agent 8
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B35F281-0CF7-4950-B2DE-03BF408B8E17}" = HP DDM Inventory Scanner Scheduler (x86) 9.31.000.2343
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E2CCBC7-6BBF-4907-9A33-C3BB77366863}" = Ancestral Quest Collaboration Support
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}" = LANDesk Advance Agent
"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{91AFACB3-CA46-4C1E-AF2D-F72EE0B112E4}" = Personal Ancestral File Companion 5.5
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7DB362E-16DC-4E29-8A34-E74381E00B5B}" = Adobe Shockwave Player
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AE235D9C-C585-455D-AA6D-62D1006BD1B3}" = HP DDMI Type 3 FHL
"{B7643B11-A60E-4A33-A465-263FEB32113A}" = HP DDM Inventory Agent (x86) 9.31.000.2343
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client - Web Only
"{EAFCB807-3153-4A03-96CA-93A0110A616D}" = Charting Companion for FamilySearch(TM)
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FED1005D-CBC8-45D5-A288-FFC7BB304121}" = Sophos Remote Management System
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"0591-8077-9297-0833" = FamilySearch Indexing 3.7.11
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"ARO 2011_is1" = ARO 2011
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Family History Library Catalog" = Family History Library Catalog
"FamilyInsight" = FamilyInsight
"Generation Maps Consultation Software_is1" = Generation Maps Consultation Software 1.0
"GetMyAncestors" = GetMyAncestors
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{06A0E027-5892-47F4-99BC-0F884C985CF9}" = Ancestral Quest 12.1
"InstallShield_{4E2CCBC7-6BBF-4907-9A33-C3BB77366863}" = Ancestral Quest Collaboration Support
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"OrdinanceTracker" = OrdinanceTracker
"PDF-XChange 3_is1" = PDF-XChange 3
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Uninstall FamilySearch Indexing" = Uninstall FamilySearch Indexing

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 10/4/2012 11:30:30 PM | Computer Name = MANFHC7 | Source = Sophos Anti-Virus | ID = 4784129
Description = Failed to connect to the on-access driver (0x80070002).

Error - 10/4/2012 11:30:32 PM | Computer Name = MANFHC7 | Source = Sophos Client Firewall | ID = 328962
Description = Failed to connect to messaging servic

Error - 10/4/2012 11:50:46 PM | Computer Name = MANFHC7 | Source = Sophos Client Firewall | ID = 328962
Description = Failed to connect to messaging servic

Error - 10/4/2012 11:51:48 PM | Computer Name = MANFHC7 | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: ldssr3d.ldschurch.org.%3

Error - 10/5/2012 12:11:28 AM | Computer Name = MANFHC7 | Source = Sophos Client Firewall | ID = 328962
Description = Failed to connect to messaging servic

Error - 10/5/2012 12:12:20 AM | Computer Name = MANFHC7 | Source = Sophos Message Router | ID = 8005
Description = DNS lookup failure trying to resolve the following addresses: ldssr3d.ldschurch.org.%3

Error - 10/5/2012 12:15:22 AM | Computer Name = MANFHC7 | Source = Sophos Client Firewall | ID = 328962
Description = Failed to connect to messaging servic

Error - 10/5/2012 12:30:32 AM | Computer Name = MANFHC7 | Source = MsiInstaller | ID = 11316
Description = Product: MSXML 4.0 SP3 Parser -- Error 1316. A network error occurred
while attempting to read from the file: C:\Program Files\Sophos\AutoUpdate\cache\scf\msxml.-sYipw.msi

Error - 10/5/2012 12:42:21 AM | Computer Name = MANFHC7 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <»www.download.windowsupdate.com/m···stl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/5/2012 12:42:21 AM | Computer Name = MANFHC7 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <»www.download.windowsupdate.com/m···stl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 10/4/2012 11:43:36 PM | Computer Name = MANFHC7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/4/2012 11:43:36 PM | Computer Name = MANFHC7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/4/2012 11:44:01 PM | Computer Name = MANFHC7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/4/2012 11:44:01 PM | Computer Name = MANFHC7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/4/2012 11:49:55 PM | Computer Name = MANFHC7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/4/2012 11:51:52 PM | Computer Name = MANFHC7 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'tock.usno.navy.mil,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/4/2012 11:51:52 PM | Computer Name = MANFHC7 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/4/2012 11:51:53 PM | Computer Name = MANFHC7 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus

