TechSpot

Attempted to remove XP Security 2012, but Internet connectivity problems

Solved
By mathai
Dec 31, 2011
  1. I had the XP AntiSpyware 2012 and TDSS Rootkit infection, so I ran Malwarebytes and ComboFix and thought I had gotten it fixed. But after rescanning with AVG, it shows that the system is still infected with a Trojan Horse Hider.oow (netbt.sys). Also, whenever I restart the computer, I am unable to connect to the internet...

    I am rerunning Malwarebytes and will include the GMER and DDS logs (if needed) in the next post.

    Would appreciate any help! Thanks in advance.
  2. mathai

    mathai TS Rookie Topic Starter Posts: 16

    Malwarebytes

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 911122704

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/31/2011 12:08:29 PM
    mbam-log-2011-12-31 (12-08-29).txt

    Scan type: Full scan (C:\|F:\|G:\|)
    Objects scanned: 322674
    Time elapsed: 26 minute(s), 18 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-29 18:27:24
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5000AAKB-00H8A0 rev.05.04E05
    Running: m69ybdqz.exe; Driver: C:\DOCUME~1\Suma\LOCALS~1\Temp\kfkdrfod.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF5239F3C]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF5239FE4]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF523A080]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF523A11C]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \Driver\00000892 \GLOBAL??\c0fe8970 82D9C880

    ---- EOF - GMER 1.0.15 ----


    DDS logs


    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
    Run by Suma at 15:34:44 on 2011-12-30
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.224 [GMT -6:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\lxczcoms.exe
    F:\Program Files\PSI\PSIA.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    F:\Program Files\PSI\sua.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\ctfmon.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.sony.com/vaiopeople
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.23\AVG Secure Search_toolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.23\AVG Secure Search_toolbar.dll
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [ATIModeChange] Ati2mdxx.exe
    mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{AC2EF644-A523-4873-91DE-E197E692BE2E} : DhcpNameServer = 192.168.0.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
    Notify: igfxcui - igfxsrvc.dll
    Notify: NavLogon - c:\windows\system32\NavLogon.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\suma\application data\mozilla\firefox\profiles\apupzc9h.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 Secunia PSI Agent;Secunia PSI Agent;f:\program files\psi\psia.exe [2011-10-14 994360]
    R2 Secunia Update Agent;Secunia Update Agent;f:\program files\psi\sua.exe [2011-10-14 399416]
    R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2011-12-29 869216]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
    R3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2010-2-13 166720]
    S1 SAVRT;SAVRT;\??\c:\program files\symantec antivirus\savrt.sys --> c:\program files\symantec antivirus\savrt.sys [?]
    S1 SAVRTPEL;SAVRTPEL;\??\c:\program files\symantec antivirus\savrtpel.sys --> c:\program files\symantec antivirus\Savrtpel.sys [?]
    S2 gupdate1ca0d413c4afa64;Google Update Service (gupdate1ca0d413c4afa64);c:\program files\google\update\GoogleUpdate.exe [2009-7-25 133104]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-25 133104]
    S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20111211.006\naveng.sys [2011-12-11 86136]
    S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20111211.006\navex15.sys [2011-12-11 1576312]
    S3 SavRoam;SAVRoam;"c:\program files\symantec antivirus\savroam.exe" --> c:\program files\symantec antivirus\SavRoam.exe [?]
    S4 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccevtmgr.exe" --> c:\program files\common files\symantec shared\ccEvtMgr.exe [?]
    S4 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccsetmgr.exe" --> c:\program files\common files\symantec shared\ccSetMgr.exe [?]
    S4 Symantec AntiVirus;Symantec AntiVirus;"c:\program files\symantec antivirus\rtvscan.exe" --> c:\program files\symantec antivirus\Rtvscan.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-12-30 01:42:44 -------- d-----w- c:\documents and settings\suma\application data\AVG
    2011-12-29 21:56:10 -------- d-----w- C:\$AVG
    2011-12-29 20:48:27 -------- d-----w- c:\windows\pss
    2011-12-29 20:44:02 -------- d-----w- c:\documents and settings\suma\application data\AVG2012
    2011-12-29 20:41:56 -------- d-----w- c:\documents and settings\suma\application data\AVG Secure Search
    2011-12-29 20:41:52 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
    2011-12-29 20:41:49 -------- d-----w- c:\program files\common files\AVG Secure Search
    2011-12-29 20:41:47 -------- d-----w- c:\program files\AVG Secure Search
    2011-12-29 20:40:32 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-12-29 20:40:32 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
    2011-12-29 20:39:59 -------- d-----w- c:\program files\AVG
    2011-12-29 05:32:03 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
    2011-12-28 21:59:16 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2011-12-28 19:22:32 -------- d-sha-r- C:\cmdcons
    2011-12-28 19:02:10 518144 ----a-w- c:\windows\SWREG.exe
    2011-12-28 19:02:10 256000 ----a-w- c:\windows\PEV.exe
    2011-12-28 19:02:10 208896 ----a-w- c:\windows\MBR.exe
    2011-12-28 19:02:09 98816 ----a-w- c:\windows\sed.exe
    2011-12-28 09:01:38 -------- d-----w- c:\documents and settings\suma\application data\ElevatedDiagnostics
    2011-12-28 09:00:18 -------- d-----w- C:\MATS
    2011-12-28 07:47:20 -------- d-----w- C:\WINDOWS3425144298
    2011-12-28 00:52:10 -------- d-sh--w- c:\documents and settings\suma\IECompatCache
    2011-12-28 00:39:44 2560 ----a-w- c:\windows\_MSRSTRT.EXE
    2011-12-28 00:24:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-12-27 23:57:36 -------- d-----w- c:\documents and settings\suma\local settings\application data\Secunia PSI
    2011-12-27 19:03:28 -------- d-----w- c:\documents and settings\suma\application data\Malwarebytes
    2011-12-27 19:02:24 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-12-27 19:02:18 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-27 19:02:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    .
    ==================== Find3M ====================
    .
    2011-12-28 00:24:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-12-28 00:06:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-24 20:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 20:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-07 12:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-10-04 12:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2008-03-09 12:25:10 236 ----a-w- c:\program files\common files\dx.reg
    .
    ============= FINISH: 15:36:07.46 ===============


