Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan-Dropper.Win32.Agent.glez and/or back-door.greybird and/or Troja

Started by GadgetAngel , May 31 2012 10:25 PM

  • This topic is locked This topic is locked

#16
GadgetAngel
Posted 14 June 2012 - 04:38 PM

GadgetAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Is the memory issue sorted?


Yes, what do you want me to do next?

Regards,
GadgetAngel
  • 0

Advertisements

#17
azarl
Posted 15 June 2012 - 01:41 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
OK, let's see a fresh OTL log please

then let's see if anything is hiding...

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#18
GadgetAngel
Posted 18 June 2012 - 05:36 PM

GadgetAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Well I ran into some issues. Sorry it took a while to work them out. Here are the latest files you required.

Here is the OTL.Txt file:

OTL logfile created on: 6/18/2012 5:54:26 PM - Run 14
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\joann manges\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

630.04 Mb Total Physical Memory | 140.90 Mb Available Physical Memory | 22.36% Memory free
1.50 Gb Paging File | 1.12 Gb Available in Paging File | 74.32% Paging File free
Paging file location(s): C:\pagefile.sys 2 945F:\pagefile.sys 1716 3432 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 82.62 Gb Free Space | 35.48% Space Free | Partition Type: NTFS
Drive F: | 931.48 Gb Total Space | 903.99 Gb Free Space | 97.05% Space Free | Partition Type: NTFS
Drive G: | 186.26 Gb Total Space | 55.05 Gb Free Space | 29.56% Space Free | Partition Type: FAT32

Computer Name: JTMLAPTOP | User Name: joann manges | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/14 19:19:24 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\joann manges\Desktop\OTL.com
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
PRC - [2011/12/23 11:20:00 | 001,037,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
PRC - [2011/12/23 11:20:00 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
PRC - [2011/12/23 11:18:38 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
PRC - [2011/12/23 11:18:24 | 001,029,480 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/04/20 21:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe -- (NIS)
SRV - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe -- (EraserSvc11122)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/23 11:20:00 | 001,037,672 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe -- (SpeedDiskService)
SRV - [2011/12/23 11:18:24 | 001,029,480 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe -- (DiskDoctorService)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/08/05 12:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2011/06/27 23:15:44 | 000,258,048 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Franson\GpsGate 2.0\GpsGateService.exe -- (Franson GpsGate 2.0)
SRV - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\rt2870.sys -- (rt2870)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\rcvpn.sys -- (rcvpn)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/06/16 02:12:01 | 000,032,072 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/06/08 02:24:23 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/27 21:16:01 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/05/26 01:00:00 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120614.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/26 01:00:00 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20120614.032\NAVENG.SYS -- (NAVENG)
DRV - [2012/05/25 15:09:46 | 000,356,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20120613.007\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/05/01 17:15:18 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utk0otc2.sys -- (utk0otc2)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/03 21:44:36 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20120531.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/03/29 02:28:38 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\symtdi.sys -- (SYMTDI)
DRV - [2012/03/29 02:28:30 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\SymEFA.sys -- (SymEFA)
DRV - [2012/03/29 02:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\SymDS.sys -- (SymDS)
DRV - [2012/03/29 02:06:25 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\Ironx86.sys -- (SymIRON)
DRV - [2012/03/29 02:03:27 | 000,574,072 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\srtsp.sys -- (SRTSP)
DRV - [2012/03/29 02:03:27 | 000,032,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/12/23 11:20:04 | 000,128,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymDSMon.sys -- (SymDSMon)
DRV - [2011/12/23 11:20:04 | 000,108,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymSpeedDisk.sys -- (SYMSpeedDisk)
DRV - [2011/11/29 18:44:14 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/03/25 09:54:31 | 000,117,752 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/07/12 14:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2010/07/12 14:48:56 | 000,073,032 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010/05/06 17:35:04 | 000,829,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AE1000XP.sys -- (AE1000)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/07/09 18:40:52 | 000,128,144 | R--- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/03/16 18:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/07/21 10:48:10 | 000,035,107 | ---- | M] (Winternals) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VDiskBus.sys -- (vdiskbus)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/05/05 19:21:00 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvport.sys -- (nvport)
DRV - [2006/04/03 22:00:56 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bizVSerialNT.sys -- (bizVSerial)
DRV - [2006/03/29 08:49:26 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/15 15:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/02/04 11:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2003/12/17 15:30:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2003/07/21 13:01:06 | 000,032,400 | ---- | M] (Winternals, SysInternals) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tdimsys.sys -- (TDIMSYS)
DRV - [2003/01/23 16:37:50 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2002/12/24 19:52:00 | 000,059,520 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Rmedia.sys -- (rmedia)
DRV - [2002/04/11 17:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,;Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http:\\www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\IPSFFPlgn\ [2012/05/27 21:20:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\coFFPlgn\ [2012/06/18 17:38:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/10 16:11:20 | 000,000,000 | ---D | M]

