[GotNoTime]

Hello Everybody (anybody),
This is my first post. I am running XP professional on a rebuilt Compaq/HP desktop. A few weeks back my Symantec AntiVirus detected Tracur Gen 4 which showed up post quarentine on every bootup. I ran an HJT log with ProcessExplorer and reviewed everyline. Symantec kept identifying a DLL associated with my NetGear router that some how I seemed to have installed within the Symantec folder itself (dont remember putting it there but oh well). Anyway I renamed the DLL in the Application Data Folder and killed the registry entry that called it. Fixed a couple more programs that I didnt want and now my System scans clean but now I can no longer update my AntiVirus Definition. I can connect on-line and download but it still has June 7th for the last update. I suspect I still have the virus but not sure if is still working behind the scenes. One of my computers new strange behaviors is it turns itself back on after shut down. I took it of the internet when I found out it was doing that. I ran another HJT log to make sure I got everything I was worried about What's my next move Puleeze !


OTL logfile created on: 9/22/2013 12:41:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.43% Memory free
3.84 Gb Paging File | 3.26 Gb Available in Paging File | 84.88% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 7.12 Gb Free Space | 24.32% Space Free | Partition Type: NTFS
Drive E: | 219.73 Gb Total Space | 204.20 Gb Free Space | 92.93% Space Free | Partition Type: NTFS
Drive F: | 216.74 Gb Total Space | 216.56 Gb Free Space | 99.92% Space Free | Partition Type: NTFS

Computer Name: MEDIA | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/22 12:41:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
PRC - [2013/01/12 04:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/09/24 23:06:14 | 000,195,400 | ---- | M] (NETGEAR) -- E:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/07/03 10:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/12/28 17:25:40 | 000,036,864 | ---- | M] () -- E:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
PRC - [2009/11/25 18:45:22 | 000,110,592 | ---- | M] () -- E:\Program Files\Belkin\F7D4101\V1\PBN.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/21 15:43:36 | 000,910,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/21 15:43:16 | 000,148,776 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/09/27 20:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/09/27 20:33:22 | 000,024,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DoScan.exe
PRC - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 19:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2003/05/08 11:34:32 | 000,069,632 | ---- | M] (adi) -- C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
PRC - [2003/05/05 08:57:30 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2001/08/17 22:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/15 01:22:32 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll
MOD - [2013/09/15 01:15:39 | 000,762,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8927b576eb15c4a8f4bb04f05e7cc51e\System.Runtime.Remoting.ni.dll
MOD - [2013/09/15 01:15:35 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.ni.dll
MOD - [2013/09/15 01:15:33 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/09/15 01:11:05 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013/09/15 00:49:16 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1a3b614a84244ea5fa4147b5cf007333\System.Windows.Forms.ni.dll
MOD - [2013/09/15 00:48:27 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/09/15 00:48:18 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\df40dab689e9d8febfb943599ba79f8d\System.Configuration.ni.dll
MOD - [2013/09/15 00:48:10 | 006,813,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\a10f361c888b8b98f7ad1fa8d7a51516\System.Data.ni.dll
MOD - [2013/09/15 00:48:01 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/09/15 00:47:24 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\608aa2db27d45e63a4863f1f1d06897a\System.Core.ni.dll
MOD - [2013/09/15 00:47:06 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/09/15 00:41:16 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/09/15 00:39:05 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/09/15 00:39:05 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2013/09/15 00:39:04 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/09/15 00:39:03 | 002,052,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/09/15 00:39:02 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2013/09/15 00:39:02 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2013/09/15 00:38:53 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2013/09/15 00:38:51 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/09/15 00:38:50 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2013/09/15 00:38:47 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2013/07/11 21:29:37 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/07/11 21:26:53 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2011/02/27 13:41:06 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2011/02/27 13:41:03 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2011/02/27 13:41:02 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/02/27 13:41:00 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/02/27 13:40:56 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/02/27 13:40:56 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/02/27 13:40:56 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/02/27 13:40:56 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/02/27 13:40:55 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/02/27 13:40:55 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/02/27 13:40:55 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/02/27 13:40:55 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/02/27 13:40:55 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/12/28 17:25:40 | 000,036,864 | ---- | M] () -- E:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
MOD - [2009/11/25 18:45:22 | 000,110,592 | ---- | M] () -- E:\Program Files\Belkin\F7D4101\V1\PBN.exe
MOD - [2009/09/15 19:17:20 | 000,200,704 | ---- | M] () -- E:\Program Files\Belkin\F7D4101\V1\BelkinwcuiDLL.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2013/09/15 00:45:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/12 04:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/24 23:06:14 | 000,195,400 | ---- | M] (NETGEAR) [Auto | Running] -- E:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe -- (NETGEARGenieDaemon)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/12/28 17:25:40 | 000,036,864 | ---- | M] () [Auto | Running] -- E:\Program Files\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService)
SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/08/25 12:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\sfsync02.sys -- (sfsync02)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - [2013/06/17 01:00:00 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130705.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/06/17 01:00:00 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130705.002\naveng.sys -- (NAVENG)
DRV - [2012/08/15 17:42:46 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/15 17:42:46 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/11/06 08:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2008/10/03 16:29:30 | 003,331,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/11/29 17:35:44 | 000,163,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/11/07 04:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/08/10 05:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2005/05/16 06:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2001/08/17 14:02:56 | 000,003,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SWUSBFLT.SYS -- (SWUSBFLT)
DRV - [2001/08/17 14:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)
DRV - [2001/08/17 12:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman)
DRV - [2001/08/17 12:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1)
DRV - [2001/08/17 12:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k)
DRV - [2001/08/17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [1997/12/22 19:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.smilebo...6-001185176E28}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?...kusaolp00000051
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcas...q={searchTerms}
IE - HKCU\..\SearchScopes\{B29E1DE9-DF5F-4968-B280-2C86D97E1AEC}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By Smilebox\Firefox [2013/07/14 19:39:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\Program Files\Updater By Smilebox\Firefox [2013/07/14 19:39:19 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2013/03/14 17:23:18 | 000,445,930 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15317 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk = E:\Program Files\Belkin\F7D4101\V1\PBN.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1255962904125 (WUWebControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E149FEC4-27CE-40A2-8297-8A18B5E64017}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/04 21:08:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/22 12:40:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2013/09/16 18:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\iolo
[2013/09/16 18:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2013/09/15 00:33:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/22 12:45:28 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/22 12:41:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2013/09/22 12:33:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/09/22 12:28:26 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2013/09/22 12:27:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/22 12:27:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/22 12:21:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/22 07:52:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/16 18:22:29 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2013/09/15 01:00:31 | 000,254,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/15 00:52:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/09/15 00:45:53 | 000,476,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/15 00:45:53 | 000,077,082 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/15 00:42:56 | 002,001,442 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/16 18:22:29 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2013/06/07 16:39:49 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2013/06/04 16:28:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\doesexist
[2013/04/13 12:59:14 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/04/13 12:59:14 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/04/13 12:59:14 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/02/08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/12/14 22:49:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/18 20:52:52 | 002,106,816 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1078081533-515967899-725345543-1003-0.dat
[2012/03/06 21:52:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\XGY12.INI
[2012/02/29 21:41:08 | 000,255,406 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/29 21:06:03 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/15 17:16:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/11/24 22:55:22 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/31 19:05:30 | 000,000,157 | ---- | C] () -- C:\Documents and Settings\Paul\default.pls

========== ZeroAccess Check ==========

[2009/03/17 17:13:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/09/24 22:37:10 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/09/16 18:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/04/30 14:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Gearbox Software
[2013/09/16 18:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\iolo

========== Purity Check ==========



< End of report >

[Advertisements]

Hello GotNoTime and welcome to GeeksToGo .

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

• please follow all instructions in the order posted
• please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
• all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
• if you don't understand something, please don't hesitate to ask for clarification before proceeding
• the fixes are specific to your problem and should only be used for this issue on this machine.
• please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Disable Spybot’s TeaTimer

Spybot’s TeaTimer can sometimes prevent some things from being fixed.

Please disable TeaTimer for now: it can be re-activated once your log is clean.

• open Spybot Search & Destroy
• in the Mode menu click "Advanced mode" if not already selected
• choose "Yes" at the Warning prompt
• expand the "Tools" menu
• click "Resident"
• uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box
• in the File menu click "Exit" to exit Spybot Search & Destroy.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

• run AdwCleaner
• when it has finished, select Clean
• if it asks to reboot, allow the reboot
• on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

• shut down your protection software now to avoid potential conflicts.
• run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
• the tool will open and start scanning your system
• please be patient as this can take a while to complete depending on your system's specifications
• on completion, a log (JRT.txt) is saved to your desktop and will automatically open
• post the contents of JRT.txt into your next message.

