Solved Attempted to remove XP Security 2012, but Internet connectivity problems

M

mathai

Posts: 16   +0
I had the XP AntiSpyware 2012 and TDSS Rootkit infection, so I ran Malwarebytes and ComboFix and thought I had gotten it fixed. But after rescanning with AVG, it shows that the system is still infected with a Trojan Horse Hider.oow (netbt.sys). Also, whenever I restart the computer, I am unable to connect to the internet...

I am rerunning Malwarebytes and will include the GMER and DDS logs (if needed) in the next post.

Would appreciate any help! Thanks in advance.
 
Malwarebytes

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122704

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/31/2011 12:08:29 PM
mbam-log-2011-12-31 (12-08-29).txt

Scan type: Full scan (C:\|F:\|G:\|)
Objects scanned: 322674
Time elapsed: 26 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-29 18:27:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5000AAKB-00H8A0 rev.05.04E05
Running: m69ybdqz.exe; Driver: C:\DOCUME~1\Suma\LOCALS~1\Temp\kfkdrfod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF5239F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF5239FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF523A080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF523A11C]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\00000892 \GLOBAL??\c0fe8970 82D9C880

---- EOF - GMER 1.0.15 ----


DDS logs


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Suma at 15:34:44 on 2011-12-30
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.224 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
F:\Program Files\PSI\PSIA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
F:\Program Files\PSI\sua.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sony.com/vaiopeople
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.23\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.23\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AC2EF644-A523-4873-91DE-E197E692BE2E} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\suma\application data\mozilla\firefox\profiles\apupzc9h.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 Secunia PSI Agent;Secunia PSI Agent;f:\program files\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;f:\program files\psi\sua.exe [2011-10-14 399416]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2011-12-29 869216]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2010-2-13 166720]
S1 SAVRT;SAVRT;\??\c:\program files\symantec antivirus\savrt.sys --> c:\program files\symantec antivirus\savrt.sys [?]
S1 SAVRTPEL;SAVRTPEL;\??\c:\program files\symantec antivirus\savrtpel.sys --> c:\program files\symantec antivirus\Savrtpel.sys [?]
S2 gupdate1ca0d413c4afa64;Google Update Service (gupdate1ca0d413c4afa64);c:\program files\google\update\GoogleUpdate.exe [2009-7-25 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-25 133104]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20111211.006\naveng.sys [2011-12-11 86136]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20111211.006\navex15.sys [2011-12-11 1576312]
S3 SavRoam;SAVRoam;"c:\program files\symantec antivirus\savroam.exe" --> c:\program files\symantec antivirus\SavRoam.exe [?]
S4 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccevtmgr.exe" --> c:\program files\common files\symantec shared\ccEvtMgr.exe [?]
S4 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccsetmgr.exe" --> c:\program files\common files\symantec shared\ccSetMgr.exe [?]
S4 Symantec AntiVirus;Symantec AntiVirus;"c:\program files\symantec antivirus\rtvscan.exe" --> c:\program files\symantec antivirus\Rtvscan.exe [?]
.
=============== Created Last 30 ================
.
2011-12-30 01:42:44 -------- d-----w- c:\documents and settings\suma\application data\AVG
2011-12-29 21:56:10 -------- d-----w- C:\$AVG
2011-12-29 20:48:27 -------- d-----w- c:\windows\pss
2011-12-29 20:44:02 -------- d-----w- c:\documents and settings\suma\application data\AVG2012
2011-12-29 20:41:56 -------- d-----w- c:\documents and settings\suma\application data\AVG Secure Search
2011-12-29 20:41:52 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2011-12-29 20:41:49 -------- d-----w- c:\program files\common files\AVG Secure Search
2011-12-29 20:41:47 -------- d-----w- c:\program files\AVG Secure Search
2011-12-29 20:40:32 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-29 20:40:32 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2011-12-29 20:39:59 -------- d-----w- c:\program files\AVG
2011-12-29 05:32:03 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-12-28 21:59:16 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-12-28 19:22:32 -------- d-sha-r- C:\cmdcons
2011-12-28 19:02:10 518144 ----a-w- c:\windows\SWREG.exe
2011-12-28 19:02:10 256000 ----a-w- c:\windows\PEV.exe
2011-12-28 19:02:10 208896 ----a-w- c:\windows\MBR.exe
2011-12-28 19:02:09 98816 ----a-w- c:\windows\sed.exe
2011-12-28 09:01:38 -------- d-----w- c:\documents and settings\suma\application data\ElevatedDiagnostics
2011-12-28 09:00:18 -------- d-----w- C:\MATS
2011-12-28 07:47:20 -------- d-----w- C:\WINDOWS3425144298
2011-12-28 00:52:10 -------- d-sh--w- c:\documents and settings\suma\IECompatCache
2011-12-28 00:39:44 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-12-28 00:24:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-27 23:57:36 -------- d-----w- c:\documents and settings\suma\local settings\application data\Secunia PSI
2011-12-27 19:03:28 -------- d-----w- c:\documents and settings\suma\application data\Malwarebytes
2011-12-27 19:02:24 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-27 19:02:18 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-27 19:02:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-12-28 00:24:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-28 00:06:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 20:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 12:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 12:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2008-03-09 12:25:10 236 ----a-w- c:\program files\common files\dx.reg
.
============= FINISH: 15:36:07.46 ===============