[2012/05/10 16:11:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/20 21:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

O1 HOSTS File: ([2012/05/04 18:58:31 | 000,437,615 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15053 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\joann manges\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O8 - Extra context menu item: Add to Anti-Banner - Reg Error: Value error. File not found
O8 - Extra context menu item: Customize Menu - Reg Error: Value error. File not found
O8 - Extra context menu item: Fill Forms - Reg Error: Value error. File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: RoboForm Toolbar - Reg Error: Value error. File not found
O8 - Extra context menu item: Save Forms - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1242707181735 (WUWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1242707248220 (MUWebControl Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{097E9B33-3BD9-4D62-BB01-F14AF0B39F32}: DhcpNameServer = 10.10.10.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\joann manges\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\joann manges\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/15 07:02:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/12/01 21:53:56 | 000,000,029 | R--- | M] () - F:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/05/22 23:46:42 | 000,000,528 | ---- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007/11/15 13:15:02 | 000,001,114 | ---- | M] () - G:\AUTOEXEC.BAT.bck -- [ FAT32 ]
O32 - AutoRun File - [2012/05/22 22:19:26 | 000,001,690 | ---- | M] () - G:\AUTOEXEC.BAk22.txt -- [ FAT32 ]
O33 - MountPoints2\{1109e141-52d7-11de-8f32-001143cca6f5}\Shell\AutoRun\command - "" = D:\PortableRoboForm.exe
O33 - MountPoints2\{1109e141-52d7-11de-8f32-001143cca6f5}\Shell\RoboForm2Go\command - "" = D:\PortableRoboForm.exe
O33 - MountPoints2\{60b35480-5305-11de-8f34-001143cca6f5}\Shell - "" = AutoRun
O33 - MountPoints2\{60b35480-5305-11de-8f34-001143cca6f5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{60b35480-5305-11de-8f34-001143cca6f5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{60b35484-5305-11de-8f34-001143cca6f5}\Shell - "" = AutoRun
O33 - MountPoints2\{60b35484-5305-11de-8f34-001143cca6f5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{60b35484-5305-11de-8f34-001143cca6f5}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/18 17:29:16 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\joann manges\Desktop\OTL.com
[2012/06/18 16:46:45 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\joann manges\Desktop\aswMBR.exe
[2012/06/16 05:43:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann manges\Local Settings\Application Data\Mozilla
[2012/06/16 05:43:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann manges\Application Data\Mozilla
[2012/06/16 02:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2012/06/16 02:23:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\joann manges\Application Data\Foxit Software
[2012/06/11 14:50:57 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/06/07 23:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader 5.1
[2012/06/07 23:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2012/06/07 23:23:26 | 000,000,000 | ---D | C] -- C:\TroubleShooting Blue Screen Of Death
[2012/05/27 22:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton Installer
[2012/05/27 22:57:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Utilities 15
[2012/05/27 22:57:21 | 000,128,248 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymDSMon.sys
[2012/05/27 22:57:21 | 000,108,800 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymSpeedDisk.sys
[2012/05/27 22:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec
[2012/05/27 22:57:12 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx
[2012/05/27 22:57:12 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx
[2012/05/27 22:57:12 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx
[2012/05/27 22:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Utilities 15
[2012/05/27 21:16:01 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/05/27 21:16:01 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/05/27 21:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/05/27 21:14:49 | 000,388,216 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307010.005\symtdi.sys
[2012/05/27 21:14:49 | 000,345,208 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307010.005\symtdiv.sys
[2012/05/27 21:14:49 | 000,318,584 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307010.005\symnets.sys
[2012/05/27 21:14:48 | 000,905,336 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307010.005\SymEFA.sys
[2012/05/27 21:14:48 | 000,574,072 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307010.005\srtsp.sys
[2012/05/27 21:14:48 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307010.005\SymDS.sys
[2012/05/27 21:14:48 | 000,149,624 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307010.005\Ironx86.sys
[2012/05/27 21:14:48 | 000,032,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307010.005\srtspx.sys
[2012/05/27 21:14:47 | 000,132,744 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307010.005\ccSetx86.sys
[2012/05/27 21:03:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2012/05/27 21:03:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1307010.005
[2012/05/27 21:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2012/05/27 21:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012/05/27 21:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2012/05/27 20:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/05/27 20:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2012/05/27 20:40:23 | 000,829,136 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\All Users\Documents\NISDownloader.exe
[2012/05/27 20:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2012/05/27 20:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2012/05/19 21:18:36 | 000,000,000 | ---D | C] -- C:\EasyBoot
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/18 18:20:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{486BC23B-4E53-4ED4-9302-3A71D984B0FC}.job
[2012/06/18 17:49:46 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\joann manges\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/18 17:44:19 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/06/18 17:39:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/18 17:37:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/16 03:25:37 | 000,000,948 | ---- | M] () -- C:\Documents and Settings\joann manges\Desktop\Shortcut to BlueScreenView.exe.lnk
[2012/06/16 03:24:54 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\joann manges\Desktop\Shortcut to DriverView.exe.lnk
[2012/06/16 03:24:13 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\joann manges\Desktop\Shortcut to MyEventViewer.exe.lnk