    DDS Attach Log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/17/2009 1:13:23 PM
    System Uptime: 12/30/2011 12:03:00 PM (3 hours ago)
    .
    Motherboard: ASUSTek Computer Inc. | | P4SD-VX
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | CPU 1 | 2992/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 132 GiB total, 92.512 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (NTFS) - 147 GiB total, 143.537 GiB free.
    G: is FIXED (NTFS) - 181 GiB total, 180.01 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&35F762C4&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&35F762C4&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP15: 7/17/2009 5:52:58 PM - Removed TuneUp Utilities 2008
    .
    ==== Installed Programs ======================
    .
    .
    Adobe Reader 9.4.7
    Agere Systems AC'97 Modem
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Control Panel
    ATI Display Driver
    AVG 2012
    AVG PC Tuneup
    Data Lifeguard Tools
    Diet Analysis Plus 9
    DirectX10 RC2 Pre Fix 3
    DivX Web Player
    Drag'n Drop CD+DVD
    DVgate Plus
    Google Chrome
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Extreme Graphics Driver
    Intel(R) PRO Network Adapters and Drivers
    Java Auto Updater
    Java(TM) 6 Update 29
    jZip
    Lexmark 1200 Series
    Lexmark Fax Solutions
    LiveReg (Symantec Corporation)
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Memory Stick Formatter
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works 7.0
    Microsoft XML Parser
    MoodLogic
    Mozilla Firefox (3.6.25)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Music Visualizer Library 1.4.00
    neroxml
    OpenMG Limited Patch 3.2-03-02-21-08
    OpenMG Limited Patch 3.2-03-03-18-01
    OpenMG Limited Patch 3.2-03-04-14-02
    OpenMG Secure Module 3.2
    Picasa 3
    PictureGear Studio 2.0
    QuickTime
    Secunia PSI (2.0.0.4003)
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    SonicStage 1.6.00
    Sony Certificate PCH
    Sony on Yahoo! Essentials
    Sony Video Shared Library
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    Turbo Tax Offer
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    VAIO BrightColor Wallpaper
    VAIO Help and Support
    VAIO Media 2.6
    VAIO Media Integrated Server 2.6
    VAIO Media Redistribution 2.6
    VAIO Registration
    VAIO Support
    VAIO Survey Standalone
    VAIO System Information
    VC80CRTRedist - 8.0.50727.762
    VCRedistSetup
    Viewpoint Media Player (Remove Only)
    VLC media player 1.1.11
    WebFldrs XP
    Welcome to VAIO life
    Windows Internet Explorer 8
    Windows XP Service Pack 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/30/2011 12:06:14 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    12/29/2011 7:25:03 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 000C6EF61B5C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    12/29/2011 6:46:27 PM, error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT
    12/29/2011 6:46:27 PM, error: Service Control Manager [7003] - The DHCP Client service depends on the following nonexistent service: NetBT
    12/28/2011 3:09:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SAVRT SAVRTPEL SPBBCDrv SYMTDI
    12/28/2011 3:09:07 AM, error: Service Control Manager [7024] - The Symantec SPBBCSvc service terminated with service-specific error 4294967295 (0xFFFFFFFF).
    12/28/2011 1:42:33 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000035' while processing the file 'Combo-Fix.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    12/28/2011 1:40:52 PM, error: PlugPlayManager [11] - The device Root\LEGACY_NPF\0000 disappeared from the system without first being prepared for removal.
    12/28/2011 1:31:48 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000035' while processing the file 'ntuser.ini' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    12/28/2011 1:25:49 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    12/28/2011 1:24:29 AM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the path specified.
    12/28/2011 1:24:29 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service to connect.
    12/28/2011 1:23:22 AM, error: SRService [104] - The System Restore initialization process failed.
    12/28/2011 1:22:43 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000035' while processing the file 'netbt.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    12/27/2011 7:20:33 PM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 000C6EF61B5C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    12/27/2011 6:41:45 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000035' while processing the file 'LastGood' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    12/27/2011 6:32:28 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    12/27/2011 5:52:57 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.4 with the system having network hardware address 60:FB:42:67:BA:1C. Network operations on this system may be disrupted as a result.
    12/27/2011 5:28:06 PM, error: Dhcp [1002] - The IP address lease 192.168.1.1 for the Network Card with network address 000C6EF61B5C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    12/27/2011 5:16:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
    12/27/2011 5:15:33 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000035' while processing the file 'ojmf.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    .
    ==== End Of File ===========================


    Let me know if any other logs are needed!
  3. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================================================

    You're running two AV programs, AVG and Norton.
    One of them has to go.
    If AVG use AVG Remover: http://www.avg.com/us-en/utilities
    If Norton use this tool: https://www-secure.symantec.com/nor...&version=1&pvid=f-home&entsrc=redirect_pubweb

    Then...

    Please download Farbar Service Scanner and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
  4. mathai

    mathai TS Rookie Topic Starter Posts: 16

    Ok, I uninstalled AVG, but can't get Symantec off. The Norton Removal Tool didn't work on Symantec AntiVirus, and I had previously used Microsoft FixIt (http://support.microsoft.com/mats/Program_Install_and_Uninstall) to remove it. But some of it's files are still on the computer...

    I went ahead and ran FSS (log below). Internet is working currently, but it won't work if I turn off or restart the computer:

    Farbar Service Scanner
    Ran by Suma (administrator) on 31-12-2011 at 13:22:05
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============
    Srservice Service is not running. Checking service configuration:
    The start type of Srservice service is OK.
    The ImagePath of Srservice service is OK.
    The ServiceDll of Srservice service is OK.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys
    [2003-08-13 20:58] - [2008-04-13 23:51] - 0162816 ____A () E83B450A3ADAE2D9EF4170474D94DDCC

    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Gpc(6) IPSec(4) NetBT(10) PSched(7) SYMTDI(8) Tcpip(3)
    0x09000000040000000100000002000000030000000800000009000000050000000600000007000000

    **** End of log ****
  5. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    It looks like you have corrupted/infected netbt.sys file.

    Please run Farbar Service Scanner.
    Type the following in the edit box after "Search:".

    netbt.sys

    Click Search Files button and post the log (FSS.txt) it makes to your reply.
  6. mathai

    mathai TS Rookie Topic Starter Posts: 16

    Farbar Service Scanner
    Ran by Suma (administrator) on 31-12-2011 at 13:33:50
    Microsoft Windows XP Service Pack 3 (X86)

    ************************************************
    ================== Search: "netbt.sys" ===================

    C:\WINDOWS\system32\drivers\netbt.sys
    [2003-08-13 20:58] - [2008-04-13 23:51] - 0162816 ____A () E83B450A3ADAE2D9EF4170474D94DDCC

    C:\WINDOWS\ServicePackFiles\i386\netbt.sys
    [2009-07-17 15:39] - [2008-04-13 23:51] - 0162816 ____N (Microsoft Corporation) 74B2B2F5BEA5E9A3DC021D685551BD3D

    C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
    [2009-07-17 15:35] - [2002-08-29 06:00] - 0157056 ____C (Microsoft Corporation) D96F3BC5A6E7452B0E3275B560DC8528

    ====== End Of Search ======
  7. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    FCopy::
    C:\WINDOWS\ServicePackFiles\i386\netbt.sys | C:\WINDOWS\system32\drivers\netbt.sys
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  8. mathai