Error - 10/4/2012 11:52:07 PM | Computer Name = MANFHC7 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'tock.usno.navy.mil,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/4/2012 11:52:07 PM | Computer Name = MANFHC7 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

< End of report >]]> http://www.dslreports.com/forum/Re-Malware-Sophos-Glitch-Clean-27601893 Mon, 08 Oct 2012 15:47:04 EDT Re: [Malware] Sophos Glitch - Clean? http://www.dslreports.com/forum/Re-Malware-Sophos-Glitch-Clean-27601892 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Documents and Settings\Patron\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.64% Memory free
3.85 Gb Paging File | 3.09 Gb Available in Paging File | 80.40% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 52.68 Gb Free Space | 70.72% Space Free | Partition Type: NTFS

Computer Name: MANFHC7 | User Name: Patron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/10/05 07:29:29 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patron\Desktop\OTL.exe
PRC - [2012/10/04 21:26:04 | 002,863,168 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2012/10/04 21:25:11 | 000,216,640 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2012/10/04 21:17:55 | 000,818,240 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe
PRC - [2012/10/04 21:17:37 | 000,289,856 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
PRC - [2012/10/04 21:02:16 | 000,737,367 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClientHelper.exe
PRC - [2012/08/08 07:37:58 | 000,900,160 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2012/08/08 07:37:49 | 000,232,512 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2012/07/30 11:13:44 | 002,280,319 | ---- | M] () -- C:\FHC_Tools\PatronExp\FHC_AUTmon\FHC_AUTmon.exe
PRC - [2012/07/26 17:53:18 | 004,792,768 | ---- | M] (IBM Corp.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
PRC - [2012/07/26 17:53:18 | 001,472,448 | ---- | M] (IBM Corp.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
PRC - [2012/07/26 11:00:29 | 000,089,112 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
PRC - [2012/07/26 11:00:22 | 000,150,552 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
PRC - [2012/07/26 10:23:28 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
PRC - [2012/07/26 10:09:32 | 000,139,840 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2012/07/05 18:09:38 | 000,136,616 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/07/05 18:09:32 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/06/08 12:06:24 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/12/29 23:29:04 | 000,497,496 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/12/29 17:43:30 | 000,620,376 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/10/29 08:12:28 | 000,536,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe
PRC - [2011/10/19 05:49:26 | 000,403,632 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\SoftMon.exe
PRC - [2011/10/19 05:23:30 | 000,179,200 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe
PRC - [2011/10/19 05:22:36 | 000,066,560 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\tracksvc.exe
PRC - [2011/10/14 05:38:52 | 000,189,952 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE
PRC - [2011/09/29 05:30:28 | 000,207,872 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
PRC - [2011/08/01 13:30:36 | 000,147,456 | ---- | M] (Avocent Corporation) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe
PRC - [2011/07/21 09:24:00 | 000,496,128 | ---- | M] (LANDesk Software, Inc. and its affiliates ) -- C:\Program Files\LANDesk\LDClient\collector.exe
PRC - [2011/07/21 07:28:10 | 000,442,936 | ---- | M] () -- C:\Program Files\Hewlett-Packard\DDMI\9.31\Scanner Scheduler\ScannerScheduler.exe
PRC - [2011/06/09 13:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/01/10 13:28:54 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSConnector.exe
PRC - [2011/01/10 13:28:52 | 000,603,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSTrayApp.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/31 08:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) -- C:\WINDOWS\system32\cba\pds.exe
PRC - [2006/07/27 13:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/10/04 21:18:32 | 000,146,496 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\ssleay32.dll
MOD - [2012/10/04 21:18:29 | 000,740,416 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_Security.dll
MOD - [2012/10/04 21:18:24 | 001,539,136 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO.dll
MOD - [2012/10/04 21:18:08 | 000,076,864 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\ACE_SSL.dll
MOD - [2012/10/04 21:17:41 | 000,535,616 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_PortableServer.dll
MOD - [2012/10/04 21:17:35 | 000,244,800 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_SSLIOP.dll
MOD - [2012/10/04 21:17:32 | 000,183,360 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_DynamicAny.dll
MOD - [2012/10/04 21:17:30 | 000,760,896 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\libeay32.dll
MOD - [2012/10/04 21:17:30 | 000,039,488 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\TAO_Valuetype.dll
MOD - [2012/10/04 21:17:23 | 001,055,808 | ---- | M] () -- C:\Program Files\Sophos\Remote Management System\ace.dll
MOD - [2012/10/04 21:06:07 | 000,159,864 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM\e00cd61a82f12186df5e4de4b75a822d\Registry.dll
MOD - [2012/10/04 21:06:07 | 000,082,037 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM\ea8ed9772b76a525d50cde8448090219\WinError.dll
MOD - [2012/10/04 21:06:07 | 000,024,691 | R--- | M] () -- C:\WINDOWS\Temp\pdk-SYSTEM\04a938823668c652aef77ba79a274400\Service.dll
MOD - [2012/07/30 11:13:44 | 002,280,319 | ---- | M] () -- C:\FHC_Tools\PatronExp\FHC_AUTmon\FHC_AUTmon.exe
MOD - [2011/11/21 21:44:32 | 000,118,272 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\uncauthentication.dll
MOD - [2011/10/29 08:12:28 | 000,536,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe
MOD - [2011/10/14 05:29:26 | 000,186,880 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\httprequest.dll
MOD - [2011/09/19 05:31:08 | 000,073,728 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\policy.client.business.dll
MOD - [2011/07/21 07:28:10 | 000,442,936 | ---- | M] () -- C:\Program Files\Hewlett-Packard\DDMI\9.31\Scanner Scheduler\ScannerScheduler.exe
MOD - [2011/04/21 17:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 17:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 17:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2009/11/23 16:51:30 | 000,024,576 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\processrunner.dll
MOD - [2009/11/23 16:51:26 | 000,433,664 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\sqlite3.dll
MOD - [2009/11/23 16:20:54 | 000,043,008 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\rollinglog.dll
MOD - [2007/04/20 07:28:38 | 000,106,567 | ---- | M] () -- C:\Program Files\LANDesk\LDClient\ThinstallManageApi.dll
MOD - [2006/08/18 13:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/10/04 23:17:44 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/04 21:26:04 | 002,863,168 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012/10/04 21:25:11 | 000,216,640 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012/10/04 21:17:55 | 000,818,240 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2012/10/04 21:17:37 | 000,289,856 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2012/10/04 21:02:16 | 000,737,367 | ---- | M] (BigFix Inc.) [Auto | Running] -- C:\Program Files\BigFix Enterprise\BES Client\BESClientHelper.exe -- (BESClientHelper)
SRV - [2012/08/08 07:37:49 | 000,232,512 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012/08/08 07:33:40 | 001,465,920 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_update.exe -- (swi_update)
SRV - [2012/07/26 17:53:18 | 004,792,768 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient)
SRV - [2012/07/26 11:00:29 | 000,089,112 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe -- (Sophos Client Firewall)
SRV - [2012/07/26 11:00:22 | 000,150,552 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe -- (Sophos Client Firewall Manager)
SRV - [2012/07/26 10:23:28 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2012/07/26 10:09:32 | 000,139,840 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012/07/05 18:09:38 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/07/05 18:09:32 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/12/29 23:29:04 | 000,497,496 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/10/29 08:12:28 | 000,536,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discusge.exe -- (prgnUsageAgent)
SRV - [2011/10/19 05:49:26 | 000,403,632 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\SoftMon.exe -- (Softmon)
SRV - [2011/10/19 05:23:30 | 000,179,200 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe -- (LANDesk Targeted Multicast)
SRV - [2011/10/19 05:23:24 | 000,143,872 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Stopped] -- C:\Program Files\LANDesk\LDClient\ProcTriggerSvc.exe -- (ProcTrigger)
SRV - [2011/10/19 05:22:36 | 000,066,560 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\tracksvc.exe -- (tracksvc)
SRV - [2011/10/14 05:38:52 | 000,189,952 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2011/09/29 05:30:28 | 000,207,872 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker)
SRV - [2011/08/01 13:30:36 | 000,147,456 | ---- | M] (Avocent Corporation) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe -- (CBA8)
SRV - [2011/07/21 07:28:10 | 000,442,936 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\DDMI\9.31\Scanner Scheduler\ScannerScheduler.exe -- (ovedScannerScheduler)
SRV - [2011/01/10 13:28:54 | 000,376,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)
SRV - [2007/08/31 08:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cba\pds.exe -- (Intel PDS)
SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/26 10:51:12 | 000,057,888 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\scfndis.sys -- (scfndis)
DRV - [2012/07/26 10:48:24 | 000,088,608 | ---- | M] (Sophos Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scfdriver.sys -- (scfdriver)
DRV - [2012/07/26 10:32:08 | 000,033,696 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2012/07/26 10:19:28 | 000,024,832 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter)
DRV - [2012/07/26 10:17:23 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\skmscan.sys -- (SKMScan)
DRV - [2012/07/26 10:15:45 | 000,155,392 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl)
DRV - [2012/07/05 18:10:02 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Unknown] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/06/08 12:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/06/08 12:06:24 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/03/09 09:13:32 | 006,553,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/03/13 15:35:48 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2008/05/12 12:04:00 | 000,175,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/03/11 12:50:51 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2008/03/11 12:50:49 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/27 13:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »search.live.com/results.aspx?q={···source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.familysearch.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = »www.familysearch.org/
IE - HKCU\..\SearchScopes,DefaultScope = {6DC997DE-4D90-4490-B776-B5DE98843159}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···M=IE8SRC
IE - HKCU\..\SearchScopes\{6DC997DE-4D90-4490-B776-B5DE98843159}: "URL" = »www.google.com/search?q={searchT···coding?}
IE - HKCU\..\SearchScopes\{95AEBB4C-E0B9-2355-957D-D40EC7D95A60}: "URL" = »www.bing.com/search?q={searchTer···m=ZGAIDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = »www.fhc.familysearch.org/pac.cgi/3331717.pac