Please run OTL again after you’ve completed the above. Can you also include Extras.txt which you can find in the same location as the OTL log file, (C:\Documents and Settings\Paul\Desktop).

Logs to include in the next post:

AdwCleaner log
JRT.txt
Extras.txt
New OTL log

Thanks

Satchfan

[Satchfan]

Hello GotNoTime and welcome to GeeksToGo .

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

• please follow all instructions in the order posted
• please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
• all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
• if you don't understand something, please don't hesitate to ask for clarification before proceeding
• the fixes are specific to your problem and should only be used for this issue on this machine.
• please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Disable Spybot’s TeaTimer

Spybot’s TeaTimer can sometimes prevent some things from being fixed.

Please disable TeaTimer for now: it can be re-activated once your log is clean.

• open Spybot Search & Destroy
• in the Mode menu click "Advanced mode" if not already selected
• choose "Yes" at the Warning prompt
• expand the "Tools" menu
• click "Resident"
• uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box
• in the File menu click "Exit" to exit Spybot Search & Destroy.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

• run AdwCleaner
• when it has finished, select Clean
• if it asks to reboot, allow the reboot
• on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

• shut down your protection software now to avoid potential conflicts.
• run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
• the tool will open and start scanning your system
• please be patient as this can take a while to complete depending on your system's specifications
• on completion, a log (JRT.txt) is saved to your desktop and will automatically open
• post the contents of JRT.txt into your next message.

Please run OTL again after you’ve completed the above. Can you also include Extras.txt which you can find in the same location as the OTL log file, (C:\Documents and Settings\Paul\Desktop).

Logs to include in the next post:

AdwCleaner log
JRT.txt
Extras.txt
New OTL log

Thanks

Satchfan

[GotNoTime]

Hi Satchfan,

Thank you for looking into my issue. So I have a few things here:
# AdwCleaner v3.005 - Report created 25/09/2013 at 17:29:16
# Updated 22/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Paul - MEDIA
# Running from : C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\VYDA13K5\adwcleaner[1].exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


*************************

AdwCleaner[R0].txt - [1462 octets] - [25/09/2013 17:28:06]
AdwCleaner[S0].txt - [1397 octets] - [25/09/2013 17:29:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1457 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Microsoft Windows XP x86
Ran by Paul on Wed 09/25/2013 at 17:37:14.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/25/2013 at 17:44:38.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL logfile created on: 9/25/2013 5:50:23 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.30% Memory free
3.84 Gb Paging File | 3.44 Gb Available in Paging File | 89.38% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 7.15 Gb Free Space | 24.40% Space Free | Partition Type: NTFS
Drive E: | 219.73 Gb Total Space | 204.20 Gb Free Space | 92.93% Space Free | Partition Type: NTFS
Drive F: | 216.74 Gb Total Space | 216.56 Gb Free Space | 99.92% Space Free | Partition Type: NTFS

Computer Name: MEDIA | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/25 17:35:29 | 001,030,038 | ---- | M] (Thisisu) -- C:\Documents and Settings\Paul\Desktop\JRT.exe
PRC - [2013/09/22 12:41:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
PRC - [2013/01/12 04:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/09/24 23:06:14 | 000,195,400 | ---- | M] (NETGEAR) -- E:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/12/28 17:25:40 | 000,036,864 | ---- | M] () -- E:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
PRC - [2009/11/25 18:45:22 | 000,110,592 | ---- | M] () -- E:\Program Files\Belkin\F7D4101\V1\PBN.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 17:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2007/06/21 15:43:36 | 000,910,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/21 15:43:16 | 000,148,776 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/09/27 20:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/09/27 20:33:22 | 000,024,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DoScan.exe
PRC - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 19:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2003/05/08 11:34:32 | 000,069,632 | ---- | M] (adi) -- C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
PRC - [2003/05/05 08:57:30 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2001/08/17 22:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/15 01:22:32 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll
MOD - [2013/09/15 01:15:39 | 000,762,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8927b576eb15c4a8f4bb04f05e7cc51e\System.Runtime.Remoting.ni.dll
MOD - [2013/09/15 01:15:35 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.ni.dll
MOD - [2013/09/15 01:15:33 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/09/15 01:11:05 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013/09/15 00:49:16 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1a3b614a84244ea5fa4147b5cf007333\System.Windows.Forms.ni.dll
MOD - [2013/09/15 00:48:27 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/09/15 00:48:18 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\df40dab689e9d8febfb943599ba79f8d\System.Configuration.ni.dll
MOD - [2013/09/15 00:48:10 | 006,813,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\a10f361c888b8b98f7ad1fa8d7a51516\System.Data.ni.dll
MOD - [2013/09/15 00:48:01 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/09/15 00:47:24 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\608aa2db27d45e63a4863f1f1d06897a\System.Core.ni.dll
MOD - [2013/09/15 00:47:06 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/09/15 00:41:16 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/09/15 00:39:05 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/09/15 00:39:05 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2013/09/15 00:39:04 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/09/15 00:39:03 | 002,052,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/09/15 00:39:02 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2013/09/15 00:39:02 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2013/09/15 00:38:53 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2013/09/15 00:38:51 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/09/15 00:38:50 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2013/09/15 00:38:47 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2013/07/11 21:29:37 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/07/11 21:26:53 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2011/02/27 13:41:06 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2011/02/27 13:41:03 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2011/02/27 13:41:02 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/02/27 13:41:00 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/02/27 13:40:56 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/02/27 13:40:56 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/02/27 13:40:56 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/02/27 13:40:56 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/02/27 13:40:55 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/02/27 13:40:55 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/02/27 13:40:55 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/02/27 13:40:55 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/02/27 13:40:55 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/12/28 17:25:40 | 000,036,864 | ---- | M] () -- E:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
MOD - [2009/11/25 18:45:22 | 000,110,592 | ---- | M] () -- E:\Program Files\Belkin\F7D4101\V1\PBN.exe
MOD - [2009/09/15 19:17:20 | 000,200,704 | ---- | M] () -- E:\Program Files\Belkin\F7D4101\V1\BelkinwcuiDLL.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2013/09/22 12:45:27 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/12 04:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/24 23:06:14 | 000,195,400 | ---- | M] (NETGEAR) [Auto | Running] -- E:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe -- (NETGEARGenieDaemon)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/12/28 17:25:40 | 000,036,864 | ---- | M] () [Auto | Running] -- E:\Program Files\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService)
SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/08/25 12:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\sfsync02.sys -- (sfsync02)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - [2013/06/17 01:00:00 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130705.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/06/17 01:00:00 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130705.002\naveng.sys -- (NAVENG)
DRV - [2012/08/15 17:42:46 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/15 17:42:46 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/11/06 08:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2008/10/03 16:29:30 | 003,331,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/11/29 17:35:44 | 000,163,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/11/07 04:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/08/10 05:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2005/05/16 06:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2001/08/17 14:02:56 | 000,003,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SWUSBFLT.SYS -- (SWUSBFLT)
DRV - [2001/08/17 14:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)
DRV - [2001/08/17 12:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman)
DRV - [2001/08/17 12:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1)
DRV - [2001/08/17 12:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k)
DRV - [2001/08/17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [1997/12/22 19:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.smilebo...6-001185176E28}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?...kusaolp00000051
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{B29E1DE9-DF5F-4968-B280-2C86D97E1AEC}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2013/03/14 17:23:18 | 000,445,930 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15317 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk = E:\Program Files\Belkin\F7D4101\V1\PBN.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1255962904125 (WUWebControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E149FEC4-27CE-40A2-8297-8A18B5E64017}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/04 21:08:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/25 17:37:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/09/25 17:35:29 | 001,030,038 | ---- | C] (Thisisu) -- C:\Documents and Settings\Paul\Desktop\JRT.exe
[2013/09/25 17:27:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/22 12:40:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2013/09/16 18:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\iolo
[2013/09/16 18:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2013/09/15 00:33:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/25 17:52:34 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/25 17:45:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/25 17:35:29 | 001,030,038 | ---- | M] (Thisisu) -- C:\Documents and Settings\Paul\Desktop\JRT.exe
[2013/09/25 17:32:17 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2013/09/25 17:31:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/25 17:31:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/25 17:25:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/09/25 15:38:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/22 12:45:22 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/22 12:45:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/09/22 12:41:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2013/09/16 18:22:29 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2013/09/15 01:00:31 | 000,254,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/15 00:52:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/09/15 00:45:53 | 000,476,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/15 00:45:53 | 000,077,082 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/15 00:42:56 | 002,001,442 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/16 18:22:29 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2013/06/07 16:39:49 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2013/06/04 16:28:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\doesexist
[2013/04/13 12:59:14 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/04/13 12:59:14 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/04/13 12:59:14 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/02/08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/12/14 22:49:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/18 20:52:52 | 002,106,816 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1078081533-515967899-725345543-1003-0.dat
[2012/03/06 21:52:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\XGY12.INI
[2012/02/29 21:41:08 | 000,255,406 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/29 21:06:03 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/15 17:16:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/11/24 22:55:22 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/31 19:05:30 | 000,000,157 | ---- | C] () -- C:\Documents and Settings\Paul\default.pls

========== ZeroAccess Check ==========

[2009/03/17 17:13:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/09/24 22:37:10 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
***************************************************************************
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Microsoft Windows XP x86
Ran by Paul on Wed 09/25/2013 at 17:37:14.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/25/2013 at 17:44:38.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sure is a lot of stuff

[Satchfan]

Thanks for the logs but there was no Extras.txt log. Please send that as it contains information that I need to see.