DDS Attach Log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/17/2009 1:13:23 PM
System Uptime: 12/30/2011 12:03:00 PM (3 hours ago)
.
Motherboard: ASUSTek Computer Inc. | | P4SD-VX
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 2992/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 132 GiB total, 92.512 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 147 GiB total, 143.537 GiB free.
G: is FIXED (NTFS) - 181 GiB total, 180.01 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&35F762C4&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&35F762C4&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP15: 7/17/2009 5:52:58 PM - Removed TuneUp Utilities 2008
.
==== Installed Programs ======================
.
.
Adobe Reader 9.4.7
Agere Systems AC'97 Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
AVG 2012
AVG PC Tuneup
Data Lifeguard Tools
Diet Analysis Plus 9
DirectX10 RC2 Pre Fix 3
DivX Web Player
Drag'n Drop CD+DVD
DVgate Plus
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
Java Auto Updater
Java(TM) 6 Update 29
jZip
Lexmark 1200 Series
Lexmark Fax Solutions
LiveReg (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.2.1300
Memory Stick Formatter
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 7.0
Microsoft XML Parser
MoodLogic
Mozilla Firefox (3.6.25)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Visualizer Library 1.4.00
neroxml
OpenMG Limited Patch 3.2-03-02-21-08
OpenMG Limited Patch 3.2-03-03-18-01
OpenMG Limited Patch 3.2-03-04-14-02
OpenMG Secure Module 3.2
Picasa 3
PictureGear Studio 2.0
QuickTime
Secunia PSI (2.0.0.4003)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
SonicStage 1.6.00
Sony Certificate PCH
Sony on Yahoo! Essentials
Sony Video Shared Library
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Turbo Tax Offer
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
VAIO BrightColor Wallpaper
VAIO Help and Support
VAIO Media 2.6
VAIO Media Integrated Server 2.6
VAIO Media Redistribution 2.6
VAIO Registration
VAIO Support
VAIO Survey Standalone
VAIO System Information
VC80CRTRedist - 8.0.50727.762
VCRedistSetup
Viewpoint Media Player (Remove Only)
VLC media player 1.1.11
WebFldrs XP
Welcome to VAIO life
Windows Internet Explorer 8
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
12/30/2011 12:06:14 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
12/29/2011 7:25:03 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 000C6EF61B5C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/29/2011 6:46:27 PM, error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT
12/29/2011 6:46:27 PM, error: Service Control Manager [7003] - The DHCP Client service depends on the following nonexistent service: NetBT
12/28/2011 3:09:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SAVRT SAVRTPEL SPBBCDrv SYMTDI
12/28/2011 3:09:07 AM, error: Service Control Manager [7024] - The Symantec SPBBCSvc service terminated with service-specific error 4294967295 (0xFFFFFFFF).
12/28/2011 1:42:33 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000035' while processing the file 'Combo-Fix.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
12/28/2011 1:40:52 PM, error: PlugPlayManager [11] - The device Root\LEGACY_NPF\0000 disappeared from the system without first being prepared for removal.
12/28/2011 1:31:48 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000035' while processing the file 'ntuser.ini' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
12/28/2011 1:25:49 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
12/28/2011 1:24:29 AM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the path specified.
12/28/2011 1:24:29 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service to connect.
12/28/2011 1:23:22 AM, error: SRService [104] - The System Restore initialization process failed.
12/28/2011 1:22:43 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000035' while processing the file 'netbt.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
12/27/2011 7:20:33 PM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 000C6EF61B5C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/27/2011 6:41:45 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000035' while processing the file 'LastGood' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
12/27/2011 6:32:28 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
12/27/2011 5:52:57 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.4 with the system having network hardware address 60:FB:42:67:BA:1C. Network operations on this system may be disrupted as a result.
12/27/2011 5:28:06 PM, error: Dhcp [1002] - The IP address lease 192.168.1.1 for the Network Card with network address 000C6EF61B5C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/27/2011 5:16:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
12/27/2011 5:15:33 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000035' while processing the file 'ojmf.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
.
==== End Of File ===========================


Let me know if any other logs are needed!
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================================

You're running two AV programs, AVG and Norton.
One of them has to go.
If AVG use AVG Remover: http://www.avg.com/us-en/utilities
If Norton use this tool: https://www-secure.symantec.com/nor...&version=1&pvid=f-home&entsrc=redirect_pubweb

Then...

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
 
Ok, I uninstalled AVG, but can't get Symantec off. The Norton Removal Tool didn't work on Symantec AntiVirus, and I had previously used Microsoft FixIt (http://support.microsoft.com/mats/Program_Install_and_Uninstall) to remove it. But some of it's files are still on the computer...

I went ahead and ran FSS (log below). Internet is working currently, but it won't work if I turn off or restart the computer:

Farbar Service Scanner
Ran by Suma (administrator) on 31-12-2011 at 13:22:05
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2003-08-13 20:58] - [2008-04-13 23:51] - 0162816 ____A () E83B450A3ADAE2D9EF4170474D94DDCC

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(10) PSched(7) SYMTDI(8) Tcpip(3)
0x09000000040000000100000002000000030000000800000009000000050000000600000007000000

**** End of log ****
 
It looks like you have corrupted/infected netbt.sys file.

Please run Farbar Service Scanner.
Type the following in the edit box after "Search:".

netbt.sys

Click Search Files button and post the log (FSS.txt) it makes to your reply.
 
Farbar Service Scanner
Ran by Suma (administrator) on 31-12-2011 at 13:33:50
Microsoft Windows XP Service Pack 3 (X86)

************************************************
================== Search: "netbt.sys" ===================

C:\WINDOWS\system32\drivers\netbt.sys
[2003-08-13 20:58] - [2008-04-13 23:51] - 0162816 ____A () E83B450A3ADAE2D9EF4170474D94DDCC

C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2009-07-17 15:39] - [2008-04-13 23:51] - 0162816 ____N (Microsoft Corporation) 74B2B2F5BEA5E9A3DC021D685551BD3D

C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2009-07-17 15:35] - [2002-08-29 06:00] - 0157056 ____C (Microsoft Corporation) D96F3BC5A6E7452B0E3275B560DC8528

====== End Of Search ======
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
FCopy::
C:\WINDOWS\ServicePackFiles\i386\netbt.sys | C:\WINDOWS\system32\drivers\netbt.sys