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z006&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z006&form=ZGAADF&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://www.fhc.familysearch.org/pac.cgi/3331717.pac"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/20 10:59:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/20 10:59:53 | 000,000,000 | ---D | M]

[2010/09/18 10:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Patron\Application Data\Mozilla\Extensions
[2010/12/06 11:13:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Patron\Application Data\Mozilla\Firefox\Profiles\5bwxlyp9.default\extensions
[2010/09/18 10:49:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Patron\Application Data\Mozilla\Firefox\Profiles\5bwxlyp9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/29 10:57:31 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Patron\Application Data\Mozilla\Firefox\Profiles\5bwxlyp9.default\extensions\searchtoolbar@zugo.com
[2010/09/29 10:57:31 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Patron\Application Data\Mozilla\Firefox\Profiles\5bwxlyp9.default\searchplugins\bing-zugo.xml
[2011/01/12 11:34:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/23 10:20:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/03/13 12:11:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/14 20:48:19 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Alphabetize_Start] C:\Program Files\LANDesk\Shared Files\cbaroot\broker\Tools\AlphabetizeStartMenu.exe ()
O4 - HKLM..\Run: [EDFcsn] C:\Program Files\Hewlett-Packard\Discovery Agent\Plugins\usage\discfcsn.exe ()
O4 - HKLM..\Run: [FHC_AUTmon] C:\FHC_Tools\PatronExp\FHC_AUTmon\FHC_AUTmon.exe ()
O4 - HKLM..\Run: [FHCServicesPortalUpdate] C:\FHC_Tools\new.Portal\new.PortalSvc.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [AROReminder] C:\Program Files\ARO 2011\aro.exe (Support.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Home Server.lnk = C:\WINDOWS\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: Charting Companion for FamilySearch™ - {A33732DD-8B1B-4eae-A7EE-B0A47C8A6AF0} - C:\Program Files\Charting Companion for FS\fscc.exe (Progeny Genealogy Inc.)
O9 - Extra 'Tools' menuitem : Charting Companion for FamilySearch™ - {A33732DD-8B1B-4eae-A7EE-B0A47C8A6AF0} - C:\Program Files\Charting Companion for FS\fscc.exe (Progeny Genealogy Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O15 - HKLM\..Trusted Domains: familysearch.org ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: familysearch.org ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ldschurch.org ([]* in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} »www.hp.com/cpso-support-new/SDD/···gned.cab (HPSDDX Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (Reg Error: Value error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} »secure.logmein.com/activex/ractr···?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.49.176.201 216.49.176.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83E0A908-7EA0-4398-ACB6-C84EAD17CC5D}: DhcpNameServer = 216.49.176.201 216.49.176.202
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/13 11:35:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1f7101dd-c1f7-11e0-97c4-0026b97bc8cd}\Shell - "" = AutoRun
O33 - MountPoints2\{1f7101dd-c1f7-11e0-97c4-0026b97bc8cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1f7101dd-c1f7-11e0-97c4-0026b97bc8cd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{590ecc6d-d170-11df-977c-0026b97bc8cd}\Shell - "" = AutoRun
O33 - MountPoints2\{590ecc6d-d170-11df-977c-0026b97bc8cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{590ecc6d-d170-11df-977c-0026b97bc8cd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{e109bac0-4bd6-11df-9706-0026b97bc8cd}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (pgdfgsvc C 1)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/10/05 07:29:27 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patron\Desktop\OTL.exe
[2012/10/04 23:17:41 | 010,213,296 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012/10/04 21:48:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FHC Support Tools
[2012/10/04 21:44:46 | 000,000,000 | ---D | C] -- C:\Scanner
[2012/10/04 21:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Peregrine
[2012/10/04 21:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Peregrine
[2012/10/04 21:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patron\Local Settings\Application Data\LogMeIn
[2012/10/04 21:42:22 | 000,083,392 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2012/10/04 21:42:22 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2012/10/04 21:42:22 | 000,030,624 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2012/10/04 21:42:20 | 000,087,456 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2012/10/04 21:41:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/10/04 21:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFix
[2012/10/04 21:26:43 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browser.dll
[2012/10/04 20:44:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patron\Application Data\Malwarebytes