    mathai TS Rookie Topic Starter Posts: 16

    ComboFix 11-12-31.03 - Suma 12/31/2011 14:17:14.5.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.309 [GMT -6:00]
    Running from: c:\documents and settings\Suma\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Suma\Desktop\CFScript.txt
    AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    Infected copy of c:\windows\system32\userinit.exe was found and disinfected
    Restored copy from - c:\windows\ERDNT\cache\userinit.exe
    .
    .
    --------------- FCopy ---------------
    .
    c:\windows\ServicePackFiles\i386\netbt.sys --> c:\windows\system32\drivers\netbt.sys
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-30 01:42 . 2011-12-30 01:49 -------- d-----w- c:\documents and settings\Suma\Application Data\AVG
    2011-12-29 21:56 . 2011-12-29 21:56 -------- d-----w- C:\$AVG
    2011-12-29 20:58 . 2011-12-29 20:59 -------- d-----w- c:\documents and settings\Suma\Application Data\vlc
    2011-12-29 20:40 . 2011-12-31 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
    2011-12-29 20:39 . 2011-12-29 20:39 -------- d-----w- c:\program files\AVG
    2011-12-29 05:32 . 2011-12-29 05:32 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
    2011-12-28 21:59 . 2011-12-31 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-12-28 09:01 . 2011-12-28 09:01 -------- d-----w- c:\documents and settings\Suma\Application Data\ElevatedDiagnostics
    2011-12-28 09:00 . 2011-12-28 09:00 -------- d-----w- C:\MATS
    2011-12-28 07:47 . 2011-12-28 07:47 -------- d-----w- C:\WINDOWS3425144298
    2011-12-28 00:52 . 2011-12-28 00:52 -------- d-sh--w- c:\documents and settings\Suma\IECompatCache
    2011-12-28 00:39 . 2011-12-28 00:39 2560 ----a-w- c:\windows\_MSRSTRT.EXE
    2011-12-28 00:24 . 2011-12-28 00:24 -------- d-----w- c:\program files\Common Files\Java
    2011-12-28 00:24 . 2011-12-28 00:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-12-27 23:57 . 2011-12-27 23:57 -------- d-----w- c:\documents and settings\Suma\Local Settings\Application Data\Secunia PSI
    2011-12-27 19:03 . 2011-12-27 19:03 -------- d-----w- c:\documents and settings\Suma\Application Data\Malwarebytes
    2011-12-27 19:02 . 2011-12-27 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-12-27 19:02 . 2011-12-27 19:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-27 19:02 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-24 23:29 . 2011-12-24 23:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-28 00:24 . 2010-05-04 02:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-12-28 00:06 . 2011-06-01 20:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-23 13:25 . 2003-08-14 02:58 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20 . 2003-08-14 02:58 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2003-08-14 02:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2003-08-14 02:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2009-07-17 21:41 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07 . 2003-07-05 19:12 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2003-08-14 02:57 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37 . 2002-08-29 01:04 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2002-08-29 01:04 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-18 11:13 . 2003-08-14 02:58 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22 . 2003-03-03 22:57 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2008-03-09 12:25 . 2009-07-17 16:04 236 ----a-w- c:\program files\Common Files\dx.reg
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2011-12-30_01.25.45 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-04-19 04:51 . 2011-04-19 04:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
    + 2011-04-19 04:51 . 2011-04-19 04:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
    + 2011-04-19 04:51 . 2011-04-19 04:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
    + 2011-04-19 04:51 . 2011-04-19 04:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
    + 2011-04-19 04:51 . 2011-04-19 04:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
    + 2011-04-19 04:51 . 2011-04-19 04:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
    + 2011-04-19 04:51 . 2011-04-19 04:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
    + 2011-04-19 04:51 . 2011-04-19 04:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
    + 2011-04-19 04:51 . 2011-04-19 04:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
    + 2011-04-19 04:51 . 2011-04-19 04:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
    + 2011-04-19 04:51 . 2011-04-19 04:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
    + 2011-04-19 04:51 . 2011-04-19 04:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
    + 2011-04-19 04:51 . 2011-04-19 04:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
    + 2011-04-19 04:51 . 2011-04-19 04:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
    - 2011-12-30 01:25 . 2011-12-30 01:25 40960 c:\windows\Temp\rtdrvmon.exe
    + 2011-12-31 20:26 . 2011-12-31 20:26 40960 c:\windows\Temp\rtdrvmon.exe
    + 2011-12-31 20:26 . 2011-12-31 20:26 16384 c:\windows\Temp\Perflib_Perfdata_528.dat
    + 2011-04-19 04:51 . 2011-04-19 04:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
    + 2011-04-19 04:51 . 2011-04-19 04:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
    + 2011-04-19 04:51 . 2011-04-19 04:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
    + 2011-04-19 04:51 . 2011-04-19 04:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
    + 2003-08-14 02:58 . 2008-04-14 05:51 162816 c:\windows\system32\dllcache\netbt.sys
    + 2009-07-21 03:30 . 2011-12-31 20:26 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
    - 2009-07-21 03:30 . 2011-12-30 01:25 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
    + 2011-12-30 17:43 . 2011-12-30 17:43 223744 c:\windows\Installer\37fed50.msi
    + 2011-01-14 13:10 . 2011-01-14 13:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
    + 2011-01-14 13:10 . 2011-01-14 13:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
    + 2011-04-19 04:51 . 2011-04-19 04:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
    + 2011-04-19 04:51 . 2011-04-19 04:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
    + 2011-07-21 18:34 . 2011-07-21 18:34 3456000 c:\windows\Installer\37fed48.msp
    + 2011-01-14 13:10 . 2011-01-14 13:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
    + 2011-01-14 13:10 . 2011-01-14 13:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
    + 2011-01-14 13:10 . 2011-01-14 13:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
    "ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 335872]
    "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 88363]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    c:\documents and settings\Merene\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    2006-07-20 00:26 52896 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
    2007-02-08 22:56 295856 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxczbmgr.exe]
    2007-02-08 22:52 74672 ----a-w- c:\program files\Lexmark 1200 Series\LXCZbmgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
    2003-04-20 05:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
    2006-09-28 01:33 125168 ----a-w- c:\progra~1\SYMANT~1\VPTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "ccSetMgr"=2 (0x2)
    "SPBBCSvc"=2 (0x2)
    "SNDSrvc"=3 (0x3)
    "ccEvtMgr"=2 (0x2)
    "DefWatch"=2 (0x2)
    "Symantec AntiVirus"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" /server
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\lxczcoms.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    .
    R2 Secunia PSI Agent;Secunia PSI Agent;f:\program files\PSI\psia.exe [10/14/2011 12:01 AM 994360]
    R2 Secunia Update Agent;Secunia Update Agent;f:\program files\PSI\sua.exe [10/14/2011 12:01 AM 399416]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 2:30 AM 15544]
    R3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2/13/2010 10:39 AM 166720]
    S2 gupdate1ca0d413c4afa64;Google Update Service (gupdate1ca0d413c4afa64);c:\program files\Google\Update\GoogleUpdate.exe [7/25/2009 10:01 AM 133104]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/25/2009 10:01 AM 133104]
    S3 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" --> c:\program files\Symantec AntiVirus\SavRoam.exe [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
    .
    2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-25 16:01]
    .
    2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-25 16:01]
    .
    2009-07-22 c:\windows\Tasks\Registration reminder 1.job
    - c:\windows\System32\OOBE\oobebaln.exe [2003-08-14 10:42]
    .
    2009-07-28 c:\windows\Tasks\Registration reminder 2.job
    - c:\windows\System32\OOBE\oobebaln.exe [2003-08-14 10:42]
    .
    2009-08-07 c:\windows\Tasks\Registration reminder 3.job
    - c:\windows\System32\OOBE\oobebaln.exe [2003-08-14 10:42]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.sony.com/vaiopeople
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Suma\Application Data\Mozilla\Firefox\Profiles\apupzc9h.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-31 14:35
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2400)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\lxczcoms.exe
    c:\windows\AGRSMMSG.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-31 14:38:49 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-31 20:38
    ComboFix2.txt 2011-12-31 05:01
    ComboFix3.txt 2011-12-30 01:30
    ComboFix4.txt 2011-12-28 20:39
    ComboFix5.txt 2011-12-31 20:11
    .
    Pre-Run: 99,749,777,408 bytes free
    Post-Run: 99,792,912,384 bytes free
    .
    - - End Of File - - FE56A3721E3D53207DFD83CB37CF0F68
  9. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    How is internet?
    Post new FSS log.
  10. mathai

    mathai TS Rookie Topic Starter Posts: 16

    It's working... for now. I'm afraid that when I shut-down and reboot the computer, it will not work again.