[2012/06/16 02:34:57 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\joann manges\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2012/06/16 02:34:56 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2012/06/16 02:12:01 | 000,032,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/06/15 14:14:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\joann manges\Desktop\aswMBR.exe
[2012/06/10 20:30:28 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\joann manges\Local Settings\Application Data\ZuneSetup.mex
[2012/06/08 02:42:54 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\joann manges\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to procexp.exe.lnk
[2012/06/07 23:43:01 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\joann manges\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.1.lnk
[2012/06/07 23:43:00 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader 5.1.lnk
[2012/06/07 23:38:56 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\joann manges\Desktop\Shortcut to TroubleShooting Blue Screen Of Death.lnk
[2012/06/07 20:04:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2012/05/27 22:59:39 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\NUSchedule.job
[2012/05/27 22:57:53 | 000,000,723 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Utilities 15.lnk
[2012/05/27 21:16:43 | 000,654,403 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\Cat.DB
[2012/05/27 21:16:01 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/05/27 21:16:01 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/05/27 21:16:01 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/05/27 21:16:01 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/05/27 21:15:57 | 000,008,942 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\VT20120410.034
[2012/05/27 21:15:41 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2012/05/25 21:51:50 | 000,829,136 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Documents\NISDownloader.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/18 17:50:16 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\joann manges\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/16 03:25:36 | 000,000,948 | ---- | C] () -- C:\Documents and Settings\joann manges\Desktop\Shortcut to BlueScreenView.exe.lnk
[2012/06/16 03:24:53 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\joann manges\Desktop\Shortcut to DriverView.exe.lnk
[2012/06/16 03:24:12 | 000,000,961 | ---- | C] () -- C:\Documents and Settings\joann manges\Desktop\Shortcut to MyEventViewer.exe.lnk
[2012/06/16 02:34:56 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\joann manges\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2012/06/16 02:34:56 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2012/06/10 20:30:28 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\joann manges\Local Settings\Application Data\ZuneSetup.mex
[2012/06/08 02:42:54 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\joann manges\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to procexp.exe.lnk
[2012/06/08 02:32:35 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/06/07 23:43:01 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\joann manges\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.1.lnk
[2012/06/07 23:42:59 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader 5.1.lnk
[2012/06/07 23:38:56 | 000,000,523 | ---- | C] () -- C:\Documents and Settings\joann manges\Desktop\Shortcut to TroubleShooting Blue Screen Of Death.lnk
[2012/05/27 22:59:38 | 000,000,254 | ---- | C] () -- C:\WINDOWS\tasks\NUSchedule.job
[2012/05/27 22:57:53 | 000,000,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Utilities 15.lnk
[2012/05/27 22:57:12 | 000,036,712 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2012/05/27 21:21:28 | 000,008,942 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\VT20120410.034
[2012/05/27 21:16:12 | 000,654,403 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\Cat.DB
[2012/05/27 21:16:01 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/05/27 21:16:01 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/05/27 21:15:41 | 000,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2012/05/27 21:03:22 | 000,003,434 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\SymEFA.inf
[2012/05/27 21:03:22 | 000,002,852 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\SymDS.inf
[2012/05/27 21:03:22 | 000,001,469 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\SymNetV.inf
[2012/05/27 21:03:22 | 000,001,441 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\SymNet.inf
[2012/05/27 21:03:22 | 000,001,388 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\srtspx.inf
[2012/05/27 21:03:21 | 000,001,388 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\srtsp.inf
[2012/05/27 21:03:21 | 000,000,827 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\ccSetx86.inf
[2012/05/27 21:03:21 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\Iron.inf
[2012/05/27 21:03:17 | 000,004,782 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\SymVTcer.dat
[2012/05/27 21:03:16 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\symnetv.cat
[2012/05/27 21:03:16 | 000,007,492 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\SymDS.cat
[2012/05/27 21:03:16 | 000,007,468 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\ccsetx86.cat
[2012/05/27 21:03:16 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\SymNet.cat
[2012/05/27 21:03:16 | 000,007,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\SymEFA.cat
[2012/05/27 21:03:16 | 000,007,454 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\srtspx.cat
[2012/05/27 21:03:16 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\srtsp.cat
[2012/05/27 21:03:16 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\iron.cat
[2012/05/27 21:03:15 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307010.005\isolate.ini
[2012/05/01 17:15:14 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utk0otc2.sys
[2012/03/17 16:53:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/14 12:49:14 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw7a.bin
[2011/11/03 12:14:28 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2011/11/03 02:24:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2011/09/20 14:03:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2011/06/27 23:15:46 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\GpsGateComClient.dll
[2011/06/27 23:15:04 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\GateApiXP.dll
[2011/05/24 14:20:05 | 000,014,051 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/05/23 21:02:13 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/02/09 20:42:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/22 13:20:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/07/29 18:18:44 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