Also, do you know what these are?:

[2013/06/04 16:28:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\doesexist
[2012/03/06 21:52:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\XGY12.INI

Is “XGY12.INI” related to the XGY12.com web address?

[GotNoTime]

A couple hidden files. Why would an IP tracer be on my system for? I dont like the look of either one of those.


OTL Extras logfile created on: 9/22/2013 12:41:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.43% Memory free
3.84 Gb Paging File | 3.26 Gb Available in Paging File | 84.88% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 7.12 Gb Free Space | 24.32% Space Free | Partition Type: NTFS
Drive E: | 219.73 Gb Total Space | 204.20 Gb Free Space | 92.93% Space Free | Partition Type: NTFS
Drive F: | 216.74 Gb Total Space | 216.56 Gb Free Space | 99.92% Space Free | Partition Type: NTFS

Computer Name: MEDIA | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Call of Duty\CoDMP.exe" = C:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP
"C:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe" = C:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:*:Enabled:Tom Clancy's H.A.W.X
"C:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe" = C:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:*:Enabled:Tom Clancy's H.A.W.X
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"E:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe" = E:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe:*:Enabled:NETGEARGenie -- ()
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 11
"{314E509B-5C5D-46C8-AE52-46DC7D0A63B6}" = Microsoft Office Excel 2003 Step by Step
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}_is1" = Updater By Smilebox 2.0.0.607
"{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EEA03C8-D820-411C-AB0C-9DD5EFAD1033}" = Nero 7 Essentials
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.4
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{EA7D60ED-9ED3-48F5-8F18-5B5B6663B229}" = Desert Storm
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EFD2807A-C66B-4C13-8FB8-42FCA6DEF171}" = TurboTax 2012 wcaiper
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom NetXtreme Ethernet Controller
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Blitzkrieg" = Blitzkrieg
"BrothersInArmsEiB" = Brothers In Arms EiB
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combat Flight Simulator 3.0" = Microsoft Combat Flight Simulator 3.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{314E509B-5C5D-46C8-AE52-46DC7D0A63B6}" = Microsoft Office Excel 2003 Step by Step
"InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"Lander Demo" = Lander Demo
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"MechWarrior 3 Demo" = MechWarrior 3 Demo
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NETGEAR Genie" = NETGEAR Genie
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PowerDVD" = PowerDVD
"Rollcage" = Rollcage
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"TurboTax 2012" = TurboTax 2012
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/3/2013 12:35:51 AM | Computer Name = MEDIA | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan.Tracur in File: c:\documents and
settings\paul\local settings\application data\symantec\netgeargenie\feekjl.dll by:
Manual scan. Action: Clean failed : Quarantine failed. Action Description: The
file was left unchanged.

Error - 9/3/2013 12:35:54 AM | Computer Name = MEDIA | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan.Tracur in File: c:\documents and
settings\paul\local settings\application data\symantec\netgeargenie\feekjl.dll by:
Manual scan. Action: Clean failed : Quarantine failed. Action Description: Risk
was partially removed.

Error - 9/3/2013 1:09:13 AM | Computer Name = MEDIA | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan.Tracur in File: c:\documents and
settings\paul\local settings\application data\symantec\netgeargenie\feekjl.dll by:
Manual scan. Action: Clean failed : Quarantine failed. Action Description: The
file was left unchanged.

Error - 9/3/2013 1:09:16 AM | Computer Name = MEDIA | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan.Tracur in File: c:\documents and
settings\paul\local settings\application data\symantec\netgeargenie\feekjl.dll by:
Manual scan. Action: Clean failed : Quarantine failed. Action Description: Risk
was partially removed.

Error - 9/8/2013 12:53:46 PM | Computer Name = MEDIA | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan.Tracur in File: c:\documents and
settings\paul\local settings\application data\symantec\netgeargenie\feekjl.dll by:
Startup scan. Action: Clean failed : Quarantine failed. Action Description: The
file was left unchanged.

Error - 9/8/2013 12:53:51 PM | Computer Name = MEDIA | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan.Tracur in File: c:\documents and
settings\paul\local settings\application data\symantec\netgeargenie\feekjl.dll by:
Startup scan. Action: Clean failed : Quarantine failed. Action Description: Risk
was partially removed.

Error - 9/15/2013 2:37:02 AM | Computer Name = MEDIA | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan.Tracur in File: c:\documents and
settings\paul\local settings\application data\symantec\netgeargenie\feekjl.dll by:
Startup scan. Action: Clean failed : Quarantine failed. Action Description: The
file was left unchanged.

Error - 9/15/2013 2:37:09 AM | Computer Name = MEDIA | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan.Tracur in File: c:\documents and
settings\paul\local settings\application data\symantec\netgeargenie\feekjl.dll by:
Startup scan. Action: Clean failed : Quarantine failed. Action Description: Risk
was partially removed.

Error - 9/15/2013 3:22:47 AM | Computer Name = MEDIA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/15/2013 3:25:15 AM | Computer Name = MEDIA | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

[ System Events ]
Error - 9/15/2013 4:03:09 AM | Computer Name = MEDIA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sfsync02

Error - 9/16/2013 6:59:29 PM | Computer Name = MEDIA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sfsync02

Error - 9/16/2013 9:32:09 PM | Computer Name = MEDIA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sfsync02

Error - 9/17/2013 6:58:30 PM | Computer Name = MEDIA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sfsync02

Error - 9/17/2013 7:08:10 PM | Computer Name = MEDIA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sfsync02

Error - 9/17/2013 7:12:52 PM | Computer Name = MEDIA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sfsync02

Error - 9/21/2013 2:05:02 AM | Computer Name = MEDIA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sfsync02

Error - 9/21/2013 2:06:11 AM | Computer Name = MEDIA | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 9/22/2013 3:22:43 PM | Computer Name = MEDIA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sfsync02

Error - 9/22/2013 3:28:12 PM | Computer Name = MEDIA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sfsync02


< End of report >

Thought I had attached this first time - sorry

[Satchfan]

You have at least one Trojan so we’ll try to deal with that and do some more searches.

I suggest you don’t use the Internet except for answering these posts until we see what else is lurking.


Run OTL

• double click on the icon to run it.
• copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :Services
  
  :OTL
  IE - HKCU\..\SearchScopes\{B29E1DE9-DF5F-4968-B280-2C86D97E1AEC}: "URL" = http://www.google.co...age={startPage}
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
  [2013/06/04 16:28:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\doesexist
  [2012/03/06 21:52:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\XGY12.INI
  
  :Files
  c:\documents and settings\paul\local settings\application data\symantec\netgeargenie\feekjl.dll
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]
  

  
  
• click the Run Fix button at the top
• let the program run unhindered, reboot when it is done
• please post the OTL fix log but don’t run OTL again until all these instructions are completed.

======================================================

Run TDSSKiller

Please download TDSSKiller.zip

• extract it to your desktop
• double click TDSSKiller.exe
• press Start Scan

  
  only if Malicious objects are found then ensure Cure is selected - Note: If Cure is not available, please choose Skip instead : do not change it to Delete or Quarantine as it may delete infected files that are required for Windows to operate properly.

• click Continue > Reboot now
• copy and paste the log in your next reply
• a copy of the log will be saved automatically to the root of the drive (typically C:\) called TDSSKiller_*** (*** denotes version & date)

Additional information:

If you get the warning about a file “UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\(TDSS File System) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue and then reboot to finish the cleaning process.