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 11-12-31.03 - Suma 12/31/2011 14:17:14.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.309 [GMT -6:00]
Running from: c:\documents and settings\Suma\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Suma\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\netbt.sys --> c:\windows\system32\drivers\netbt.sys
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))))
.
.
2011-12-30 01:42 . 2011-12-30 01:49 -------- d-----w- c:\documents and settings\Suma\Application Data\AVG
2011-12-29 21:56 . 2011-12-29 21:56 -------- d-----w- C:\$AVG
2011-12-29 20:58 . 2011-12-29 20:59 -------- d-----w- c:\documents and settings\Suma\Application Data\vlc
2011-12-29 20:40 . 2011-12-31 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-12-29 20:39 . 2011-12-29 20:39 -------- d-----w- c:\program files\AVG
2011-12-29 05:32 . 2011-12-29 05:32 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-12-28 21:59 . 2011-12-31 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-12-28 09:01 . 2011-12-28 09:01 -------- d-----w- c:\documents and settings\Suma\Application Data\ElevatedDiagnostics
2011-12-28 09:00 . 2011-12-28 09:00 -------- d-----w- C:\MATS
2011-12-28 07:47 . 2011-12-28 07:47 -------- d-----w- C:\WINDOWS3425144298
2011-12-28 00:52 . 2011-12-28 00:52 -------- d-sh--w- c:\documents and settings\Suma\IECompatCache
2011-12-28 00:39 . 2011-12-28 00:39 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-12-28 00:24 . 2011-12-28 00:24 -------- d-----w- c:\program files\Common Files\Java
2011-12-28 00:24 . 2011-12-28 00:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-27 23:57 . 2011-12-27 23:57 -------- d-----w- c:\documents and settings\Suma\Local Settings\Application Data\Secunia PSI
2011-12-27 19:03 . 2011-12-27 19:03 -------- d-----w- c:\documents and settings\Suma\Application Data\Malwarebytes
2011-12-27 19:02 . 2011-12-27 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-27 19:02 . 2011-12-27 19:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-27 19:02 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-24 23:29 . 2011-12-24 23:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 00:24 . 2010-05-04 02:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-28 00:06 . 2011-06-01 20:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2003-08-14 02:58 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2003-08-14 02:58 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2003-08-14 02:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2003-08-14 02:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2009-07-17 21:41 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2003-07-05 19:12 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2003-08-14 02:57 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2002-08-29 01:04 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2002-08-29 01:04 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13 . 2003-08-14 02:58 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2003-03-03 22:57 692736 ----a-w- c:\windows\system32\inetcomm.dll
2008-03-09 12:25 . 2009-07-17 16:04 236 ----a-w- c:\program files\Common Files\dx.reg
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-30_01.25.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 04:51 . 2011-04-19 04:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
- 2011-12-30 01:25 . 2011-12-30 01:25 40960 c:\windows\Temp\rtdrvmon.exe
+ 2011-12-31 20:26 . 2011-12-31 20:26 40960 c:\windows\Temp\rtdrvmon.exe
+ 2011-12-31 20:26 . 2011-12-31 20:26 16384 c:\windows\Temp\Perflib_Perfdata_528.dat
+ 2011-04-19 04:51 . 2011-04-19 04:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2003-08-14 02:58 . 2008-04-14 05:51 162816 c:\windows\system32\dllcache\netbt.sys
+ 2009-07-21 03:30 . 2011-12-31 20:26 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-07-21 03:30 . 2011-12-30 01:25 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-12-30 17:43 . 2011-12-30 17:43 223744 c:\windows\Installer\37fed50.msi
+ 2011-01-14 13:10 . 2011-01-14 13:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
+ 2011-01-14 13:10 . 2011-01-14 13:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
+ 2011-04-19 04:51 . 2011-04-19 04:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-19 04:51 . 2011-04-19 04:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
+ 2011-07-21 18:34 . 2011-07-21 18:34 3456000 c:\windows\Installer\37fed48.msp
+ 2011-01-14 13:10 . 2011-01-14 13:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
+ 2011-01-14 13:10 . 2011-01-14 13:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
+ 2011-01-14 13:10 . 2011-01-14 13:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 335872]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 88363]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\Merene\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2006-07-20 00:26 52896 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-02-08 22:56 295856 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxczbmgr.exe]
2007-02-08 22:52 74672 ----a-w- c:\program files\Lexmark 1200 Series\LXCZbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
2006-09-28 01:33 125168 ----a-w- c:\progra~1\SYMANT~1\VPTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ccSetMgr"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"DefWatch"=2 (0x2)
"Symantec AntiVirus"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" /server
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R2 Secunia PSI Agent;Secunia PSI Agent;f:\program files\PSI\psia.exe [10/14/2011 12:01 AM 994360]
R2 Secunia Update Agent;Secunia Update Agent;f:\program files\PSI\sua.exe [10/14/2011 12:01 AM 399416]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 2:30 AM 15544]
R3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2/13/2010 10:39 AM 166720]
S2 gupdate1ca0d413c4afa64;Google Update Service (gupdate1ca0d413c4afa64);c:\program files\Google\Update\GoogleUpdate.exe [7/25/2009 10:01 AM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/25/2009 10:01 AM 133104]
S3 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" --> c:\program files\Symantec AntiVirus\SavRoam.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-25 16:01]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-25 16:01]
.
2009-07-22 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-08-14 10:42]
.
2009-07-28 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-08-14 10:42]
.
2009-08-07 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-08-14 10:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Suma\Application Data\Mozilla\Firefox\Profiles\apupzc9h.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-31 14:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2400)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\windows\AGRSMMSG.exe
.
**************************************************************************
.
Completion time: 2011-12-31 14:38:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-31 20:38
ComboFix2.txt 2011-12-31 05:01
ComboFix3.txt 2011-12-30 01:30
ComboFix4.txt 2011-12-28 20:39
ComboFix5.txt 2011-12-31 20:11
.
Pre-Run: 99,749,777,408 bytes free
Post-Run: 99,792,912,384 bytes free
.
- - End Of File - - FE56A3721E3D53207DFD83CB37CF0F68
 
It's working... for now. I'm afraid that when I shut-down and reboot the computer, it will not work again.