    FSS Log

    Farbar Service Scanner
    Ran by Suma (administrator) on 31-12-2011 at 15:14:17
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Gpc(6) IPSec(4) NetBT(10) PSched(7) SYMTDI(8) Tcpip(3)
    0x09000000040000000100000002000000030000000800000009000000050000000600000007000000

    **** End of log ****
  11. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    You'll be fine.
    All looks good :)

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. mathai

    mathai TS Rookie Topic Starter Posts: 16

    Thank you! No issues thus far :)

    OTL.txt

    OTL logfile created on: 12/31/2011 4:12:54 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Suma\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.36 Mb Total Physical Memory | 247.04 Mb Available Physical Memory | 48.31% Memory free
    1.22 Gb Paging File | 1.06 Gb Available in Paging File | 86.83% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 132.10 Gb Total Space | 92.97 Gb Free Space | 70.38% Space Free | Partition Type: NTFS
    Drive F: | 146.99 Gb Total Space | 143.56 Gb Free Space | 97.67% Space Free | Partition Type: NTFS
    Drive G: | 180.66 Gb Total Space | 180.01 Gb Free Space | 99.64% Space Free | Partition Type: NTFS

    Computer Name: VALUED-3253602F | User Name: Suma | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/31 16:11:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Suma\Desktop\OTL.exe
    PRC - [2011/10/14 00:01:50 | 000,994,360 | ---- | M] (Secunia) -- F:\Program Files\PSI\psia.exe
    PRC - [2011/10/14 00:01:48 | 000,399,416 | ---- | M] (Secunia) -- F:\Program Files\PSI\sua.exe
    PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/02/08 16:50:33 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxczcoms.exe
    PRC - [2002/08/20 11:29:26 | 000,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe


    ========== Modules (No Company Name) ==========

    MOD - [2006/11/22 08:05:12 | 000,012,288 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\fxctrstr.dll
    MOD - [2006/11/22 07:51:26 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXPRMON.DLL
    MOD - [2006/11/22 07:49:18 | 000,032,768 | ---- | M] () -- C:\Program Files\Lexmark Fax Solutions\ipcmt.dll
    MOD - [2006/01/10 16:11:05 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\lxczcnv4.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (Symantec AntiVirus)
    SRV - File not found [Disabled | Stopped] -- -- (SNDSrvc)
    SRV - File not found [On_Demand | Stopped] -- -- (SavRoam)
    SRV - File not found [On_Demand | Stopped] -- -- (LiveUpdate)
    SRV - File not found [Disabled | Stopped] -- -- (DefWatch)
    SRV - File not found [Disabled | Stopped] -- -- (ccSetMgr)
    SRV - File not found [Disabled | Stopped] -- -- (ccEvtMgr)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/10/14 00:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- F:\Program Files\PSI\PSIA.exe -- (Secunia PSI Agent)
    SRV - [2011/10/14 00:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- F:\Program Files\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2007/02/08 16:50:33 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxczcoms.exe -- (lxcz_device)
    SRV - [2006/04/11 16:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
    SRV - [2003/07/01 19:53:48 | 000,495,705 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe -- (VAIOMediaPlatform-MusicServer-AppServer)
    SRV - [2003/06/30 18:38:40 | 001,196,032 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)
    SRV - [2003/06/30 18:35:22 | 000,925,696 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe -- (VAIOMediaPlatform-PhotoServer-AppServer)
    SRV - [2003/06/24 15:49:54 | 000,720,896 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
    SRV - [2003/06/24 15:49:54 | 000,720,896 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP)
    SRV - [2003/06/24 15:49:54 | 000,720,896 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP)
    SRV - [2003/06/23 21:16:38 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP)
    SRV - [2003/06/23 21:16:38 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP)
    SRV - [2003/06/23 21:16:38 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP)
    SRV - [2002/12/24 12:01:22 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/11/13 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011/10/18 05:50:50 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111211.006\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/10/18 05:50:50 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111211.006\NAVENG.SYS -- (NAVENG)
    DRV - [2010/09/01 02:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
    DRV - [2008/04/13 22:04:16 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2003/07/12 19:46:14 | 000,761,472 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
    DRV - [2003/05/23 11:44:04 | 001,171,648 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2002/12/04 15:28:10 | 000,730,956 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2002/06/13 13:37:16 | 000,045,568 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
    DRV - [2001/08/17 12:50:34 | 000,166,720 | ---- | M] (S3 Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3m.sys -- (s3m)
    DRV - [2001/08/17 06:11:02 | 000,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xnd5.sys -- (EL90X)
    DRV - [2000/12/05 17:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1048354621-3718348917-2159097072-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
    IE - HKU\S-1-5-21-1048354621-3718348917-2159097072-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: F:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/27 18:20:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/27 18:20:13 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2009/07/17 15:03:28 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/12/27 18:36:54 | 000,000,000 | ---D | M]

    [2009/07/20 21:47:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suma\Application Data\Mozilla\Extensions
    [2011/06/13 16:46:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suma\Application Data\Mozilla\Firefox\Profiles\apupzc9h.default\extensions
    [2011/06/13 16:36:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Suma\Application Data\Mozilla\Firefox\Profiles\apupzc9h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/12/28 23:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/12/27 18:24:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    [2011/12/27 18:24:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}
    [2011/12/27 18:24:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/12/29 14:41:45 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll
    CHR - plugin: RealOne Player Version Plugin (Enabled) = C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Picasa (Enabled) = F:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2011/12/31 14:35:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
    O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1048354621-3718348917-2159097072-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1048354621-3718348917-2159097072-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1048354621-3718348917-2159097072-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1048354621-3718348917-2159097072-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC2EF644-A523-4873-91DE-E197E692BE2E}: DhcpNameServer = 192.168.0.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\System32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\VAIO BrightColor Wallpaper TrueColor 1024x768.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO BrightColor Wallpaper TrueColor 1024x768.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2003/08/13 21:08:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Error creating restore point.