Remember, if Cure is not available, choose Skip instead; do not choose “Delete” unless instructed.


Logs to include with next post:

OTL. Fix log
TDSSKiller log

Thanks

Satchfan

[GotNoTime]

Okay,

I Ran OTL and had to go find a log because there was nothing there upon reboot. Here is what I could find:
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B29E1DE9-DF5F-4968-B280-2C86D97E1AEC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B29E1DE9-DF5F-4968-B280-2C86D97E1AEC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
C:\Documents and Settings\Paul\Application Data\doesexist moved successfully.
C:\WINDOWS\XGY12.INI moved successfully.
========== FILES ==========
File\Folder c:\documents and settings\paul\local settings\application data\symantec\netgeargenie\feekjl.dll not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Paul\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Paul\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 215125 bytes
->Flash cache emptied: 2836 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 961 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Paul
->Temp folder emptied: 43962505 bytes
->Temporary Internet Files folder emptied: 81258566 bytes
->Flash cache emptied: 4269732 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2603444 bytes
%systemroot%\System32 .tmp files removed: 2675729 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4246574 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 621680046 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 800693 bytes

Total Files Cleaned = 727.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09282013_100558

TDS SKiller found nothing. Incidentally Feekjl.Dll is the one I changed the name on but did not delete before we started. I believe I added a number after the "jl" but I cant seem to locate it just now. Here is the log for that.