FSS Log

Farbar Service Scanner
Ran by Suma (administrator) on 31-12-2011 at 15:14:17
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(10) PSched(7) SYMTDI(8) Tcpip(3)
0x09000000040000000100000002000000030000000800000009000000050000000600000007000000

**** End of log ****
 
You'll be fine.
All looks good :)

Any current issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Thank you! No issues thus far :)

OTL.txt

OTL logfile created on: 12/31/2011 4:12:54 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Suma\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 247.04 Mb Available Physical Memory | 48.31% Memory free
1.22 Gb Paging File | 1.06 Gb Available in Paging File | 86.83% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 132.10 Gb Total Space | 92.97 Gb Free Space | 70.38% Space Free | Partition Type: NTFS
Drive F: | 146.99 Gb Total Space | 143.56 Gb Free Space | 97.67% Space Free | Partition Type: NTFS
Drive G: | 180.66 Gb Total Space | 180.01 Gb Free Space | 99.64% Space Free | Partition Type: NTFS

Computer Name: VALUED-3253602F | User Name: Suma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/31 16:11:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Suma\Desktop\OTL.exe
PRC - [2011/10/14 00:01:50 | 000,994,360 | ---- | M] (Secunia) -- F:\Program Files\PSI\psia.exe
PRC - [2011/10/14 00:01:48 | 000,399,416 | ---- | M] (Secunia) -- F:\Program Files\PSI\sua.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/08 16:50:33 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxczcoms.exe
PRC - [2002/08/20 11:29:26 | 000,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe


========== Modules (No Company Name) ==========

MOD - [2006/11/22 08:05:12 | 000,012,288 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\fxctrstr.dll
MOD - [2006/11/22 07:51:26 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXPRMON.DLL
MOD - [2006/11/22 07:49:18 | 000,032,768 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\ipcmt.dll
MOD - [2006/01/10 16:11:05 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\lxczcnv4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Symantec AntiVirus)
SRV - File not found [Disabled | Stopped] -- -- (SNDSrvc)
SRV - File not found [On_Demand | Stopped] -- -- (SavRoam)
SRV - File not found [On_Demand | Stopped] -- -- (LiveUpdate)
SRV - File not found [Disabled | Stopped] -- -- (DefWatch)
SRV - File not found [Disabled | Stopped] -- -- (ccSetMgr)
SRV - File not found [Disabled | Stopped] -- -- (ccEvtMgr)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/14 00:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- F:\Program Files\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 00:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- F:\Program Files\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2007/02/08 16:50:33 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxczcoms.exe -- (lxcz_device)
SRV - [2006/04/11 16:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2003/07/01 19:53:48 | 000,495,705 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe -- (VAIOMediaPlatform-MusicServer-AppServer)
SRV - [2003/06/30 18:38:40 | 001,196,032 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)
SRV - [2003/06/30 18:35:22 | 000,925,696 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe -- (VAIOMediaPlatform-PhotoServer-AppServer)
SRV - [2003/06/24 15:49:54 | 000,720,896 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2003/06/24 15:49:54 | 000,720,896 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP)
SRV - [2003/06/24 15:49:54 | 000,720,896 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP)
SRV - [2003/06/23 21:16:38 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP)
SRV - [2003/06/23 21:16:38 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP)
SRV - [2003/06/23 21:16:38 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP)
SRV - [2002/12/24 12:01:22 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/11/13 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/10/18 05:50:50 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111211.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/18 05:50:50 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111211.006\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/01 02:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/04/13 22:04:16 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/07/12 19:46:14 | 000,761,472 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2003/05/23 11:44:04 | 001,171,648 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/12/04 15:28:10 | 000,730,956 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2002/06/13 13:37:16 | 000,045,568 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/08/17 12:50:34 | 000,166,720 | ---- | M] (S3 Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3m.sys -- (s3m)
DRV - [2001/08/17 06:11:02 | 000,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xnd5.sys -- (EL90X)
DRV - [2000/12/05 17:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1048354621-3718348917-2159097072-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-21-1048354621-3718348917-2159097072-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: F:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/27 18:20:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/27 18:20:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2009/07/17 15:03:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/12/27 18:36:54 | 000,000,000 | ---D | M]