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/31 16:11:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Suma\Desktop\OTL.exe
    [2011/12/30 22:37:29 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/12/30 15:34:30 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Suma\Desktop\dds.scr
    [2011/12/30 15:34:26 | 004,358,797 | R--- | C] (Swearware) -- C:\Documents and Settings\Suma\Desktop\ComboFix.exe
    [2011/12/30 15:34:19 | 003,968,544 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Suma\Desktop\avg_free_stb_all_2012_1901_cnet.exe
    [2011/12/30 15:33:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suma\Desktop\virus stuff
    [2011/12/30 11:50:48 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Suma\Desktop\aswMBR.exe
    [2011/12/29 19:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suma\Application Data\AVG
    [2011/12/29 19:26:46 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Suma\Desktop\tdsskiller.exe
    [2011/12/29 15:56:10 | 000,000,000 | ---D | C] -- C:\$AVG
    [2011/12/29 14:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suma\Application Data\vlc
    [2011/12/29 14:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
    [2011/12/29 14:48:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2011/12/29 14:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suma\Application Data\AVG2012
    [2011/12/29 14:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2011/12/29 14:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2011/12/28 23:32:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/12/28 15:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/12/28 13:22:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/12/28 13:02:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/12/28 13:02:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/12/28 13:02:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/12/28 13:02:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/12/28 12:53:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Suma\Start Menu\Programs\Administrative Tools
    [2011/12/28 03:05:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/12/28 03:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suma\Application Data\ElevatedDiagnostics
    [2011/12/28 03:00:18 | 000,000,000 | ---D | C] -- C:\MATS
    [2011/12/28 02:55:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
    [2011/12/28 02:55:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
    [2011/12/28 02:18:37 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/12/28 01:47:20 | 000,000,000 | ---D | C] -- C:\WINDOWS3425144298
    [2011/12/28 01:46:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suma\Desktop\DummyCreator
    [2011/12/27 18:52:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Suma\IECompatCache
    [2011/12/27 18:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/12/27 18:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
    [2011/12/27 17:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suma\Local Settings\Application Data\Secunia PSI
    [2011/12/27 13:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suma\Application Data\Malwarebytes
    [2011/12/27 13:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/12/27 13:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/12/27 13:02:18 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/12/27 13:02:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/12/27 13:01:02 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Suma\Desktop\mbam-setup.exe
    [2011/12/24 17:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2011/12/24 00:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2011/12/15 11:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2011/12/15 11:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2009/07/20 08:56:04 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXCZhcp.dll
    [2009/07/20 08:56:03 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczinpa.dll
    [2009/07/20 08:56:03 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcziesc.dll
    [2009/07/20 08:56:02 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczusb1.dll
    [2009/07/20 08:56:01 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczserv.dll
    [2009/07/20 08:56:01 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczprox.dll
    [2009/07/20 08:56:00 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpmui.dll
    [2009/07/20 08:56:00 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczlmpm.dll
    [2009/07/20 08:56:00 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczpplc.dll
    [2009/07/20 08:55:58 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczih.exe
    [2009/07/20 08:55:57 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczhbn3.dll
    [2009/07/20 08:55:55 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcoms.exe
    [2009/07/20 08:55:55 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomm.dll
    [2009/07/20 08:55:54 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcomc.dll
    [2009/07/20 08:55:54 | 000,381,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxczcfg.exe
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/12/31 16:11:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Suma\Desktop\OTL.exe
    [2011/12/31 15:57:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/12/31 14:35:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/12/31 14:35:47 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/12/31 14:26:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/12/31 14:25:59 | 536,268,800 | -HS- | M] () -- C:\hiberfil.sys
    [2011/12/31 14:11:00 | 004,358,797 | R--- | M] (Swearware) -- C:\Documents and Settings\Suma\Desktop\ComboFix.exe
    [2011/12/30 15:23:06 | 003,968,544 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Suma\Desktop\avg_free_stb_all_2012_1901_cnet.exe
    [2011/12/30 12:15:44 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Suma\Desktop\MBR.dat
    [2011/12/30 09:17:10 | 000,333,413 | ---- | M] () -- C:\Documents and Settings\Suma\Desktop\FSS.exe
    [2011/12/29 19:49:00 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Suma\Desktop\aswMBR.exe
    [2011/12/29 19:27:44 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Suma\Desktop\tdsskiller.exe
    [2011/12/29 19:17:44 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Suma\Desktop\dds.scr
    [2011/12/29 15:43:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/12/29 15:10:01 | 000,001,528 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/12/29 14:59:44 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Suma\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/12/29 14:58:25 | 000,000,524 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2011/12/29 14:35:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/12/29 11:12:04 | 000,000,457 | ---- | M] () -- C:\WINDOWS\Lexstat.ini
    [2011/12/29 10:07:12 | 000,283,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/12/29 00:05:28 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/12/28 13:46:17 | 000,435,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/12/28 13:46:17 | 000,068,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/12/27 18:39:44 | 000,002,560 | ---- | M] () -- C:\WINDOWS\_MSRSTRT.EXE
    [2011/12/27 18:36:47 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2011/12/27 18:34:36 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Suma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011/12/27 18:20:04 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2011/12/27 13:02:26 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\Suma\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/12/27 13:02:26 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/12/27 13:01:02 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Suma\Desktop\mbam-setup.exe
    [2011/12/27 12:15:54 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Suma\Desktop\iExplore.exe
    [2011/12/27 12:06:18 | 000,001,205 | ---- | M] () -- C:\Documents and Settings\Suma\My Documents\FixNCR.reg
    [2011/12/27 12:02:44 | 000,012,688 | -HS- | M] () -- C:\Documents and Settings\Suma\Local Settings\Application Data\swlmxj7k0twy4tie6ast2l701v1s
    [2011/12/27 12:02:44 | 000,012,688 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\swlmxj7k0twy4tie6ast2l701v1s
    [2011/12/23 00:20:30 | 000,318,171 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111223-203739.backup
    [2011/12/22 23:28:53 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2011/12/22 11:45:47 | 000,001,280 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111223-002030.backup
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/12/30 23:13:28 | 000,333,413 | ---- | C] () -- C:\Documents and Settings\Suma\Desktop\FSS.exe
    [2011/12/30 12:15:44 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Suma\Desktop\MBR.dat
    [2011/12/29 14:58:25 | 000,000,524 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2011/12/28 13:22:36 | 000,000,210 | ---- | C] () -- C:\Boot.bak
    [2011/12/28 13:22:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/12/28 13:02:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/12/28 13:02:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/12/28 13:02:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/12/28 13:02:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/12/28 13:02:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/12/27 18:39:44 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
    [2011/12/27 18:34:36 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\Suma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011/12/27 18:20:04 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2011/12/27 17:57:25 | 000,000,524 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
    [2011/12/27 13:02:26 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\Suma\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/12/27 13:02:26 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/12/27 12:38:35 | 000,001,205 | ---- | C] () -- C:\Documents and Settings\Suma\My Documents\FixNCR.reg
    [2011/12/27 12:15:19 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Suma\Desktop\iExplore.exe
    [2011/12/14 17:23:58 | 000,012,688 | -HS- | C] () -- C:\Documents and Settings\Suma\Local Settings\Application Data\swlmxj7k0twy4tie6ast2l701v1s
    [2011/12/14 17:23:58 | 000,012,688 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\swlmxj7k0twy4tie6ast2l701v1s
    [2011/09/28 12:05:36 | 000,001,528 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/12/26 01:43:55 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Suma\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/18 18:27:56 | 000,060,708 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/07/21 14:03:08 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/07/20 09:03:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
    [2009/07/20 09:03:53 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
    [2009/07/20 08:57:55 | 000,000,457 | ---- | C] () -- C:\WINDOWS\Lexstat.ini
    [2009/07/20 08:57:35 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.dll
    [2009/07/20 08:57:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
    [2009/07/20 08:56:58 | 000,039,899 | ---- | C] () -- C:\WINDOWS\System32\rtsicis.ini
    [2009/07/20 08:56:57 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv7.dll
    [2009/07/20 08:56:57 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv6.dll
    [2009/07/20 08:56:56 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv5.dll
    [2009/07/20 08:56:56 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv4.dll
    [2009/07/20 08:56:04 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCZinst.dll
    [2009/07/20 08:56:02 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\lxczutil.dll
    [2009/07/17 16:26:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2009/07/17 13:40:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2009/07/17 12:15:31 | 000,000,791 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
    [2009/07/17 10:04:25 | 000,000,236 | ---- | C] () -- C:\Program Files\Common Files\dx.reg
    [2009/07/17 10:04:24 | 000,681,478 | ---- | C] () -- C:\WINDOWS\System32\msvcrtnew.dll
    [2009/07/17 10:04:23 | 001,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll
    [2009/07/17 10:04:23 | 000,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll
    [2009/07/17 10:04:23 | 000,716,153 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
    [2009/07/17 10:04:23 | 000,187,398 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll
    [2009/07/17 10:04:23 | 000,002,923 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
    [2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2003/08/15 13:30:45 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
    [2003/08/15 13:30:37 | 000,000,608 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2003/08/15 13:26:07 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
    [2003/08/15 13:25:00 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
    [2003/08/15 13:23:32 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
    [2003/08/15 13:21:10 | 000,009,192 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2003/08/14 19:18:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2003/08/14 18:31:15 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
    [2003/08/14 18:29:04 | 000,526,184 | ---- | C] () -- C:\WINDOWS\q329692.exe
    [2003/08/14 18:28:34 | 000,289,128 | ---- | C] () -- C:\WINDOWS\q329390.exe
    [2003/08/14 18:28:26 | 000,495,464 | ---- | C] () -- C:\WINDOWS\q329115.exe
    [2003/08/14 18:25:39 | 000,381,288 | ---- | C] () -- C:\WINDOWS\q329048.exe
    [2003/08/14 18:25:32 | 000,214,888 | ---- | C] () -- C:\WINDOWS\q329834.exe
    [2003/08/14 18:25:00 | 000,711,528 | ---- | C] () -- C:\WINDOWS\q323255_wxp_sp2_x86_enu.exe
    [2003/08/14 18:21:52 | 000,236,392 | ---- | C] () -- C:\WINDOWS\q329112.exe
    [2003/08/14 18:19:59 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2003/08/13 21:12:16 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2003/08/13 21:09:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2003/08/13 21:06:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2003/08/13 20:59:36 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
    [2003/08/13 20:59:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
    [2003/08/13 20:59:23 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
    [2003/08/13 20:59:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
    [2003/08/13 20:58:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll
    [2003/08/13 20:58:18 | 000,000,682 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2003/08/13 20:58:08 | 000,435,688 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2003/08/13 20:58:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2003/08/13 20:58:08 | 000,068,584 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2003/08/13 20:58:08 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2003/08/13 20:58:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2003/08/13 20:58:07 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2003/08/13 20:58:06 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2003/08/13 20:58:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2003/08/13 20:58:04 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2003/08/13 20:58:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2003/08/13 20:57:58 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2003/08/13 14:03:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2003/08/13 14:03:16 | 000,283,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2003/03/11 16:53:00 | 000,001,796 | ---- | C] () -- C:\WINDOWS\System32\SNDefs.dat
    [2002/08/06 12:55:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\ml-WA3Shutdown.exe
    [2002/06/12 13:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
    [2002/04/02 18:08:36 | 000,373,667 | ---- | C] () -- C:\WINDOWS\ml-uninstall-v10.exe
    [2002/04/02 18:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe
    [2002/04/02 18:08:32 | 000,036,868 | ---- | C] () -- C:\WINDOWS\ml-winamp-shutdown.exe