10:16:09.0265 3508 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:16:09.0953 3508 ============================================================
10:16:09.0953 3508 Current date / time: 2013/09/28 10:16:09.0953
10:16:09.0953 3508 SystemInfo:
10:16:09.0953 3508
10:16:09.0953 3508 OS Version: 5.1.2600 ServicePack: 3.0
10:16:09.0953 3508 Product type: Workstation
10:16:09.0953 3508 ComputerName: MEDIA
10:16:09.0953 3508 UserName: Paul
10:16:09.0953 3508 Windows directory: C:\WINDOWS
10:16:09.0953 3508 System windows directory: C:\WINDOWS
10:16:09.0953 3508 Processor architecture: Intel x86
10:16:09.0953 3508 Number of processors: 1
10:16:09.0953 3508 Page size: 0x1000
10:16:09.0953 3508 Boot type: Normal boot
10:16:09.0953 3508 ============================================================
10:16:11.0000 3508 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
10:16:11.0000 3508 ============================================================
10:16:11.0000 3508 \Device\Harddisk0\DR0:
10:16:11.0000 3508 MBR partitions:
10:16:11.0000 3508 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
10:16:11.0000 3508 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3A962F0, BlocksNum 0x1B7734C0
10:16:11.0000 3508 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1F2097B0, BlocksNum 0x1B17B0E0
10:16:11.0000 3508 ============================================================
10:16:11.0015 3508 C: <-> \Device\Harddisk0\DR0\Partition1
10:16:11.0062 3508 E: <-> \Device\Harddisk0\DR0\Partition2
10:16:11.0093 3508 F: <-> \Device\Harddisk0\DR0\Partition3
10:16:11.0093 3508 ============================================================
10:16:11.0093 3508 Initialize success
10:16:11.0093 3508 ============================================================
10:16:33.0468 1804 ============================================================
10:16:33.0468 1804 Scan started
10:16:33.0468 1804 Mode: Manual;
10:16:33.0468 1804 ============================================================
10:16:33.0687 1804 ================ Scan system memory ========================
10:16:35.0281 1804 System memory - ok
10:16:35.0296 1804 ================ Scan services =============================
10:16:35.0515 1804 Abiosdsk - ok
10:16:35.0562 1804 abp480n5 - ok
10:16:35.0656 1804 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:16:35.0656 1804 ACPI - ok
10:16:35.0718 1804 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:16:35.0734 1804 ACPIEC - ok
10:16:35.0812 1804 [ 24A0876D07EF356DCBC1D7A7929354AB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:16:35.0921 1804 AdobeFlashPlayerUpdateSvc - ok
10:16:35.0953 1804 adpu160m - ok
10:16:36.0015 1804 [ E696E749BEDCDA8B23757B8B5EA93780 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
10:16:36.0031 1804 aeaudio - ok
10:16:36.0078 1804 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:16:36.0125 1804 aec - ok
10:16:36.0187 1804 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:16:36.0187 1804 AFD - ok
10:16:36.0265 1804 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
10:16:36.0265 1804 agp440 - ok
10:16:36.0312 1804 Aha154x - ok
10:16:36.0375 1804 aic78u2 - ok
10:16:36.0421 1804 aic78xx - ok
10:16:36.0500 1804 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:16:36.0515 1804 Alerter - ok
10:16:36.0562 1804 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
10:16:36.0593 1804 ALG - ok
10:16:36.0656 1804 AliIde - ok
10:16:36.0687 1804 amsint - ok
10:16:36.0765 1804 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
10:16:36.0781 1804 AppMgmt - ok
10:16:36.0828 1804 asc - ok
10:16:36.0890 1804 asc3350p - ok
10:16:36.0921 1804 asc3550 - ok
10:16:37.0015 1804 [ 20D04091EBA710F6988F710507D85868 ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys
10:16:37.0031 1804 Aspi32 - ok
10:16:37.0140 1804 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:16:37.0234 1804 aspnet_state - ok
10:16:37.0296 1804 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:16:37.0312 1804 AsyncMac - ok
10:16:37.0375 1804 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:16:37.0375 1804 atapi - ok
10:16:37.0437 1804 Atdisk - ok
10:16:37.0468 1804 Ati HotKey Poller - ok
10:16:37.0515 1804 ATI Smart - ok
10:16:37.0640 1804 [ 42A3BADCAC4E31B373821A05F945E69D ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:16:37.0750 1804 ati2mtag - ok
10:16:37.0828 1804 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:16:37.0843 1804 Atmarpc - ok
10:16:37.0906 1804 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:16:37.0937 1804 AudioSrv - ok
10:16:38.0000 1804 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:16:38.0015 1804 audstub - ok
10:16:38.0078 1804 [ A9D0F6EFC61D1FF69B55C495F85DD868 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
10:16:38.0093 1804 b57w2k - ok
10:16:38.0203 1804 [ B770039886598AAB7CF5EAEEC2409E31 ] BCMH43XX C:\WINDOWS\system32\DRIVERS\bcmwlhigh5.sys
10:16:38.0203 1804 BCMH43XX - ok
10:16:38.0250 1804 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:16:38.0281 1804 Beep - ok
10:16:38.0343 1804 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
10:16:38.0359 1804 BITS - ok
10:16:38.0453 1804 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
10:16:38.0453 1804 Browser - ok
10:16:38.0531 1804 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:16:38.0546 1804 cbidf2k - ok
10:16:38.0640 1804 [ 0A6786C95A6F8715AA4285E3C27F201F ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
10:16:38.0640 1804 ccEvtMgr - ok
10:16:38.0671 1804 [ 3B4898CF051BB04FB76E94361E336A83 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
10:16:38.0671 1804 ccSetMgr - ok
10:16:38.0703 1804 cd20xrnt - ok
10:16:38.0750 1804 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:16:38.0781 1804 Cdaudio - ok
10:16:38.0828 1804 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:16:38.0843 1804 Cdfs - ok
10:16:38.0890 1804 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:16:38.0921 1804 Cdrom - ok
10:16:38.0968 1804 Changer - ok
10:16:39.0015 1804 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:16:39.0046 1804 CiSvc - ok
10:16:39.0093 1804 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:16:39.0125 1804 ClipSrv - ok
10:16:39.0171 1804 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:16:39.0375 1804 clr_optimization_v2.0.50727_32 - ok
10:16:39.0468 1804 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:16:39.0484 1804 clr_optimization_v4.0.30319_32 - ok
10:16:39.0531 1804 CmdIde - ok
10:16:39.0593 1804 COMSysApp - ok
10:16:39.0671 1804 Cpqarray - ok
10:16:39.0734 1804 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:16:39.0750 1804 CryptSvc - ok
10:16:39.0843 1804 [ 71007BD2E1E26927FE3E4EB00C0BEEDF ] ctljystk C:\WINDOWS\system32\DRIVERS\ctljystk.sys
10:16:39.0843 1804 ctljystk - ok
10:16:39.0906 1804 dac2w2k - ok
10:16:39.0953 1804 dac960nt - ok
10:16:40.0015 1804 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:16:40.0031 1804 DcomLaunch - ok
10:16:40.0109 1804 [ 1F709C66D8AADFF35530C56EE261C462 ] DefWatch C:\Program Files\Symantec AntiVirus\DefWatch.exe
10:16:40.0125 1804 DefWatch - ok
10:16:40.0203 1804 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:16:40.0218 1804 Dhcp - ok
10:16:40.0265 1804 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:16:40.0281 1804 Disk - ok
10:16:40.0343 1804 dmadmin - ok
10:16:40.0406 1804 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:16:40.0468 1804 dmboot - ok
10:16:40.0515 1804 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:16:40.0531 1804 dmio - ok
10:16:40.0593 1804 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:16:40.0593 1804 dmload - ok
10:16:40.0671 1804 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:16:40.0687 1804 dmserver - ok
10:16:40.0750 1804 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:16:40.0765 1804 DMusic - ok
10:16:40.0828 1804 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:16:40.0828 1804 Dnscache - ok
10:16:40.0875 1804 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
10:16:40.0906 1804 Dot3svc - ok
10:16:40.0953 1804 dpti2o - ok
10:16:41.0000 1804 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:16:41.0015 1804 drmkaud - ok
10:16:41.0062 1804 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
10:16:41.0078 1804 EapHost - ok
10:16:41.0171 1804 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
10:16:41.0187 1804 eeCtrl - ok
10:16:41.0250 1804 [ 01F83E1B5DCE05F5CB7D99113CA9E890 ] emu10k C:\WINDOWS\system32\drivers\emu10k1m.sys
10:16:41.0265 1804 emu10k - ok
10:16:41.0312 1804 [ 7FFA171CCE6A8BFC774862A578BA39A2 ] emu10k1 C:\WINDOWS\system32\drivers\ctlfacem.sys
10:16:41.0328 1804 emu10k1 - ok
10:16:41.0390 1804 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:16:41.0406 1804 EraserUtilRebootDrv - ok
10:16:41.0484 1804 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:16:41.0500 1804 ERSvc - ok
10:16:41.0562 1804 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
10:16:41.0578 1804 Eventlog - ok
10:16:41.0625 1804 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
10:16:41.0625 1804 EventSystem - ok
10:16:41.0703 1804 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:16:41.0734 1804 Fastfat - ok
10:16:41.0812 1804 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:16:41.0812 1804 FastUserSwitchingCompatibility - ok
10:16:41.0859 1804 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
10:16:41.0875 1804 Fdc - ok
10:16:41.0921 1804 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:16:41.0937 1804 Fips - ok
10:16:41.0984 1804 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
10:16:42.0015 1804 Flpydisk - ok
10:16:42.0078 1804 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
10:16:42.0109 1804 FltMgr - ok
10:16:42.0187 1804 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:16:42.0203 1804 FontCache3.0.0.0 - ok
10:16:42.0265 1804 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:16:42.0281 1804 Fs_Rec - ok
10:16:42.0328 1804 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:16:42.0343 1804 Ftdisk - ok
10:16:42.0406 1804 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
10:16:42.0421 1804 gameenum - ok
10:16:42.0484 1804 [ 72FE2BEA6863D4EB93442A1C4FB5CA48 ] GcKernel C:\WINDOWS\system32\DRIVERS\GcKernel.sys
10:16:42.0515 1804 GcKernel - ok
10:16:42.0593 1804 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:16:42.0609 1804 Gpc - ok
10:16:42.0687 1804 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:16:42.0734 1804 gupdate - ok
10:16:42.0796 1804 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:16:42.0796 1804 gupdatem - ok
10:16:42.0859 1804 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:16:42.0890 1804 gusvc - ok
10:16:42.0984 1804 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:16:42.0984 1804 helpsvc - ok
10:16:43.0046 1804 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
10:16:43.0078 1804 HidServ - ok
10:16:43.0140 1804 [ BD205320308FB41C88A4049A2D1764B4 ] HIDSwvd C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
10:16:43.0140 1804 HIDSwvd - ok
10:16:43.0187 1804 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:16:43.0203 1804 hidusb - ok
10:16:43.0250 1804 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
10:16:43.0296 1804 hkmsvc - ok