[2009/07/20 21:47:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suma\Application Data\Mozilla\Extensions
[2011/06/13 16:46:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suma\Application Data\Mozilla\Firefox\Profiles\apupzc9h.default\extensions
[2011/06/13 16:36:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Suma\Application Data\Mozilla\Firefox\Profiles\apupzc9h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/28 23:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/27 18:24:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/27 18:24:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}
[2011/12/27 18:24:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/29 14:41:45 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll
CHR - plugin: RealOne Player Version Plugin (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Picasa (Enabled) = F:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/12/31 14:35:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1048354621-3718348917-2159097072-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1048354621-3718348917-2159097072-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1048354621-3718348917-2159097072-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1048354621-3718348917-2159097072-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC2EF644-A523-4873-91DE-E197E692BE2E}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\System32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\VAIO BrightColor Wallpaper TrueColor 1024x768.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO BrightColor Wallpaper TrueColor 1024x768.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/08/13 21:08:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/12/31 16:11:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Suma\Desktop\OTL.exe
[2011/12/30 22:37:29 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/12/30 15:34:30 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Suma\Desktop\dds.scr
[2011/12/30 15:34:26 | 004,358,797 | R--- | C] (Swearware) -- C:\Documents and Settings\Suma\Desktop\ComboFix.exe
[2011/12/30 15:34:19 | 003,968,544 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Suma\Desktop\avg_free_stb_all_2012_1901_cnet.exe
[2011/12/30 15:33:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suma\Desktop\virus stuff
[2011/12/30 11:50:48 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Suma\Desktop\aswMBR.exe
[2011/12/29 19:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suma\Application Data\AVG
[2011/12/29 19:26:46 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Suma\Desktop\tdsskiller.exe
[2011/12/29 15:56:10 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/12/29 14:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suma\Application Data\vlc
[2011/12/29 14:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/12/29 14:48:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/12/29 14:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suma\Application Data\AVG2012
[2011/12/29 14:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/29 14:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/12/28 23:32:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/12/28 15:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/28 13:22:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/28 13:02:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/28 13:02:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/28 13:02:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/28 13:02:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/28 12:53:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Suma\Start Menu\Programs\Administrative Tools
[2011/12/28 03:05:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/28 03:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suma\Application Data\ElevatedDiagnostics
[2011/12/28 03:00:18 | 000,000,000 | ---D | C] -- C:\MATS
[2011/12/28 02:55:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/12/28 02:55:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/12/28 02:18:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/28 01:47:20 | 000,000,000 | ---D | C] -- C:\WINDOWS3425144298
[2011/12/28 01:46:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suma\Desktop\DummyCreator
[2011/12/27 18:52:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Suma\IECompatCache
[2011/12/27 18:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/27 18:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/12/27 17:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suma\Local Settings\Application Data\Secunia PSI
[2011/12/27 13:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suma\Application Data\Malwarebytes
[2011/12/27 13:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/27 13:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/27 13:02:18 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/27 13:02:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/27 13:01:02 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Suma\Desktop\mbam-setup.exe
[2011/12/24 17:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/12/24 00:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/15 11:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/15 11:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/07/20 08:56:04 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXCZhcp.dll
[2009/07/20 08:56:03 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczinpa.dll
[2009/07/20 08:56:03 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcziesc.dll
[2009/07/20 08:56:02 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczusb1.dll
[2009/07/20 08:56:01 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczserv.dll
[2009/07/20 08:56:01 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczprox.dll
[2009/07/20 08:56:00 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpmui.dll
[2009/07/20 08:56:00 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczlmpm.dll
[2009/07/20 08:56:00 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpplc.dll
[2009/07/20 08:55:58 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczih.exe
[2009/07/20 08:55:57 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczhbn3.dll
[2009/07/20 08:55:55 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcoms.exe
[2009/07/20 08:55:55 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomm.dll
[2009/07/20 08:55:54 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomc.dll
[2009/07/20 08:55:54 | 000,381,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcfg.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/31 16:11:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Suma\Desktop\OTL.exe
[2011/12/31 15:57:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/31 14:35:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/31 14:35:47 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/31 14:26:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/31 14:25:59 | 536,268,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/31 14:11:00 | 004,358,797 | R--- | M] (Swearware) -- C:\Documents and Settings\Suma\Desktop\ComboFix.exe
[2011/12/30 15:23:06 | 003,968,544 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Suma\Desktop\avg_free_stb_all_2012_1901_cnet.exe
[2011/12/30 12:15:44 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Suma\Desktop\MBR.dat
[2011/12/30 09:17:10 | 000,333,413 | ---- | M] () -- C:\Documents and Settings\Suma\Desktop\FSS.exe
[2011/12/29 19:49:00 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Suma\Desktop\aswMBR.exe
[2011/12/29 19:27:44 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Suma\Desktop\tdsskiller.exe
[2011/12/29 19:17:44 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Suma\Desktop\dds.scr
[2011/12/29 15:43:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/29 15:10:01 | 000,001,528 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/29 14:59:44 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Suma\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/29 14:58:25 | 000,000,524 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/12/29 14:35:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/29 11:12:04 | 000,000,457 | ---- | M] () -- C:\WINDOWS\Lexstat.ini
[2011/12/29 10:07:12 | 000,283,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/29 00:05:28 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/28 13:46:17 | 000,435,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/28 13:46:17 | 000,068,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/27 18:39:44 | 000,002,560 | ---- | M] () -- C:\WINDOWS\_MSRSTRT.EXE
[2011/12/27 18:36:47 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/12/27 18:34:36 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Suma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/27 18:20:04 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/12/27 13:02:26 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\Suma\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/27 13:02:26 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/27 13:01:02 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Suma\Desktop\mbam-setup.exe
[2011/12/27 12:15:54 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Suma\Desktop\iExplore.exe
[2011/12/27 12:06:18 | 000,001,205 | ---- | M] () -- C:\Documents and Settings\Suma\My Documents\FixNCR.reg
[2011/12/27 12:02:44 | 000,012,688 | -HS- | M] () -- C:\Documents and Settings\Suma\Local Settings\Application Data\swlmxj7k0twy4tie6ast2l701v1s
[2011/12/27 12:02:44 | 000,012,688 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\swlmxj7k0twy4tie6ast2l701v1s
[2011/12/23 00:20:30 | 000,318,171 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111223-203739.backup
[2011/12/22 23:28:53 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/12/22 11:45:47 | 000,001,280 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111223-002030.backup
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/30 23:13:28 | 000,333,413 | ---- | C] () -- C:\Documents and Settings\Suma\Desktop\FSS.exe
[2011/12/30 12:15:44 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Suma\Desktop\MBR.dat
[2011/12/29 14:58:25 | 000,000,524 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/12/28 13:22:36 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2011/12/28 13:22:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/28 13:02:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/28 13:02:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/28 13:02:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/28 13:02:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/28 13:02:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/27 18:39:44 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2011/12/27 18:34:36 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\Suma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/27 18:20:04 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/12/27 17:57:25 | 000,000,524 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/12/27 13:02:26 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Suma\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/27 13:02:26 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/27 12:38:35 | 000,001,205 | ---- | C] () -- C:\Documents and Settings\Suma\My Documents\FixNCR.reg
[2011/12/27 12:15:19 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Suma\Desktop\iExplore.exe
[2011/12/14 17:23:58 | 000,012,688 | -HS- | C] () -- C:\Documents and Settings\Suma\Local Settings\Application Data\swlmxj7k0twy4tie6ast2l701v1s
[2011/12/14 17:23:58 | 000,012,688 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\swlmxj7k0twy4tie6ast2l701v1s
[2011/09/28 12:05:36 | 000,001,528 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/26 01:43:55 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Suma\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/18 18:27:56 | 000,060,708 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/21 14:03:08 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/20 09:03:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2009/07/20 09:03:53 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2009/07/20 08:57:55 | 000,000,457 | ---- | C] () -- C:\WINDOWS\Lexstat.ini
[2009/07/20 08:57:35 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.dll
[2009/07/20 08:57:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2009/07/20 08:56:58 | 000,039,899 | ---- | C] () -- C:\WINDOWS\System32\rtsicis.ini
[2009/07/20 08:56:57 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv7.dll
[2009/07/20 08:56:57 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv6.dll
[2009/07/20 08:56:56 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv5.dll
[2009/07/20 08:56:56 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv4.dll
[2009/07/20 08:56:04 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCZinst.dll
[2009/07/20 08:56:02 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\lxczutil.dll
[2009/07/17 16:26:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/17 13:40:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/07/17 12:15:31 | 000,000,791 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2009/07/17 10:04:25 | 000,000,236 | ---- | C] () -- C:\Program Files\Common Files\dx.reg
[2009/07/17 10:04:24 | 000,681,478 | ---- | C] () -- C:\WINDOWS\System32\msvcrtnew.dll
[2009/07/17 10:04:23 | 001,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll
[2009/07/17 10:04:23 | 000,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll
[2009/07/17 10:04:23 | 000,716,153 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2009/07/17 10:04:23 | 000,187,398 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll
[2009/07/17 10:04:23 | 000,002,923 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/08/15 13:30:45 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/08/15 13:30:37 | 000,000,608 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/08/15 13:26:07 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2003/08/15 13:25:00 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2003/08/15 13:23:32 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2003/08/15 13:21:10 | 000,009,192 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2003/08/14 19:18:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/14 18:31:15 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/08/14 18:29:04 | 000,526,184 | ---- | C] () -- C:\WINDOWS\q329692.exe
[2003/08/14 18:28:34 | 000,289,128 | ---- | C] () -- C:\WINDOWS\q329390.exe
[2003/08/14 18:28:26 | 000,495,464 | ---- | C] () -- C:\WINDOWS\q329115.exe
[2003/08/14 18:25:39 | 000,381,288 | ---- | C] () -- C:\WINDOWS\q329048.exe
[2003/08/14 18:25:32 | 000,214,888 | ---- | C] () -- C:\WINDOWS\q329834.exe
[2003/08/14 18:25:00 | 000,711,528 | ---- | C] () -- C:\WINDOWS\q323255_wxp_sp2_x86_enu.exe
[2003/08/14 18:21:52 | 000,236,392 | ---- | C] () -- C:\WINDOWS\q329112.exe
[2003/08/14 18:19:59 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/13 21:12:16 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/13 21:09:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/08/13 21:06:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/08/13 20:59:36 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/08/13 20:59:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/08/13 20:59:23 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2003/08/13 20:59:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/08/13 20:58:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll
[2003/08/13 20:58:18 | 000,000,682 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/08/13 20:58:08 | 000,435,688 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/08/13 20:58:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/08/13 20:58:08 | 000,068,584 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/08/13 20:58:08 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/08/13 20:58:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/08/13 20:58:07 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/08/13 20:58:06 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/08/13 20:58:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/08/13 20:58:04 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/08/13 20:58:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/08/13 20:57:58 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/08/13 14:03:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/08/13 14:03:16 | 000,283,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/03/11 16:53:00 | 000,001,796 | ---- | C] () -- C:\WINDOWS\System32\SNDefs.dat
[2002/08/06 12:55:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\ml-WA3Shutdown.exe
[2002/06/12 13:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/04/02 18:08:36 | 000,373,667 | ---- | C] () -- C:\WINDOWS\ml-uninstall-v10.exe
[2002/04/02 18:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe
[2002/04/02 18:08:32 | 000,036,868 | ---- | C] () -- C:\WINDOWS\ml-winamp-shutdown.exe