    ========== LOP Check ==========

    [2011/12/30 22:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2011/12/28 23:32:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/12/31 12:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2010/08/17 18:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
    [2010/08/02 21:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/08/17 18:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlene\Application Data\WindSolutions
    [2011/12/30 22:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathai\Application Data\AVG Secure Search
    [2011/12/29 18:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathai\Application Data\AVG2012
    [2010/07/29 10:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathai\Application Data\Template
    [2009/07/17 16:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mathai\Application Data\TuneUp Software
    [2011/03/23 16:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merene\Application Data\Diet Analysis Plus 9
    [2011/03/23 16:36:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Merene\Application Data\Thomson Learning
    [2011/12/29 19:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suma\Application Data\AVG
    [2011/12/29 14:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suma\Application Data\AVG2012
    [2011/12/28 03:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suma\Application Data\ElevatedDiagnostics
    [2009/07/22 17:35:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
    [2009/07/27 19:20:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
    [2009/08/06 21:35:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job

    ========== Purity Check ==========



    ========== Custom Scans ==========
  13. mathai

    mathai TS Rookie Topic Starter Posts: 16

    Rest of OTL.Txt:


    < %SYSTEMDRIVE%\*.* >
    [2003/08/13 21:08:11 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/07/19 19:20:25 | 000,000,210 | ---- | M] () -- C:\Boot.bak
    [2011/12/29 15:43:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/12/31 14:38:49 | 000,017,657 | ---- | M] () -- C:\ComboFix.txt
    [2003/08/13 21:08:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2011/09/22 13:32:23 | 000,000,000 | ---- | M] () -- C:\faxendPdoc.log
    [2011/12/31 14:25:59 | 536,268,800 | -HS- | M] () -- C:\hiberfil.sys
    [2011/12/23 20:37:36 | 028,922,996 | ---- | M] () -- C:\immudebug.log
    [2003/08/13 21:08:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2003/08/13 21:08:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2009/07/17 15:37:26 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/07/17 15:37:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/12/31 14:25:58 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
    [2011/12/27 12:42:48 | 000,000,359 | ---- | M] () -- C:\rkill.log
    [2011/12/27 12:56:09 | 000,052,472 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_27.12.2011_12.54.42_log.txt
    [2011/12/30 11:50:40 | 000,105,074 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_30.12.2011_11.45.35_log.txt
    [2008/04/06 02:59:10 | 000,589,824 | ---- | M] (Discordia Limited) -- C:\WebmailPlugin.dll

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2003/08/13 21:07:51 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/01/29 01:58:19 | 000,102,400 | ---- | M] (Lexmark International Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxczpp5c.dll
    [2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2003/08/13 14:02:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2003/08/13 14:02:42 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2003/08/13 14:02:42 | 000,401,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/07/17 15:42:15 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/07/20 21:31:28 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Suma\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2003/08/13 21:12:04 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Suma\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/12/29 19:49:00 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Suma\Desktop\aswMBR.exe
    [2011/12/30 15:23:06 | 003,968,544 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Suma\Desktop\avg_free_stb_all_2012_1901_cnet.exe
    [2011/12/31 14:11:00 | 004,358,797 | R--- | M] (Swearware) -- C:\Documents and Settings\Suma\Desktop\ComboFix.exe
    [2011/12/30 09:17:10 | 000,333,413 | ---- | M] () -- C:\Documents and Settings\Suma\Desktop\FSS.exe
    [2011/12/27 12:15:54 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Suma\Desktop\iExplore.exe
    [2011/12/27 13:01:02 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Suma\Desktop\mbam-setup.exe
    [2011/12/31 16:11:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Suma\Desktop\OTL.exe
    [2010/12/26 01:50:57 | 006,275,960 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Suma\Desktop\Silverlight.exe
    [2011/12/29 19:27:44 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Suma\Desktop\tdsskiller.exe

    < %PROGRAMFILES%\Common Files\*.* >
    [2008/03/09 06:25:10 | 000,000,236 | ---- | M] () -- C:\Program Files\Common Files\dx.reg