========== LOP Check ==========

[2011/05/24 13:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2012/05/10 15:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/05/23 21:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2012/05/06 01:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stylus Studio
[2012/03/21 03:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tastybytes Software
[2009/08/24 20:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2012/05/28 03:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/28 23:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2010/07/29 17:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/04/12 20:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/08/24 23:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/05/24 02:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann manges\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2012/05/01 08:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann manges\Application Data\Dropbox
[2011/11/14 13:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann manges\Application Data\EPSON
[2012/06/16 02:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann manges\Application Data\Foxit Software
[2010/07/27 23:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann manges\Application Data\Publish Providers
[2011/05/31 17:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann manges\Application Data\Simply Super Software
[2012/05/06 01:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann manges\Application Data\Stylus Studio
[2010/05/29 17:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\joann manges\Application Data\Windows Search
[2012/05/27 22:59:39 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\NUSchedule.job
[2012/06/18 18:20:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{486BC23B-4E53-4ED4-9302-3A71D984B0FC}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 46 bytes -> C:\Program Files:?˙??l?i???knas?.b?i?n ?
@Alternate Data Stream - 404 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A96964
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF

< End of report >


Here is the Extras.Txt file:

OTL Extras logfile created on: 6/18/2012 6:32:23 PM - Run 14
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\joann manges\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

630.04 Mb Total Physical Memory | 245.77 Mb Available Physical Memory | 39.01% Memory free
1.50 Gb Paging File | 1.10 Gb Available in Paging File | 73.38% Paging File free
Paging file location(s): C:\pagefile.sys 2 945F:\pagefile.sys 1716 3432 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 82.60 Gb Free Space | 35.47% Space Free | Partition Type: NTFS
Drive E: | 979.97 Mb Total Space | 18.37 Mb Free Space | 1.87% Space Free | Partition Type: FAT32
Drive F: | 931.48 Gb Total Space | 903.99 Gb Free Space | 97.05% Space Free | Partition Type: NTFS
Drive G: | 186.26 Gb Total Space | 55.05 Gb Free Space | 29.56% Space Free | Partition Type: FAT32