========== LOP Check ==========

[2011/12/30 22:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/28 23:32:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/12/31 12:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/08/17 18:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/08/02 21:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/17 18:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\WindSolutions
[2011/12/30 22:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathai\Application Data\AVG Secure Search
[2011/12/29 18:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathai\Application Data\AVG2012
[2010/07/29 10:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathai\Application Data\Template
[2009/07/17 16:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathai\Application Data\TuneUp Software
[2011/03/23 16:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merene\Application Data\Diet Analysis Plus 9
[2011/03/23 16:36:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merene\Application Data\Thomson Learning
[2011/12/29 19:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suma\Application Data\AVG
[2011/12/29 14:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suma\Application Data\AVG2012
[2011/12/28 03:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suma\Application Data\ElevatedDiagnostics
[2009/07/22 17:35:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
[2009/07/27 19:20:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2009/08/06 21:35:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job

========== Purity Check ==========



========== Custom Scans ==========
 
Rest of OTL.Txt:


< %SYSTEMDRIVE%\*.* >
[2003/08/13 21:08:11 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/07/19 19:20:25 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2011/12/29 15:43:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/12/31 14:38:49 | 000,017,657 | ---- | M] () -- C:\ComboFix.txt
[2003/08/13 21:08:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/09/22 13:32:23 | 000,000,000 | ---- | M] () -- C:\faxendPdoc.log
[2011/12/31 14:25:59 | 536,268,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/23 20:37:36 | 028,922,996 | ---- | M] () -- C:\immudebug.log
[2003/08/13 21:08:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2003/08/13 21:08:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/07/17 15:37:26 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/07/17 15:37:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/12/31 14:25:58 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2011/12/27 12:42:48 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2011/12/27 12:56:09 | 000,052,472 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_27.12.2011_12.54.42_log.txt
[2011/12/30 11:50:40 | 000,105,074 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_30.12.2011_11.45.35_log.txt
[2008/04/06 02:59:10 | 000,589,824 | ---- | M] (Discordia Limited) -- C:\WebmailPlugin.dll

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2003/08/13 21:07:51 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/01/29 01:58:19 | 000,102,400 | ---- | M] (Lexmark International Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxczpp5c.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2003/08/13 14:02:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2003/08/13 14:02:42 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2003/08/13 14:02:42 | 000,401,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/07/17 15:42:15 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/07/20 21:31:28 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Suma\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2003/08/13 21:12:04 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Suma\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/12/29 19:49:00 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Suma\Desktop\aswMBR.exe
[2011/12/30 15:23:06 | 003,968,544 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Suma\Desktop\avg_free_stb_all_2012_1901_cnet.exe
[2011/12/31 14:11:00 | 004,358,797 | R--- | M] (Swearware) -- C:\Documents and Settings\Suma\Desktop\ComboFix.exe
[2011/12/30 09:17:10 | 000,333,413 | ---- | M] () -- C:\Documents and Settings\Suma\Desktop\FSS.exe
[2011/12/27 12:15:54 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Suma\Desktop\iExplore.exe
[2011/12/27 13:01:02 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Suma\Desktop\mbam-setup.exe
[2011/12/31 16:11:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Suma\Desktop\OTL.exe
[2010/12/26 01:50:57 | 006,275,960 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Suma\Desktop\Silverlight.exe
[2011/12/29 19:27:44 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Suma\Desktop\tdsskiller.exe