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/07/20 21:31:28 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Suma\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/12/31 16:11:13 | 000,475,136 | ---- | M] () -- C:\Documents and Settings\Suma\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2008/04/14 04:42:40 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >
    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 04:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2002/08/20 13:32:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2002/08/20 13:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2002/08/20 13:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
    [2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 22:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 04:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2002/08/20 16:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
    [2002/08/29 06:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2002/08/29 06:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2002/08/29 06:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2002/08/20 13:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2007/04/02 22:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
  14. mathai

    mathai TS Rookie Topic Starter Posts: 16

    Extras.Txt


    OTL Extras logfile created on: 12/31/2011 4:12:54 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Suma\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.36 Mb Total Physical Memory | 247.04 Mb Available Physical Memory | 48.31% Memory free
    1.22 Gb Paging File | 1.06 Gb Available in Paging File | 86.83% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 132.10 Gb Total Space | 92.97 Gb Free Space | 70.38% Space Free | Partition Type: NTFS
    Drive F: | 146.99 Gb Total Space | 143.56 Gb Free Space | 97.67% Space Free | Partition Type: NTFS
    Drive G: | 180.66 Gb Total Space | 180.01 Gb Free Space | 99.64% Space Free | Partition Type: NTFS

    Computer Name: VALUED-3253602F | User Name: Suma | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-1048354621-3718348917-2159097072-1007\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "F:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "F:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\lxczcoms.exe" = C:\WINDOWS\system32\lxczcoms.exe:*:Enabled:1200 Series Server -- ( )


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
    "{1DBB465A-5DFC-4E3A-9A8A-15612D2386F0}" = Turbo Tax Offer
    "{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 2.6
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
    "{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
    "{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
    "{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}" = VAIO BrightColor Wallpaper
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{62F33B80-6244-4A70-A233-0DA13B640364}" = OpenMG Secure Module 3.2
    "{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
    "{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony Video Shared Library
    "{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 2.6
    "{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 1.6.00
    "{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 2.6
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
    "{88DA0A52-3372-4803-971A-ADFB961707E8}" = PictureGear Studio 2.0
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
    "{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{93B80FB1-7A23-11D3-B250-00105A1F4184}" =
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}" = VAIO System Information
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
    "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
    "{DDC146FA-73E0-4FA1-A353-841EA14BF600}" = Drag'n Drop CD+DVD
    "{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
    "{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
    "Agere Systems Soft Modem" = Agere Systems AC'97 Modem
    "ATI Display Driver" = ATI Display Driver
    "Diet Analysis Plus" = Diet Analysis Plus 9
    "DirectX10 for Windows XP - Win2000, 2003,..._is1" = DirectX10 RC2 Pre Fix 3
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Google Chrome" = Google Chrome
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
    "InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
    "InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
    "jZip" = jZip
    "Lexmark 1200 Series" = Lexmark 1200 Series
    "Lexmark Fax Solutions" = Lexmark Fax Solutions
    "LiveReg" = LiveReg (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MoodLogic" = MoodLogic
    "Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
    "OpenMG HotFix3.2-03-01-16-01" = OpenMG Limited Patch 3.2-03-02-21-08
    "OpenMG HotFix3.2-03-01-16-02" = OpenMG Limited Patch 3.2-03-03-18-01
    "OpenMG HotFix3.2-03-04-14-02" = OpenMG Limited Patch 3.2-03-04-14-02
    "Picasa 3" = Picasa 3
    "PROSet" = Intel(R) PRO Network Adapters and Drivers
    "Secunia PSI" = Secunia PSI (2.0.0.4003)
    "Sony on Yahoo! Essentials" = Sony on Yahoo! Essentials
    "VAIO Support" = VAIO Support
    "ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
    "VLC media player" = VLC media player 1.1.11
    "Welcome to VAIO life" = Welcome to VAIO life
    "Windows XP Service Pack" = Windows XP Service Pack 3

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/27/2011 3:52:36 PM | Computer Name = VALUED-3253602F | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B31EB1B740E36C8402DADC37D44DF5D4674952F9.crt>
    with error: The connection with the server was terminated abnormally

    Error - 12/27/2011 3:52:36 PM | Computer Name = VALUED-3253602F | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B31EB1B740E36C8402DADC37D44DF5D4674952F9.crt>
    with error: The connection with the server was terminated abnormally

    Error - 12/27/2011 3:52:36 PM | Computer Name = VALUED-3253602F | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B31EB1B740E36C8402DADC37D44DF5D4674952F9.crt>
    with error: This network connection does not exist.

    Error - 12/27/2011 3:52:36 PM | Computer Name = VALUED-3253602F | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B31EB1B740E36C8402DADC37D44DF5D4674952F9.crt>
    with error: This network connection does not exist.

    Error - 12/28/2011 3:27:05 PM | Computer Name = VALUED-3253602F | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 12/28/2011 3:27:05 PM | Computer Name = VALUED-3253602F | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 12/28/2011 3:28:42 PM | Computer Name = VALUED-3253602F | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 12/28/2011 3:28:42 PM | Computer Name = VALUED-3253602F | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 12/28/2011 4:16:38 PM | Computer Name = VALUED-3253602F | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 12/30/2011 5:18:56 PM | Computer Name = VALUED-3253602F | Source = ESENT | ID = 490
    Description = wuauclt (1420) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
    for read / write access failed with system error 32 (0x00000020): "The process
    cannot access the file because it is being used by another process. ". The open
    file operation will fail with error -1032 (0xfffffbf8).

    [ OSession Events ]
    Error - 10/6/2009 9:28:20 PM | Computer Name = VALUED-3253602F | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8234
    seconds with 240 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 12/31/2011 4:16:08 PM | Computer Name = VALUED-3253602F | Source = SRService | ID = 104
    Description = The System Restore initialization process failed.

    Error - 12/31/2011 4:16:12 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
    %%3

    Error - 12/31/2011 4:16:12 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SAVRT SAVRTPEL SPBBCDrv SYMTDI

    Error - 12/31/2011 4:16:25 PM | Computer Name = VALUED-3253602F | Source = sr | ID = 1
    Description = The System Restore filter encountered the unexpected error '0xC0000035'
    while processing the file 'ntuser.ini' on the volume 'HarddiskVolume2'. It has
    stopped monitoring the volume.

    Error - 12/31/2011 4:26:07 PM | Computer Name = VALUED-3253602F | Source = SRService | ID = 104
    Description = The System Restore initialization process failed.

    Error - 12/31/2011 4:26:09 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
    %%3

    Error - 12/31/2011 4:26:10 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SAVRT SAVRTPEL SPBBCDrv SYMTDI

    Error - 12/31/2011 4:26:26 PM | Computer Name = VALUED-3253602F | Source = sr | ID = 1
    Description = The System Restore filter encountered the unexpected error '0xC0000035'
    while processing the file 'Combo-Fix.sys' on the volume 'HarddiskVolume2'. It
    has stopped monitoring the volume.

    Error - 12/31/2011 6:13:50 PM | Computer Name = VALUED-3253602F | Source = SRService | ID = 104
    Description = The System Restore initialization process failed.

    Error - 12/31/2011 6:13:50 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
    %%3


    < End of report >
  15. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    You can reinstall AVG at any time.