10:16:43.0390 1804 [ C5F00D15AA15CB7F55A027FF75E44BB7 ] HP Port Resolver C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
10:16:43.0437 1804 HP Port Resolver - ok
10:16:43.0500 1804 [ C5A288E4CEEF5A26D105117BAA3763AB ] HP Status Server C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
10:16:43.0546 1804 HP Status Server - ok
10:16:43.0578 1804 hpn - ok
10:16:43.0640 1804 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:16:43.0656 1804 HPZid412 - ok
10:16:43.0703 1804 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:16:43.0718 1804 HPZipr12 - ok
10:16:43.0796 1804 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:16:43.0812 1804 HPZius12 - ok
10:16:43.0890 1804 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:16:43.0890 1804 HTTP - ok
10:16:43.0953 1804 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:16:43.0968 1804 HTTPFilter - ok
10:16:44.0015 1804 i2omgmt - ok
10:16:44.0046 1804 i2omp - ok
10:16:44.0140 1804 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:16:44.0156 1804 i8042prt - ok
10:16:44.0250 1804 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:16:44.0296 1804 ialm - ok
10:16:44.0406 1804 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:16:44.0468 1804 idsvc - ok
10:16:44.0531 1804 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:16:44.0531 1804 Imapi - ok
10:16:44.0625 1804 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:16:44.0640 1804 ImapiService - ok
10:16:44.0703 1804 ini910u - ok
10:16:44.0781 1804 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
10:16:44.0796 1804 IntelIde - ok
10:16:44.0875 1804 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:16:44.0875 1804 intelppm - ok
10:16:44.0953 1804 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
10:16:44.0968 1804 IntuitUpdateService - ok
10:16:45.0046 1804 [ D9DA7B3117BF5EFF921C0CDED4D58050 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
10:16:45.0046 1804 IntuitUpdateServiceV4 - ok
10:16:45.0125 1804 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
10:16:45.0140 1804 Ip6Fw - ok
10:16:45.0187 1804 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:16:45.0203 1804 IpFilterDriver - ok
10:16:45.0250 1804 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:16:45.0265 1804 IpInIp - ok
10:16:45.0328 1804 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:16:45.0328 1804 IpNat - ok
10:16:45.0390 1804 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:16:45.0421 1804 IPSec - ok
10:16:45.0468 1804 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:16:45.0484 1804 IRENUM - ok
10:16:45.0562 1804 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:16:45.0578 1804 isapnp - ok
10:16:45.0656 1804 [ 7FBFEEE245821925129C9F86470BF33C ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
10:16:45.0812 1804 JavaQuickStarterService - ok
10:16:45.0890 1804 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:16:45.0906 1804 Kbdclass - ok
10:16:45.0953 1804 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:16:45.0953 1804 kbdhid - ok
10:16:46.0015 1804 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:16:46.0015 1804 kmixer - ok
10:16:46.0062 1804 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:16:46.0062 1804 KSecDD - ok
10:16:46.0093 1804 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:16:46.0125 1804 lanmanserver - ok
10:16:46.0187 1804 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:16:46.0187 1804 lanmanworkstation - ok
10:16:46.0218 1804 lbrtfdc - ok
10:16:46.0375 1804 [ FC38B32BFC5F750FF3A5C527F946582B ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
10:16:46.0500 1804 LiveUpdate - ok
10:16:46.0562 1804 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:16:46.0578 1804 LmHosts - ok
10:16:46.0640 1804 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
10:16:46.0703 1804 MDM - ok
10:16:46.0765 1804 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:16:46.0765 1804 Messenger - ok
10:16:46.0828 1804 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:16:46.0843 1804 mnmdd - ok
10:16:46.0906 1804 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:16:46.0937 1804 mnmsrvc - ok
10:16:47.0000 1804 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:16:47.0015 1804 Modem - ok
10:16:47.0062 1804 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:16:47.0078 1804 Mouclass - ok
10:16:47.0140 1804 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:16:47.0156 1804 mouhid - ok
10:16:47.0218 1804 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:16:47.0234 1804 MountMgr - ok
10:16:47.0281 1804 mraid35x - ok
10:16:47.0328 1804 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:16:47.0343 1804 MRxDAV - ok
10:16:47.0390 1804 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:16:47.0390 1804 MRxSmb - ok
10:16:47.0468 1804 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:16:47.0484 1804 MSDTC - ok
10:16:47.0562 1804 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:16:47.0578 1804 Msfs - ok
10:16:47.0609 1804 MSIServer - ok
10:16:47.0671 1804 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:16:47.0687 1804 MSKSSRV - ok
10:16:47.0718 1804 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:16:47.0750 1804 MSPCLOCK - ok
10:16:47.0812 1804 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:16:47.0828 1804 MSPQM - ok
10:16:47.0875 1804 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:16:47.0875 1804 mssmbios - ok
10:16:47.0937 1804 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:16:47.0937 1804 Mup - ok
10:16:48.0000 1804 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
10:16:48.0062 1804 napagent - ok
10:16:48.0125 1804 [ CE2156DF796D41614AB60E68D107D573 ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130705.002\naveng.sys
10:16:48.0140 1804 NAVENG - ok
10:16:48.0218 1804 [ 19CEB8F4EC8C800A53D0B67E658E0367 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130705.002\navex15.sys
10:16:48.0250 1804 NAVEX15 - ok
10:16:48.0312 1804 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:16:48.0343 1804 NDIS - ok
10:16:48.0406 1804 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:16:48.0406 1804 NdisTapi - ok
10:16:48.0500 1804 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:16:48.0531 1804 Ndisuio - ok
10:16:48.0578 1804 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:16:48.0609 1804 NdisWan - ok
10:16:48.0671 1804 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:16:48.0671 1804 NDProxy - ok
10:16:48.0734 1804 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:16:48.0734 1804 NetBIOS - ok
10:16:48.0796 1804 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:16:48.0859 1804 NetBT - ok
10:16:48.0906 1804 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
10:16:48.0953 1804 NetDDE - ok
10:16:49.0000 1804 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:16:49.0000 1804 NetDDEdsdm - ok
10:16:49.0171 1804 [ 38CE271DAC632044AA18A7457CBBE2D2 ] NETGEARGenieDaemon E:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
10:16:49.0265 1804 NETGEARGenieDaemon - ok
10:16:49.0359 1804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:16:49.0359 1804 Netlogon - ok
10:16:49.0421 1804 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
10:16:49.0453 1804 Netman - ok
10:16:49.0515 1804 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:16:49.0562 1804 NetTcpPortSharing - ok
10:16:49.0625 1804 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
10:16:49.0625 1804 Nla - ok
10:16:49.0718 1804 [ A9B3B624D39CE440BA71CAD88FA35F4C ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
10:16:49.0718 1804 NMIndexingService - ok
10:16:49.0781 1804 [ 6623E51595C0076755C29C00846C4EB2 ] NPF C:\WINDOWS\system32\drivers\NPF.sys
10:16:49.0796 1804 NPF - ok
10:16:49.0890 1804 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:16:49.0890 1804 Npfs - ok
10:16:49.0953 1804 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:16:49.0984 1804 Ntfs - ok
10:16:50.0046 1804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:16:50.0046 1804 NtLmSsp - ok
10:16:50.0140 1804 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:16:50.0171 1804 NtmsSvc - ok
10:16:50.0218 1804 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:16:50.0234 1804 Null - ok
10:16:50.0578 1804 [ F1DE35C89D98A883D1B4030DC9896855 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:16:50.0859 1804 nv - ok
10:16:50.0953 1804 [ E13944917CFB081EBB9A9CF3B151C42F ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
10:16:51.0031 1804 NVSvc - ok
10:16:51.0093 1804 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:16:51.0093 1804 NwlnkFlt - ok
10:16:51.0171 1804 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:16:51.0187 1804 NwlnkFwd - ok
10:16:51.0250 1804 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:16:51.0265 1804 ose - ok
10:16:51.0359 1804 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
10:16:51.0390 1804 Parport - ok
10:16:51.0453 1804 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:16:51.0453 1804 PartMgr - ok
10:16:51.0500 1804 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:16:51.0515 1804 ParVdm - ok
10:16:51.0562 1804 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:16:51.0562 1804 PCI - ok
10:16:51.0609 1804 PCIDump - ok
10:16:51.0687 1804 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:16:51.0687 1804 PCIIde - ok
10:16:51.0750 1804 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:16:51.0781 1804 Pcmcia - ok
10:16:51.0828 1804 PDCOMP - ok
10:16:51.0875 1804 PDFRAME - ok
10:16:51.0906 1804 PDRELI - ok
10:16:51.0953 1804 PDRFRAME - ok
10:16:52.0000 1804 perc2 - ok
10:16:52.0046 1804 perc2hib - ok
10:16:52.0187 1804 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
10:16:52.0187 1804 PlugPlay - ok
10:16:52.0218 1804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:16:52.0218 1804 PolicyAgent - ok
10:16:52.0281 1804 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:16:52.0296 1804 PptpMiniport - ok
10:16:52.0343 1804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:16:52.0343 1804 ProtectedStorage - ok
10:16:52.0390 1804 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:16:52.0406 1804 PSched - ok
10:16:52.0468 1804 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:16:52.0500 1804 Ptilink - ok
10:16:52.0531 1804 ql1080 - ok
10:16:52.0578 1804 Ql10wnt - ok
10:16:52.0625 1804 ql12160 - ok
10:16:52.0671 1804 ql1240 - ok
10:16:52.0703 1804 ql1280 - ok
10:16:52.0765 1804 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:16:52.0781 1804 RasAcd - ok
10:16:52.0843 1804 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:16:52.0859 1804 RasAuto - ok
10:16:52.0921 1804 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:16:52.0921 1804 Rasl2tp - ok
10:16:53.0000 1804 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:16:53.0000 1804 RasMan - ok
10:16:53.0031 1804 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:16:53.0062 1804 RasPppoe - ok
10:16:53.0109 1804 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:16:53.0125 1804 Raspti - ok
10:16:53.0187 1804 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:16:53.0203 1804 Rdbss - ok
10:16:53.0250 1804 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:16:53.0296 1804 RDPCDD - ok