< %PROGRAMFILES%\Common Files\*.* >
[2008/03/09 06:25:10 | 000,000,236 | ---- | M] () -- C:\Program Files\Common Files\dx.reg

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/07/20 21:31:28 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Suma\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/12/31 16:11:13 | 000,475,136 | ---- | M] () -- C:\Documents and Settings\Suma\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/14 04:42:40 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
[2008/04/14 04:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/08/20 13:32:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 13:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 13:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 22:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 04:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 16:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2002/08/29 06:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/08/29 06:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/08/29 06:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/20 13:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/02 22:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
Extras.Txt


OTL Extras logfile created on: 12/31/2011 4:12:54 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Suma\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 247.04 Mb Available Physical Memory | 48.31% Memory free
1.22 Gb Paging File | 1.06 Gb Available in Paging File | 86.83% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 132.10 Gb Total Space | 92.97 Gb Free Space | 70.38% Space Free | Partition Type: NTFS
Drive F: | 146.99 Gb Total Space | 143.56 Gb Free Space | 97.67% Space Free | Partition Type: NTFS
Drive G: | 180.66 Gb Total Space | 180.01 Gb Free Space | 99.64% Space Free | Partition Type: NTFS

Computer Name: VALUED-3253602F | User Name: Suma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1048354621-3718348917-2159097072-1007\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\lxczcoms.exe" = C:\WINDOWS\system32\lxczcoms.exe:*:Enabled:1200 Series Server -- ( )


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1DBB465A-5DFC-4E3A-9A8A-15612D2386F0}" = Turbo Tax Offer
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 2.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}" = VAIO BrightColor Wallpaper
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{62F33B80-6244-4A70-A233-0DA13B640364}" = OpenMG Secure Module 3.2
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony Video Shared Library
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 2.6
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 1.6.00
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 2.6
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{88DA0A52-3372-4803-971A-ADFB961707E8}" = PictureGear Studio 2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{93B80FB1-7A23-11D3-B250-00105A1F4184}" =
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}" = VAIO System Information
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DDC146FA-73E0-4FA1-A353-841EA14BF600}" = Drag'n Drop CD+DVD
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"ATI Display Driver" = ATI Display Driver
"Diet Analysis Plus" = Diet Analysis Plus 9
"DirectX10 for Windows XP - Win2000, 2003,..._is1" = DirectX10 RC2 Pre Fix 3
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"jZip" = jZip
"Lexmark 1200 Series" = Lexmark 1200 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"LiveReg" = LiveReg (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MoodLogic" = MoodLogic
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"OpenMG HotFix3.2-03-01-16-01" = OpenMG Limited Patch 3.2-03-02-21-08
"OpenMG HotFix3.2-03-01-16-02" = OpenMG Limited Patch 3.2-03-03-18-01
"OpenMG HotFix3.2-03-04-14-02" = OpenMG Limited Patch 3.2-03-04-14-02
"Picasa 3" = Picasa 3
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"Sony on Yahoo! Essentials" = Sony on Yahoo! Essentials
"VAIO Support" = VAIO Support
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"VLC media player" = VLC media player 1.1.11
"Welcome to VAIO life" = Welcome to VAIO life
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/27/2011 3:52:36 PM | Computer Name = VALUED-3253602F | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B31EB1B740E36C8402DADC37D44DF5D4674952F9.crt>
with error: The connection with the server was terminated abnormally

Error - 12/27/2011 3:52:36 PM | Computer Name = VALUED-3253602F | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B31EB1B740E36C8402DADC37D44DF5D4674952F9.crt>
with error: The connection with the server was terminated abnormally

Error - 12/27/2011 3:52:36 PM | Computer Name = VALUED-3253602F | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B31EB1B740E36C8402DADC37D44DF5D4674952F9.crt>
with error: This network connection does not exist.

Error - 12/27/2011 3:52:36 PM | Computer Name = VALUED-3253602F | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B31EB1B740E36C8402DADC37D44DF5D4674952F9.crt>
with error: This network connection does not exist.

Error - 12/28/2011 3:27:05 PM | Computer Name = VALUED-3253602F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 12/28/2011 3:27:05 PM | Computer Name = VALUED-3253602F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/28/2011 3:28:42 PM | Computer Name = VALUED-3253602F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 12/28/2011 3:28:42 PM | Computer Name = VALUED-3253602F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/28/2011 4:16:38 PM | Computer Name = VALUED-3253602F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 12/30/2011 5:18:56 PM | Computer Name = VALUED-3253602F | Source = ESENT | ID = 490
Description = wuauclt (1420) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

[ OSession Events ]
Error - 10/6/2009 9:28:20 PM | Computer Name = VALUED-3253602F | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8234
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/31/2011 4:16:08 PM | Computer Name = VALUED-3253602F | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 12/31/2011 4:16:12 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%3

Error - 12/31/2011 4:16:12 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SAVRT SAVRTPEL SPBBCDrv SYMTDI

Error - 12/31/2011 4:16:25 PM | Computer Name = VALUED-3253602F | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000035'
while processing the file 'ntuser.ini' on the volume 'HarddiskVolume2'. It has
stopped monitoring the volume.

Error - 12/31/2011 4:26:07 PM | Computer Name = VALUED-3253602F | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 12/31/2011 4:26:09 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%3

Error - 12/31/2011 4:26:10 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SAVRT SAVRTPEL SPBBCDrv SYMTDI

Error - 12/31/2011 4:26:26 PM | Computer Name = VALUED-3253602F | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000035'
while processing the file 'Combo-Fix.sys' on the volume 'HarddiskVolume2'. It
has stopped monitoring the volume.

Error - 12/31/2011 6:13:50 PM | Computer Name = VALUED-3253602F | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 12/31/2011 6:13:50 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%3


< End of report >
 
You can reinstall AVG at any time.