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

    ==============================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Disabled | Stopped] -- -- (Symantec AntiVirus)
      SRV - File not found [Disabled | Stopped] -- -- (SNDSrvc)
      SRV - File not found [On_Demand | Stopped] -- -- (SavRoam)
      SRV - File not found [On_Demand | Stopped] -- -- (LiveUpdate)
      SRV - File not found [Disabled | Stopped] -- -- (DefWatch)
      SRV - [2006/04/11 16:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
      DRV - [2011/11/13 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
      DRV - [2011/10/18 05:50:50 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111211.006\NAVEX15.SYS -- (NAVEX15)
      DRV - [2011/10/18 05:50:50 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111211.006\NAVENG.SYS -- (NAVENG)
      O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...1F/wmvadvd.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
      O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
      O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\System32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
      [2011/12/27 12:02:44 | 000,012,688 | -HS- | M] () -- C:\Documents and Settings\Suma\Local Settings\Application Data\swlmxj7k0twy4tie6ast2l701v1s
      [2011/12/27 12:02:44 | 000,012,688 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\swlmxj7k0twy4tie6ast2l701v1s
      
      :Files
      C:\Program Files\Common Files\Symantec Shared
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ============================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ===========================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  16. mathai

    mathai TS Rookie Topic Starter Posts: 16

    OTL log: (working on the other scans...)


    All processes killed
    ========== OTL ==========
    Service Symantec AntiVirus stopped successfully!
    Service Symantec AntiVirus deleted successfully!
    Service SNDSrvc stopped successfully!
    Service SNDSrvc deleted successfully!
    Service SavRoam stopped successfully!
    Service SavRoam deleted successfully!
    Service LiveUpdate stopped successfully!
    Service LiveUpdate deleted successfully!
    Service DefWatch stopped successfully!
    Service DefWatch deleted successfully!
    Service SPBBCSvc stopped successfully!
    Service SPBBCSvc deleted successfully!
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe moved successfully.
    Service eeCtrl stopped successfully!
    Service eeCtrl deleted successfully!
    C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys moved successfully.
    Service NAVEX15 stopped successfully!
    Service NAVEX15 deleted successfully!
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111211.006\NAVEX15.SYS moved successfully.
    Service NAVENG stopped successfully!
    Service NAVENG deleted successfully!
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111211.006\NAVENG.SYS moved successfully.
    Starting removal of ActiveX control {32505657-9980-0010-8000-00AA00389B71}
    C:\WINDOWS\Downloaded Program Files\wmvadvd.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{32505657-9980-0010-8000-00AA00389B71}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505657-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{32505657-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505657-9980-0010-8000-00AA00389B71}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
    Starting removal of ActiveX control DirectAnimation Java Classes
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
    File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
    Starting removal of ActiveX control Microsoft XML Parser for Java
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ deleted successfully.
    C:\WINDOWS\system32\NavLogon.dll moved successfully.
    C:\Documents and Settings\Suma\Local Settings\Application Data\swlmxj7k0twy4tie6ast2l701v1s moved successfully.
    C:\Documents and Settings\All Users\Application Data\swlmxj7k0twy4tie6ast2l701v1s moved successfully.
    ========== FILES ==========
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmpd4b.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmpab.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp7e1c.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp6bf.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp674.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp673f.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp628c.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp5c77.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp5b87.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp58ea.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp58e6.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp581e.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp56ac.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp5133.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp4bf.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp48e2.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp466.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp3fe6.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp3d9.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp3a0a.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp3a07.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp2c46.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp2567.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp239a.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp22e7.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp2257.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp213e.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp20c7.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp19ee.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp163a.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp138.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp1339.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp10df.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp107d.tmp folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\TextHub folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\incoming folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111227.002 folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111223.002 folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111211.006 folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\VirusDefs folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\SSC folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\SPManifests folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\SPBBC folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\LiveReg folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\Help folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\EENGINE folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared\Decomposers folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: All Users

    User: Charlene
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 735603 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 40364437 bytes
    ->Google Chrome cache emptied: 425173427 bytes
    ->Flash cache emptied: 108844 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: LocalService
    ->Temp folder emptied: 65536 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes

    User: Mathai
    ->Temp folder emptied: 8642376 bytes
    ->Temporary Internet Files folder emptied: 186007037 bytes
    ->Java cache emptied: 25817108 bytes
    ->FireFox cache emptied: 54976867 bytes
    ->Google Chrome cache emptied: 6413480 bytes
    ->Flash cache emptied: 574 bytes

    User: Merene
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 34767 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 4565587 bytes
    ->Google Chrome cache emptied: 365922424 bytes
    ->Flash cache emptied: 20920 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 24798 bytes

    User: Suma
    ->Temp folder emptied: 58032 bytes
    ->Temporary Internet Files folder emptied: 330670 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 30530945 bytes
    ->Google Chrome cache emptied: 357178795 bytes
    ->Flash cache emptied: 820 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,437.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Charlene
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: Mathai
    ->Flash cache emptied: 0 bytes

    User: Merene
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Suma
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 12312011_163324

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
  17. mathai

    mathai TS Rookie Topic Starter Posts: 16

    Not sure if you needed it, but here's the JavaRa log:


    JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Sat Dec 31 16:44:30 2011

    Found and removed: C:\Documents and Settings\Suma\Application Data\Sun\Java\jre1.6.0_20

    Found and removed: C:\Documents and Settings\Suma\Application Data\Sun\Java\jre1.6.0_29

    Found and removed: Applications\java.exe

    Found and removed: Applications\javaw.exe

    Found and removed: JavaPlugin.FamilyVersionSupport

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}

    Found and removed: JavaScript

    Found and removed: JavaScript Author

    Found and removed: JavaScript1.1

    Found and removed: JavaScript1.1 Author

    Found and removed: JavaScript1.2

    Found and removed: JavaScript1.2 Author

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

    Found and removed: Software\Classes\JavaPlugin.140_03

    Found and removed: Software\JavaSoft\Java Update

    Found and removed: SOFTWARE\Classes\JavaPlugin

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.0_03

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.2

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.2

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5

    ------------------------------------

    Finished reporting.
  18. mathai

    mathai TS Rookie Topic Starter Posts: 16

    Results from Security Check:



    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 30
    Mozilla Firefox (3.6.25) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````
  19. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Don't forget to reinstall AVG.
  20. mathai

    mathai TS Rookie Topic Starter Posts: 16

    Will do!

    Just ran TFC (is there a log from there to post?) and now waiting on ESET.
  21. mathai

    mathai TS Rookie Topic Starter Posts: 16

    ESET results:


    C:\Documents and Settings\Suma\Application Data\AVG\Rescue\PC Tuneup 2011\111229194909203.rsc multiple threats deleted - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\netbt.sys.vir Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    G:\Program Files\Install_AIM.exe Win32/Adware.WBug.A application deleted - quarantined
    G:\Program Files\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application deleted - quarantined
  22. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  23. mathai

    mathai TS Rookie Topic Starter Posts: 16

    Awesome... thanks for all the help!

    OTL Log:


    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Charlene
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Mathai
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Merene
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Suma
    ->Temp folder emptied: 12492 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 6188886 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 49796 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 6.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Charlene
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: Mathai
    ->Flash cache emptied: 0 bytes

    User: Merene
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Suma
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.31.0 log created on 12312011_192042

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
  24. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Way to go!! [​IMG]
    Good luck and stay safe :)

    [​IMG]
  25. mathai

    mathai TS Rookie Topic Starter Posts: 16

    Thanks again! Gonna finish the Windows Update and subsequent steps next year (tomorrow).

    Happy New Year! :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.