10:16:53.0359 1804 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:16:53.0390 1804 rdpdr - ok
10:16:53.0484 1804 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:16:53.0484 1804 RDPWD - ok
10:16:53.0531 1804 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:16:53.0578 1804 RDSessMgr - ok
10:16:53.0640 1804 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:16:53.0656 1804 redbook - ok
10:16:53.0718 1804 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:16:53.0734 1804 RemoteAccess - ok
10:16:53.0812 1804 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
10:16:53.0828 1804 RemoteRegistry - ok
10:16:53.0875 1804 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
10:16:53.0890 1804 RpcLocator - ok
10:16:53.0953 1804 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
10:16:53.0953 1804 RpcSs - ok
10:16:54.0015 1804 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:16:54.0062 1804 RSVP - ok
10:16:54.0109 1804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
10:16:54.0109 1804 SamSs - ok
10:16:54.0171 1804 [ 3525FDCFC567E807A337C61AFF366BE8 ] SavRoam C:\Program Files\Symantec AntiVirus\SavRoam.exe
10:16:54.0218 1804 SavRoam - ok
10:16:54.0281 1804 [ 12B6E269EF8AC8EA36122544C8A1B6D8 ] SAVRT C:\Program Files\Symantec AntiVirus\savrt.sys
10:16:54.0312 1804 SAVRT - ok
10:16:54.0375 1804 [ 97E5B6F3F95465E1F59360B59D8EC64E ] SAVRTPEL C:\Program Files\Symantec AntiVirus\Savrtpel.sys
10:16:54.0390 1804 SAVRTPEL - ok
10:16:54.0437 1804 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:16:54.0468 1804 SCardSvr - ok
10:16:54.0531 1804 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:16:54.0562 1804 Schedule - ok
10:16:54.0625 1804 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:16:54.0640 1804 Secdrv - ok
10:16:54.0687 1804 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
10:16:54.0703 1804 seclogon - ok
10:16:54.0765 1804 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
10:16:54.0765 1804 SENS - ok
10:16:54.0812 1804 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
10:16:54.0859 1804 serenum - ok
10:16:54.0906 1804 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
10:16:54.0906 1804 Serial - ok
10:16:55.0093 1804 [ 4C0D673281178CB496011A2E28571FC8 ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys
10:16:55.0109 1804 sfdrv01 - ok
10:16:55.0171 1804 [ 15BE2B5E4DC5B8623CF167720682ABC9 ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
10:16:55.0171 1804 sfhlp02 - ok
10:16:55.0234 1804 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:16:55.0234 1804 Sfloppy - ok
10:16:55.0281 1804 [ 0B1A5E9CACB5CDD54A2815107BD7C772 ] sfman C:\WINDOWS\system32\drivers\sfmanm.sys
10:16:55.0296 1804 sfman - ok
10:16:55.0359 1804 sfsync02 - ok
10:16:55.0437 1804 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:16:55.0468 1804 SharedAccess - ok
10:16:55.0531 1804 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:16:55.0531 1804 ShellHWDetection - ok
10:16:55.0562 1804 Simbad - ok
10:16:55.0703 1804 [ FA3368A7039F5ABAA4B933703AC34763 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
10:16:55.0734 1804 smwdm - ok
10:16:55.0796 1804 [ 0D411EEA92751C1ECD8453892F41E726 ] SNDSrvc C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
10:16:55.0859 1804 SNDSrvc - ok
10:16:55.0937 1804 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
10:16:55.0953 1804 SoundMAX Agent Service (default) - ok
10:16:56.0000 1804 Sparrow - ok
10:16:56.0093 1804 [ 677B10906838D3BFB1C07AC9087E4BF7 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
10:16:56.0125 1804 SPBBCDrv - ok
10:16:56.0171 1804 [ C830007369E18A54AED23B5BB3AFA2BA ] SPBBCSvc C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
10:16:56.0218 1804 SPBBCSvc - ok
10:16:56.0265 1804 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:16:56.0281 1804 splitter - ok
10:16:56.0343 1804 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:16:56.0343 1804 Spooler - ok
10:16:56.0437 1804 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:16:56.0453 1804 sr - ok
10:16:56.0515 1804 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
10:16:56.0546 1804 srservice - ok
10:16:56.0593 1804 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:16:56.0593 1804 Srv - ok
10:16:56.0625 1804 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:16:56.0687 1804 SSDPSRV - ok
10:16:56.0750 1804 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:16:56.0781 1804 stisvc - ok
10:16:56.0843 1804 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:16:56.0859 1804 swenum - ok
10:16:56.0906 1804 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:16:56.0937 1804 swmidi - ok
10:16:56.0968 1804 SwPrv - ok
10:16:57.0015 1804 [ 5212178C49079E40831D95EC7596FCC7 ] SWUSBFLT C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys
10:16:57.0031 1804 SWUSBFLT - ok
10:16:57.0171 1804 [ 8FDAADF204A4F29214DA1B03342E2735 ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe
10:16:57.0203 1804 Symantec AntiVirus - ok
10:16:57.0250 1804 symc810 - ok
10:16:57.0296 1804 symc8xx - ok
10:16:57.0343 1804 [ DE6D1102D55926354171AE4E73936725 ] SymEvent C:\Program Files\Symantec\SYMEVENT.SYS
10:16:57.0359 1804 SymEvent - ok
10:16:57.0421 1804 [ 6C0A85982F4E0D672B85A2BFB50A24B5 ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
10:16:57.0421 1804 SYMREDRV - ok
10:16:57.0468 1804 [ CDDA3BA3F7D5B63FF9F85CB478C11473 ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
10:16:57.0500 1804 SYMTDI - ok
10:16:57.0546 1804 sym_hi - ok
10:16:57.0578 1804 sym_u3 - ok
10:16:57.0625 1804 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:16:57.0671 1804 sysaudio - ok
10:16:57.0734 1804 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:16:57.0750 1804 SysmonLog - ok
10:16:57.0828 1804 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:16:57.0843 1804 TapiSrv - ok
10:16:57.0906 1804 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:16:57.0921 1804 Tcpip - ok
10:16:57.0984 1804 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:16:58.0000 1804 TDPIPE - ok
10:16:58.0046 1804 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:16:58.0062 1804 TDTCP - ok
10:16:58.0109 1804 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:16:58.0140 1804 TermDD - ok
10:16:58.0218 1804 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
10:16:58.0250 1804 TermService - ok
10:16:58.0312 1804 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
10:16:58.0312 1804 Themes - ok
10:16:58.0375 1804 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
10:16:58.0421 1804 TlntSvr - ok
10:16:58.0468 1804 TosIde - ok
10:16:58.0531 1804 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:16:58.0546 1804 TrkWks - ok
10:16:58.0609 1804 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:16:58.0625 1804 Udfs - ok
10:16:58.0687 1804 ultra - ok
10:16:58.0765 1804 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
10:16:58.0781 1804 UMWdf - ok
10:16:58.0859 1804 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:16:58.0890 1804 Update - ok
10:16:58.0953 1804 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
10:16:58.0984 1804 upnphost - ok
10:16:59.0031 1804 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
10:16:59.0046 1804 UPS - ok
10:16:59.0093 1804 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:16:59.0109 1804 usbccgp - ok
10:16:59.0187 1804 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:16:59.0187 1804 usbehci - ok
10:16:59.0250 1804 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:16:59.0265 1804 usbhub - ok
10:16:59.0328 1804 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:16:59.0328 1804 usbprint - ok
10:16:59.0375 1804 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:16:59.0390 1804 usbscan - ok
10:16:59.0453 1804 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:16:59.0484 1804 usbstor - ok
10:16:59.0546 1804 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:16:59.0546 1804 usbuhci - ok
10:16:59.0609 1804 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:16:59.0625 1804 VgaSave - ok
10:16:59.0656 1804 ViaIde - ok
10:16:59.0734 1804 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:16:59.0750 1804 VolSnap - ok
10:16:59.0828 1804 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
10:16:59.0859 1804 VSS - ok
10:16:59.0921 1804 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
10:16:59.0984 1804 W32Time - ok
10:17:00.0062 1804 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:17:00.0078 1804 Wanarp - ok
10:17:00.0125 1804 WDICA - ok
10:17:00.0187 1804 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:17:00.0203 1804 wdmaud - ok
10:17:00.0250 1804 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:17:00.0281 1804 WebClient - ok
10:17:00.0375 1804 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:17:00.0390 1804 winmgmt - ok
10:17:00.0515 1804 [ 0F695800783C3F9E577B94BF1E71D95A ] WLANBelkinService E:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
10:17:00.0562 1804 WLANBelkinService - ok
10:17:00.0609 1804 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
10:17:00.0625 1804 WmdmPmSN - ok
10:17:00.0687 1804 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
10:17:00.0703 1804 Wmi - ok
10:17:00.0781 1804 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:17:00.0812 1804 WmiApSrv - ok
10:17:00.0906 1804 [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:17:00.0921 1804 WPFFontCache_v0400 - ok
10:17:01.0015 1804 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:17:01.0046 1804 wscsvc - ok
10:17:01.0109 1804 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:17:01.0125 1804 wuauserv - ok
10:17:01.0171 1804 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:17:01.0218 1804 WZCSVC - ok
10:17:01.0265 1804 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:17:01.0312 1804 xmlprov - ok
10:17:01.0375 1804 ================ Scan global ===============================
10:17:01.0421 1804 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
10:17:01.0515 1804 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
10:17:01.0562 1804 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
10:17:01.0593 1804 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
10:17:01.0593 1804 [Global] - ok
10:17:01.0609 1804 ================ Scan MBR ==================================
10:17:01.0640 1804 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:17:01.0828 1804 \Device\Harddisk0\DR0 - ok
10:17:01.0843 1804 ================ Scan VBR ==================================
10:17:01.0875 1804 [ A90B9E438BA45F1CBCD4F84B2B2F3B9C ] \Device\Harddisk0\DR0\Partition1
10:17:01.0875 1804 \Device\Harddisk0\DR0\Partition1 - ok
10:17:01.0906 1804 [ 2C75A5EADDF100D119A3B3BC5B0964D6 ] \Device\Harddisk0\DR0\Partition2
10:17:01.0906 1804 \Device\Harddisk0\DR0\Partition2 - ok
10:17:01.0953 1804 [ 4DFB96EA5E70B5B713D6AC0F9C1B99AC ] \Device\Harddisk0\DR0\Partition3
10:17:01.0953 1804 \Device\Harddisk0\DR0\Partition3 - ok
10:17:01.0953 1804 ============================================================
10:17:01.0953 1804 Scan finished
10:17:01.0953 1804 ============================================================
10:17:02.0015 3300 Detected object count: 0
10:17:02.0015 3300 Actual detected object count: 0
10:20:14.0750 1892 Deinitialize success

[Satchfan]

There was something that OTL couldn't deal with so I'd like you to run a different scan.


Download and run ComboFix

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

• when finished, it will produce a report
• please post the C:\ComboFix.txt in your next reply.

Thanks

Satchfan

[GotNoTime]

Ran ComboFix. I see I still have that 'Smile Box' program in supplementary scans which I though I had deleted a couple times now....
Added a manual restore point just incase

ComboFix 13-09-28.02 - Paul 09/28/2013 21:18:26.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1102 [GMT -7:00]
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Paul\WINDOWS
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2013-08-28 to 2013-09-29 )))))))))))))))))))))))))))))))
.
.
2013-09-28 17:05 . 2013-09-28 17:05 -------- dc----w- C:\_OTL
2013-09-26 00:37 . 2013-09-26 00:37 -------- d-----w- c:\windows\ERUNT
2013-09-26 00:27 . 2013-09-26 00:29 -------- dc----w- C:\AdwCleaner
2013-09-17 01:22 . 2013-09-17 01:22 74703 ----a-w- c:\windows\system32\mfc45.dll
2013-09-17 01:03 . 2013-09-17 01:24 -------- dc----w- c:\documents and settings\All Users\Application Data\iolo
2013-09-17 01:03 . 2013-09-17 01:03 -------- d-----w- c:\documents and settings\Paul\Application Data\iolo
2013-09-15 07:33 . 2013-09-15 07:35 -------- d-----w- c:\windows\system32\MRT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-22 19:45 . 2012-04-18 03:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-22 19:45 . 2012-04-18 03:50 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-09 01:56 . 2004-08-04 05:56 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05 . 2004-08-04 05:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2004-08-04 05:56 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2004-08-04 05:56 43520 ------w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2004-08-04 05:56 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27 . 2004-08-04 04:17 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 00:02 . 2004-08-04 03:59 385024 ------w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2004-08-04 05:56 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-01 02:26 . 2004-08-04 05:56 868528 ----a-w- c:\windows\system32\wmvdmod.dll
2013-07-10 10:37 . 2004-08-04 05:56 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 02:59 . 2004-08-04 04:20 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2004-08-03 22:59 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-21 148776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\\vptray.exe" [2006-09-28 125168]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-06-11 153136]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-04-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-08 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Play Wireless USB Adapter Utility.lnk - e:\program files\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\NETGEAR Genie\\bin\\NETGEARGenie.exe"=
.
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 1:37 PM 13672]
R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [11/6/2009 8:26 AM 642432]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/2/2012 11:54 AM 106656]
R3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;c:\windows\system32\drivers\SWUSBFLT.SYS [5/31/2008 6:33 PM 3968]
S2 NETGEARGenieDaemon;NETGEARGenieDaemon;e:\program files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [9/24/2012 11:06 PM 195400]
S2 WLANBelkinService;Belkin WLAN service;e:\program files\Belkin\F7D4101\V1\wlansrv.exe [12/28/2009 5:25 PM 36864]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 19:45]
.
2013-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 17:46]
.
2013-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 17:46]
.
2013-09-29 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-22 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?mtmhp=txtlnkusaolp00000051
mStart Page = hxxp://start.smilebox.com/?src=10&st=12&crg=3.5000006.10040&barid={173BFFE9-D178-11E2-A4D6-001185176E28}
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-NETGEARGenie - c:\documents and settings\Paul\Local Settings\Application Data\Symantec\NETGEARGenie\feekjl.dll
AddRemove-BrothersInArmsEiB - c:\program files\Ubisoft\Gearbox Software\BrothersInArmsEiB\System\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-28 21:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4056)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\progra~1\SYMANT~1\vptray.exe
c:\windows\system32\devldr32.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-09-28 21:31:08 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-29 04:31
.
Pre-Run: 8,361,082,880 bytes free
Post-Run: 8,197,820,416 bytes free
.
- - End Of File - - 5949025FA8B133A8E5A1401A91D5E984
8F558EB6672622401DA993E1E865C861

[Satchfan]

If you want to remove My StartPage (Smilebox) as your home page, you can change it by clicking on Tools, Internet Options and under the "General" tab, type in the address that you want to be your home page.

======================================================

One of your StarForce drivers needs to be replaced. You can use the StarForce Removal Tool to remove it but it means that whichever game installed StarForce will stop working. However, if you reinstall the game, it will reinstall StarForce.

======================================================

Run Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services
Windows Firewallsfc
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

• press "Scan".
• it will create a log (FSS.txt) in the same directory the tool is run.
• please copy and paste the log to your reply.

======================================================

Download Malwarebytes-Anti-Malware

Click here.

• double-click mbam-setup.exe and follow the prompts to install the program – (Note: Vista & Windows 7 users, please right-click and select “Run as Administrator”)
• at the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware. and Launch Malwarebytes' Anti-Malware, then click Finish..
• if an update is found, it will download and install the latest version.
• once the program has loaded, select Perform quick scan, then click Scan.
• when the scan is complete, click OK, then Show Results to view the results.
• be sure that everything is checked, and click Remove Selected.
• when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

======================================================

Run Security Check

Download Security Check by screen317 from here or here.

• save it to your Desktop.
• double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• a Notepad document should open automatically called checkup.txt; please post the contents of that document.

Logs to include with the next post:

FSS.txt
Mbam.txt
checkup.txt

Can you try to update your antivirus and tell me what outstanding problems there are.

Satchfan

[GotNoTime]

OK,

So we ran into a few problems here.
I was able to run FarBar (See attached). Had a little trouble with AVG though. My home page has always been AOL. Smile Box isnt listed on my internet options.....Also I dont have a game called "Starforce". Not sure what that is.? When I downloaded AVG I did not see an option for a quick scan. It didnt give me an opportunity to update.IT just started a first time FUll Scan. I left it on and checked every few hours. After about 6 I found it stuck on "Aiodlite.dll" with only 13 items scanned. I dont think it is working very well right now.

Farbar Service Scanner Version: 13-09-2013
Ran by Paul (administrator) on 29-09-2013 at 10:04:19
Running from "C:\Documents and Settings\Paul\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(8) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

[Satchfan]

Had a little trouble with AVG though.

I didn’t ask you to run AVG. I asked you to run Malwarebytes and SecurityCheck then try to update Norton (Symantec AntiVirus).

After about 6 I found it stuck on "Aiodlite.dll"

That is related to Acrobat and should not (normally) be infected.

Smile Box isnt listed on my internet options.....Also I dont have a game called "Starforce".

Starforce is not a game – it is installed with computer games and is mainly used to protect them which is probably how you got it installed. According to your logs it is causing problems and needs to be removed. The only consequence may be that whatever game instigated its installation may have to be reinstalled.

Please run Mbam, SecurityCheck and the Starforce removal tool then post the results.

Thanks

Satchfan

[GotNoTime]

Whoops! grabbed the wrong program. Now I got AVG running amuck. Anyway ran Starforce removal. Ran M-Bam. Results were negative (see attached log) and I ran Security Force (see log attached). I was not able to update Symantec still. Incidentally AVG launched it self. It identified The DLL I renamed in my Application Data Folder ,now Feekjl2.dll as Trojan Downloader Generic13.13DMW It also identified NIVIDA nvCpl Container\iguampe.dll as Trogan Dropper.Generic8.BGUM.Prior to joining this site I wondered if I would loose my monitor if I killed that one. I had recently removed my after market video card because it was going bad and the system had an internal Vid Card. Not sure if there would be Nvidia chips on that one ??? At any rate I did not take any action on either of those two files both in Application Data Folder.

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.30.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Paul :: MEDIA [administrator]

Protection: Enabled

9/30/2013 4:35:12 PM
mbam-log-2013-09-30 (16-35-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212219
Time elapsed: 12 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
**********************************
Results of screen317's Security Check version 0.99.74
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
A
V
G
ECHO is off.
A
n
t
i
V
i
r
u
s
ECHO is off.
2
0
1
4
ECHO is off.
S
y
m
a
n
t
e
c
ECHO is off.
A
n
t
i
V
i
r
u
s
ECHO is off.
C
o
r
p
o
r
a
t
e
ECHO is off.
E
d
i
t
i
o
n
ECHO is off.
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 11
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes Anti-Malware mbam.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Symantec AntiVirus DefWatch.exe
Symantec AntiVirus Rtvscan.exe
Symantec AntiVirus DoScan.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

[Satchfan]

I’d like another ComboFix report to see what is currently installed on your computer.

• push the Windows key, (between the "Ctrl" button and "Alt" Button) + "R"
• copy/paste the following bolded text into the run box and then click OK:

C:\Qoobox\Add-Remove Programs.txt

====================================================

Run OTL

• open OTL again, click on Extra Registry -> Use Safelist
• then click Run Scan

Post back with the 2 OTL logs and the ComboFix log

Thanks

Satchfan

[GotNoTime]

ComboFix is hanging up. It is conflicting with both Symantec and AGV even though I disabled both. I am trying to review the link on disabling them as the instructions seem to be different from what I am seeing. ComboFix is to run first before the other instruction -correct?