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

==============================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
SRV - File not found [Disabled | Stopped] -- -- (Symantec AntiVirus)
SRV - File not found [Disabled | Stopped] -- -- (SNDSrvc)
SRV - File not found [On_Demand | Stopped] -- -- (SavRoam)
SRV - File not found [On_Demand | Stopped] -- -- (LiveUpdate)
SRV - File not found [Disabled | Stopped] -- -- (DefWatch)
SRV - [2006/04/11 16:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
DRV - [2011/11/13 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/10/18 05:50:50 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111211.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/18 05:50:50 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111211.006\NAVENG.SYS -- (NAVENG)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...1F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\System32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
[2011/12/27 12:02:44 | 000,012,688 | -HS- | M] () -- C:\Documents and Settings\Suma\Local Settings\Application Data\swlmxj7k0twy4tie6ast2l701v1s
[2011/12/27 12:02:44 | 000,012,688 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\swlmxj7k0twy4tie6ast2l701v1s

:Files
C:\Program Files\Common Files\Symantec Shared

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

===========================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL log: (working on the other scans...)


All processes killed
========== OTL ==========
Service Symantec AntiVirus stopped successfully!
Service Symantec AntiVirus deleted successfully!
Service SNDSrvc stopped successfully!
Service SNDSrvc deleted successfully!
Service SavRoam stopped successfully!
Service SavRoam deleted successfully!
Service LiveUpdate stopped successfully!
Service LiveUpdate deleted successfully!
Service DefWatch stopped successfully!
Service DefWatch deleted successfully!
Service SPBBCSvc stopped successfully!
Service SPBBCSvc deleted successfully!
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe moved successfully.
Service eeCtrl stopped successfully!
Service eeCtrl deleted successfully!
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys moved successfully.
Service NAVEX15 stopped successfully!
Service NAVEX15 deleted successfully!
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111211.006\NAVEX15.SYS moved successfully.
Service NAVENG stopped successfully!
Service NAVENG deleted successfully!
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111211.006\NAVENG.SYS moved successfully.
Starting removal of ActiveX control {32505657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wmvadvd.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{32505657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ deleted successfully.
C:\WINDOWS\system32\NavLogon.dll moved successfully.
C:\Documents and Settings\Suma\Local Settings\Application Data\swlmxj7k0twy4tie6ast2l701v1s moved successfully.
C:\Documents and Settings\All Users\Application Data\swlmxj7k0twy4tie6ast2l701v1s moved successfully.
========== FILES ==========
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmpd4b.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmpab.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp7e1c.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp6bf.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp674.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp673f.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp628c.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp5c77.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp5b87.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp58ea.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp58e6.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp581e.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp56ac.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp5133.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp4bf.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp48e2.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp466.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp3fe6.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp3d9.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp3a0a.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp3a07.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp2c46.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp2567.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp239a.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp22e7.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp2257.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp213e.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp20c7.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp19ee.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp163a.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp138.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp1339.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp10df.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp107d.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\TextHub folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\incoming folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111227.002 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111223.002 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111211.006 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SSC folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SPManifests folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SPBBC folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\LiveReg folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\Help folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\EENGINE folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\Decomposers folder moved successfully.
C:\Program Files\Common Files\Symantec Shared folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Charlene
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 735603 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 40364437 bytes
->Google Chrome cache emptied: 425173427 bytes
->Flash cache emptied: 108844 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Mathai
->Temp folder emptied: 8642376 bytes
->Temporary Internet Files folder emptied: 186007037 bytes
->Java cache emptied: 25817108 bytes
->FireFox cache emptied: 54976867 bytes
->Google Chrome cache emptied: 6413480 bytes
->Flash cache emptied: 574 bytes

User: Merene
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34767 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4565587 bytes
->Google Chrome cache emptied: 365922424 bytes
->Flash cache emptied: 20920 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 24798 bytes

User: Suma
->Temp folder emptied: 58032 bytes
->Temporary Internet Files folder emptied: 330670 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 30530945 bytes
->Google Chrome cache emptied: 357178795 bytes
->Flash cache emptied: 820 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,437.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Charlene
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: Mathai
->Flash cache emptied: 0 bytes

User: Merene
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Suma
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12312011_163324

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Not sure if you needed it, but here's the JavaRa log:


JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Dec 31 16:44:30 2011

Found and removed: C:\Documents and Settings\Suma\Application Data\Sun\Java\jre1.6.0_20

Found and removed: C:\Documents and Settings\Suma\Application Data\Sun\Java\jre1.6.0_29

Found and removed: Applications\java.exe

Found and removed: Applications\javaw.exe

Found and removed: JavaPlugin.FamilyVersionSupport

Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}

Found and removed: JavaScript

Found and removed: JavaScript Author

Found and removed: JavaScript1.1

Found and removed: JavaScript1.1 Author

Found and removed: JavaScript1.2

Found and removed: JavaScript1.2 Author

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

Found and removed: Software\Classes\JavaPlugin.140_03

Found and removed: Software\JavaSoft\Java Update

Found and removed: SOFTWARE\Classes\JavaPlugin

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.2

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.2

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5

------------------------------------

Finished reporting.
 
Results from Security Check:



Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 30
Mozilla Firefox (3.6.25) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
 
ESET results:


C:\Documents and Settings\Suma\Application Data\AVG\Rescue\PC Tuneup 2011\111229194909203.rsc multiple threats deleted - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\netbt.sys.vir Win32/Sirefef.DA trojan cleaned by deleting - quarantined
G:\Program Files\Install_AIM.exe Win32/Adware.WBug.A application deleted - quarantined
G:\Program Files\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application deleted - quarantined
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Awesome... thanks for all the help!

OTL Log:


All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Charlene
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mathai
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Merene
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Suma
->Temp folder emptied: 12492 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6188886 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49796 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Charlene
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: Mathai
->Flash cache emptied: 0 bytes

User: Merene
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Suma
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 12312011_192042

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Thanks again! Gonna finish the Windows Update and subsequent steps next year (tomorrow).

Happy New Year! :)
 
You must log in or register to reply here.

Similar threads

midian182
Mount Kilimanjaro now has high-speed internet connectivity
Replies
6
Views
697
wiyosaya
wiyosaya
B
Solved Bestprosoft
Replies
23
Views
3K
Broni
Broni
O
Reinstalled XP - cannot connect to internet
Replies
4
Views
2K
bazz2004
B

Latest posts

Back