Computer Name: JTMLAPTOP | User Name: joann manges | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
"C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe" = C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe:*:Enabled:RoxioNow Player
"C:\Documents and Settings\joann manges\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\joann manges\Application Data\Spotify\spotify.exe:*:Enabled:Spotify
"C:\Documents and Settings\joann manges\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\joann manges\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA PureVideo Decoder
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{147A8145-0AA6-0921-8414-9B1EE5A8108F}" = Warner Bros. Digital Copy Manager
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (HPWJA)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{524228C9-826F-4B58-9E47-4F2E5C7E9F45}" = SnagIt 8
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65BA0FF3-D382-4BC0-866D-52386EB0BAC5}" = Wi-Spy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7
"{677A19B8-446D-4797-A071-977A30EAD01D}" = Winternals Administrator's Pak
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C1388BE-AD32-47BC-B51F-A37F1245203C}" = RICOH Media Driver
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{87B2EBAC-86B0-41A3-AF06-BB3A0A87E2AB}" = Stylus Studio 2010 XML Enterprise Suite
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{950A8D14-C48E-4508-B377-1EA45A18FA3D}" = Camtasia Studio 4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4B411F-42F9-4566-9621-13D3A969F871}" = Redistributable_MM
"{A12EA295-32EA-42BB-8442-2C2BE852D4AA}" = inSSIDer 2.0
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE5936FA-1D77-4131-9ED6-4F6AF6ABC227}" = Franson GpsGate 2.6
"{D054F5C3-EBE5-4A30-8B24-C32D2C3C5819}" = Chanalyzer Pro
"{D36B4583-E804-406B-9D56-F97931286C5B}" = 32 Bit HP CIO Components Installer
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon Add to Wish List IE Extension" = Amazon Add to Wish List IE Extension 1.1
"AnyDVD" = AnyDVD
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem
"CutePDF Writer Installation" = CutePDF Writer 2.8
"dcmsvc_is1" = dcmsvc 1.0
"EasyBoot_is1" = EasyBoot V6.52
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader_is1" = Foxit Reader
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"jv16 PowerTools 2011" = jv16 PowerTools 2011
"LiveReg" = LiveReg (Symantec Corporation)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norton Utilities 15_is1" = Norton Utilities 15
"Registry Crawler" = Registry Crawler
"Security Task Manager" = Security Task Manager 1.8d
"SpywareBlaster_is1" = SpywareBlaster 4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Ultimate Troubleshooter" = The Ultimate Troubleshooter
"Tweak UI 2.10" = Tweak UI
"UltraISO_is1" = UltraISO Premium V9.52
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinISO_is1" = WinISO 5.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YTdetect" = Yahoo! Detect
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 6/16/2012 5:14:27 AM | Computer Name = JTMLAPTOP | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 6/16/2012 5:29:37 AM | Computer Name = JTMLAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 6/18/2012 4:27:14 PM | Computer Name = JTMLAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 6/18/2012 5:39:00 PM | Computer Name = JTMLAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL


< End of report >

Here is the aswMBR.txt:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-18 17:23:17
-----------------------------
17:23:17.572 OS Version: Windows 5.1.2600 Service Pack 3
17:23:17.572 Number of processors: 1 586 0x905
17:23:17.572 ComputerName: JTMLAPTOP UserName:
17:23:28.838 Initialize success
17:24:44.698 AVAST engine download error: 0
17:24:44.708 AVAST engine defs: 12061501
17:24:54.882 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:24:54.882 Disk 0 Vendor: WDC_WD2500BEVE-00WZT0 01.01A01 Size: 238475MB BusType: 3
17:24:54.932 Disk 0 MBR read successfully
17:24:54.932 Disk 0 MBR scan
17:24:54.932 Disk 0 unknown MBR code
17:24:54.952 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 63
17:24:54.982 Disk 0 scanning sectors +488392065
17:24:55.183 Disk 0 scanning C:\WINDOWS\system32\drivers
17:25:46.316 Service scanning
17:26:35.106 Modules scanning
17:27:14.753 Disk 0 trace - called modules:
17:27:14.773 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
17:27:14.773 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83b75ab8]
17:27:14.773 3 CLASSPNP.SYS[f8b62fd7] -> nt!IofCallDriver -> \Device\0000009c[0x83b43030]
17:27:14.783 5 ACPI.sys[f8ab9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x83a9b940]
17:27:14.783 Scan finished successfully
17:27:26.791 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\joann manges\Desktop\MBR.dat"
17:27:26.821 The log file has been saved successfully to "C:\Documents and Settings\joann manges\Desktop\aswMBR.txt"