[2012/10/04 20:43:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/04 20:43:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/10/04 20:43:58 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/10/04 20:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/04 20:43:46 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Patron\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/17 11:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patron\Application Data\spotmau
[2012/09/17 11:55:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp360
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/10/05 07:29:29 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patron\Desktop\OTL.exe
[2012/10/05 07:16:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/04 23:17:44 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/04 23:17:44 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/04 23:17:42 | 010,213,296 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012/10/04 21:45:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/04 21:42:20 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/10/04 21:40:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/04 21:39:22 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Home Server.lnk
[2012/10/04 21:39:10 | 000,000,253 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012/10/04 21:38:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/04 21:38:55 | 000,095,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/04 21:27:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/04 20:44:00 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/04 20:40:06 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Patron\Desktop\mbam-setup-1.65.0.1400.exe
[2012/10/03 12:00:00 | 000,000,530 | ---- | M] () -- C:\WINDOWS\tasks\Weekly.job
[2012/10/03 09:30:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2012/09/18 10:24:09 | 000,000,310 | ---- | M] () -- C:\Documents and Settings\Patron\jobq.dat
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/10/04 21:45:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/04 21:42:15 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
[2012/10/04 21:24:08 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/10/04 21:02:03 | 000,119,808 | ---- | C] () -- C:\WINDOWS\System32\t2embed.dll
[2012/10/04 20:44:00 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/16 00:01:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/03/21 12:36:05 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2010/10/25 11:26:03 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Patron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/16 10:30:47 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\Patron\jobq.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2010/03/13 11:38:21 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2012/10/04 21:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BigFix
[2012/01/17 12:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/03/13 12:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LANDesk
[2012/10/05 00:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/10/04 21:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Peregrine
[2010/03/13 15:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RootsMagic
[2012/07/31 13:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/10/04 18:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp360
[2012/10/02 11:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vulScan
[2010/08/14 20:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Home Server
[2010/11/10 14:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patron\Application Data\genline
[2010/08/16 11:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patron\Application Data\Incline Software
[2012/01/17 12:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patron\Application Data\IObit
[2011/03/01 13:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patron\Application Data\Progeny
[2011/08/20 09:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patron\Application Data\Sammsoft
[2012/09/17 11:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patron\Application Data\spotmau
[2010/08/14 20:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patron\Application Data\Windows Home Server

[color=#E56717]========== Purity Check ==========[/color]

< End of report >]]> http://www.dslreports.com/forum/Re-Malware-Sophos-Glitch-Clean-27601892 Mon, 08 Oct 2012 15:46:43 EDT [Malware] Sophos Glitch - Clean? http://www.dslreports.com/forum/Malware-Sophos-Glitch-Clean-27601886
MBAM:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.07.13

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Patron :: MANFHC7 [administrator]

10/4/2012 8:46:19 PM
mbam-log-2012-10-04 (20-46-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229643
Time elapsed: 2 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Quarantined and deleted successfully.

Registry Data Items Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogOff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Administrator\Local Settings\Temp\SAV\esugdrop.exe (Malware.Gen) -> Quarantined and deleted successfully.

(end)]]> http://www.dslreports.com/forum/Malware-Sophos-Glitch-Clean-27601886 Mon, 08 Oct 2012 15:45:21 EDT