Regards,
GadgetAngel



  • 0

#19
azarl
Posted 19 June 2012 - 01:37 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Are you still getting the trojan warning?
  • 0

#20
GadgetAngel
Posted 21 June 2012 - 01:02 PM

GadgetAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

The reason it took me so long to get your requested log files back to you last time was because your picture of the answMBR.txt file looked like this:

Posted Image

When I downloaded and ran answMBR.exe it showed a pulled down text box labeled "AV Scan" were the default was to perform a quick scan using AVAST antivirus definition files.

Posted Image
So I ran with the default as shown above. My machine would crash before answMBR.exe program could produce the log file. I tried running it six different times.
My machine crashed six different times.

I setup a MyEvent Viewer to capture the event causing the crash this is what the report produced:
Posted Image

Record 2 in text format reads:
==================================================
Record Number : 2
Log Type : System
Event Type : Error
Time : 6/16/2012 5:14:26 AM
Source : atapi
Category : 0
Event ID : 9
User Name :
Computer : JTMLAPTOP
Event Data Length : 120
Record Length : 268
Event Description : The device, \Device\Ide\IdePort0, did not respond within the timeout period.
==================================================

Record number 10 in text format:
==================================================
Record Number : 55
Log Type : System
Event Type : Error
Time : 6/21/2012 1:33:51 PM
Source : Service Control Manager
Category : 0
Event ID : 7026
User Name :
Computer : JTMLAPTOP
Event Data Length : 0
Record Length : 152
Event Description : The following boot-start or system-start driver(s) failed to load: SASKUTIL
==================================================

This perplexed me, an atapi error?. I had already moved the page swap file to another external drive. I had replaced the bad memory stick with the good 512 MB memory stick from my husband’s X300.

I decided it must be due to the “memory bus stress test error” so I found a way to eliminate it from the possibilities of problems. I decided to use my husband X300 backplane. I took my husband’s machine and took out his disk drive and replaced it with my (“infected disk drive, with a bunch of bad sectors”), and I placed the 512MB memory stick back into his machine.

I ran Dell Diagnostics (repeatedly for a couple of hours to ensure things were working as they should) on his machines hardware and it passed all tests. I re-ran memtest86+ overnight and it passed with flying colors. So now I was back to where I was when we were working on my machine’s backplane.

Now that I had good memory and a good memory bus, I decided to boot into recovery console and run chkdsk /r to see if I could clear up some of the bad sectors on the hard drive. I ran it five times before chkdsk reported no problems needed fixing. For good measure I ran chkdsk one more time to ensure that all file system and surface problems on the disk were fixed but the weirdest thing occurred. Under recover console chkdsk got to the fifth (5) stage “checking free space” and stopped at 50%. For 12 hours it stayed at 50%. I shut off the machine.

Now, remember this machine on the disk drive is not configured to boot normally. It is booting with some services and startups disabled (I found a startup dump prep which was to run upon each startup). It runs with just enough services to allow TCPIP communication.

I deleted the answMBR.exe from the desktop and copied over a fresh download. Ran answMBR.exe like before, it download the AVAST latest antivirus definitions, since the program was set for “Quick Scan” it began to run but this time it finished and produced a log file and MBR.dat file. I re-read your directions and they did not mention anything about an MBR.DAT file so I looked at the dropdown box and found the option “None” selected it and re-ran answMRB.exe. It ran and produced just the MBR.txt log file this time and that is the file I posted.

I decided that since AVAST did a quick scan that I would try a Norton full scan which ended up in a BSOD.

Are you still getting the trojan warning?

I do not know how to answer your question due to the above facts and due to the fact that my antivirus protection software (Norton Internet Security) CAN NOT finish a full scan of the computer. Also a couple of times now when I've turned on the computer I’ve had to go to Malware Bytes’ Chameleon sub directory to trick the malware/virus/Trojan software into letting the true Malware bytes to due a proper update and run a scan. Each time it finds things in the registry that has been changed. LIKE disabling notification that my firewall has been disabled, disabling notification that my antivirus software has been disabled, etc. When Malware Bytes informs me of these problems I go into the registry to change them back to the recommended values.

My antivirus Software (Norton) is not going to be much help to me because I can not do a full scan of the disk due to the large number of BAD CLUSTERS on the disk drive. I did try after my last posting to do a full antivirus scan of the full disk but I ended up with a BSOD due to the disk drive having so many bad clusters on it. I have repeatedly run chkdsk /r in recovery console until it reports “nothing had to be fixed” but when I run chkdsk /r again after the all clear I chkdsk gets stuck at 50% on the free data area check.

This still happens after I posted my last log files to you. It also appears that something now has affected my power systems routines (ACPI.sys) because even it I turn off the power on the computer the power lights on the docking station stay on. I literally have to pull the battery and the docking station off the computer to stop what ever is running on the system because it has found a way to keep power going to the disk drive.

So please there is some type of infection on my machine or Malware Bytes would not be getting messed around with and these important values in my registry are not changing on there own. Even if Norton Internet security can not scan for current virus' on the disk it is stopping any more infections from getting in to the machine and it is block the intrusion communication that the Trojan is trying to do with the outside world.

So NO, I’m not getting a direct confirmation from any antivirus software about a Trojan warning but no antivirus software will give me that confirmation anyway due to the fact that a full scan on my system is impossible. Norton Internet Security is informing me of a lot of intrusion detection that it has been blocking every time I allow the infected computer to attach to the web.

I ran answMBR.exe on this machine (the one I’m typing my responses back to you on) and it did not come back with “unknown code in MBR” it informed me that the “MBR on this machine is from Windows XP Professional”.

Is there any more help you can provide? What is this SASKUTIL driver??? I uninstall Superantispyware Pro a while back.

Regards,

GadgetAngel









  • 0

#21
azarl
Posted 22 June 2012 - 01:48 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
I didn't need the Avast scan or MBR, I got what I needed with the ASWMBR output thanks.

I'm not surprised Norton won't run to completion, it uses a vast amout of system resources - look how many drivers it has loaded. Your main problem, as I said earlier is just too much stuff running and not enough memory to run in. You will have problems.

What is this SASKUTIL driver??? I uninstall Superantispyware Pro a while back.

It hasn't uninstalled cleanly - programs often don't. I could remove it, but the way the system is loaded it would be risky.

My advice would be to get any data off you need, install more memory and reinstall Windows, but don't use Norton, try MS security essentials, it's free and a lot smaller footprint. But basically this machine is overloaded and can't cope.
  • 0

#22
GadgetAngel
Posted 25 June 2012 - 02:49 PM

GadgetAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

I didn't need the Avast scan or MBR, I got what I needed with the ASWMBR output thanks.

I'm not surprised Norton won't run to completion, it uses a vast amout of system resources - look how many drivers it has loaded. Your main problem, as I said earlier is just too much stuff running and not enough memory to run in. You will have problems.

What is this SASKUTIL driver??? I uninstall Superantispyware Pro a while back.

It hasn't uninstalled cleanly - programs often don't. I could remove it, but the way the system is loaded it would be risky.

My advice would be to get any data off you need, install more memory and reinstall Windows, but don't use Norton, try MS security essentials, it's free and a lot smaller footprint. But basically this machine is overloaded and can't cope.


Ok, I'll try to get as much off the disk as I can. Should I use Western digital's write all zero's program to initialize the disk before reinstalling windows XP Pro SP3? I've got the new 1 GB stick in today.
Regards,
GadgetAngel
  • 0

#23
azarl
Posted 26 June 2012 - 02:09 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
That's probably a good idea, it'll find any disk errors first
  • 0

#24
azarl
Posted 04 July 2012 - 04:13 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP