[jennyferr]

Everytime I go to any search engine, any link I click on redirects me to another, unrelated random site.
I have Norton but its not really doing anything...

Here's my Hijack this log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:09:57 PM, on 7/2/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02809028-07A3-4EC9-B1D3-9F72884C805e} - C:\Windows\SysWow64\DfsShlEx3232.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1cad204391e2438) (gupdate1cad204391e2438) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11338 bytes

[RPMcMurphy]

Hello jennyferr and welcome to Tech Support Guy. I’ll be happy to look over your log and help you with your issues. It will be very helpful if you follow these guidelines:

• Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
• Please do not run any scans or install/uninstall any applications without being directed to do so.
• Please follow my instructions carefully and in the order they are posted.
• Any underlined text in my posts indicates a clickable link.
• You should print any instructions I give you for ease of use and reference.
• If you have any questions at all, please stop and ask before proceeding.
• I remove threads from my subscription list after 5 days of inactivity. If you will not be able to respond to a post within 5 days, please let me know in advance.

Please download DDS by sUBs from one of the following links and save it to your desktop.

DDS.scr
DDS.pif

• Disable any script blocking protection (How to Disable your Security Programs)
• Double click DDS icon to run the tool (may take up to 3 minutes to run)
• When done, DDS.txt will open.
• After a few moments, attach.txt will open in a second window.
• Save both reports to your desktop.

---------------------------------------------------

• Post the contents of the DDS.txt report in your next reply
• Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

Download GMER Rootkit Scanner from here to your desktop.

• Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  
  
  
  Click the image to enlarge it
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
• Save it where you can easily find it, such as your desktop, and post it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If you have trouble running GEMR:

• Make sure that your security software is disabled
• Uncheck the box next to "Files" this time also
• If you still can't run it, try in the Safe Mode

Please include the following in your next post:

• OTL and OTL Extras logs
• GMER log

[jennyferr]

DDS (Ver_10-03-17.01) - NTFSX64
Run by Jenny at 7:51:56.00 on Sat 07/03/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.634 [GMT -5:00]

============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe

[jennyferr]

I didn't have a GMER log?? I did everything it said to do if you had trouble and it still didn't work. I turned off norton and windows live.

[RPMcMurphy]

Hi jennyferr,

Most of the DDS.txt report is missing, but it looks like you are using a 64-bit OS which requires a different approach anyway. Please run this for me:

Download OTL to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Custom Scan box paste this in:
  netsvcs
  %systemroot%\system32\drivers\*.sys /90
  %SYSTEMDRIVE%\*.exe
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  CREATERESTOREPOINT
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and paste them into your next post.

Please include the following in your next post:

• OTL and OTL Extras logs

[jennyferr]

OTL logfile created on: 7/4/2010 3:13:16 AM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Jenny\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 34.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.40 Gb Total Space | 150.41 Gb Free Space | 68.24% Space Free | Partition Type: NTFS
Drive D: | 12.29 Gb Total Space | 2.06 Gb Free Space | 16.75% Space Free | Partition Type: NTFS
Drive E: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNY-PC
Current User Name: Jenny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Jenny\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\FrostWire\FrostWire.exe (FrostWire Group)
PRC - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)


========== Modules (SafeList) ==========

MOD - C:\Users\Jenny\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\vbscript.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wbem\wmiutils.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wbemcomn.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wbem\wbemdisp.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wbem\wbemsvc.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wbem\wbemprox.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\sxs.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\srvcli.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\slc.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\RpcRtRemote.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\ntshrui.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\ntdsapi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wbem\fastprox.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\EhStorShell.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
SRV - (VSS) -- C:\Windows\Vss [2009/07/13 22:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/13 22:20:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symtdiv.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys (Symantec Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100703.003\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100703.003\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100702.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100619.001\BHDrvx64.sys (Symantec Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mdmxsdk) -- C:\Windows\SysWOW64\mdmxsdk.dll (Conexant)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 28 90 80 02 A3 07 C9 4E B1 D3 9F 72 88 4C 80 5E [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/11/01 03:16:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/06/20 06:30:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/03/04 07:53:37 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02809028-07A3-4EC9-B1D3-9F72884C805e} - C:\Windows\SysWOW64\DfsShlEx3232.dll ()
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] C:\Windows\SysWow64\conime.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pu...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/29 21:57:16 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/21 17:22:16 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{202166d2-24d8-11df-a1ff-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{202166d2-24d8-11df-a1ff-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009/04/29 21:57:16 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/03 17:00:55 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe
[2010/07/02 19:00:55 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Documents\erunt[1]
[2010/07/02 18:52:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/06/29 05:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/06/20 07:05:21 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Documents\CyberLink
[2010/06/20 07:05:20 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\CyberLink
[2010/06/19 06:53:50 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Documents\Symantec
[2010/06/16 01:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010/06/16 01:15:30 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Documents\Electronic Arts
[2010/06/16 01:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2010/06/16 00:52:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010/06/15 00:19:23 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Documents\My Games
[2010/06/15 00:08:34 | 000,000,000 | -HSD | C] -- C:\Users\Jenny\AppData\Roaming\SystemProc
[2010/06/14 23:57:36 | 000,000,000 | ---D | C] -- C:\Fraps
[2010/06/14 21:16:24 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll
[2010/06/14 21:16:22 | 000,084,992 | ---- | C] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll
[2010/05/30 13:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Online Entertainment
[2010/05/30 09:46:57 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\GOL_byHasbro
[2010/04/30 22:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/04/30 14:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2010/04/29 23:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\kds_kodak
[2010/04/29 22:04:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2010/04/29 22:01:58 | 000,000,017 | ---- | C] () -- C:\Users\Jenny\AppData\Local\resmon.resmoncfg
[2010/04/28 12:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Zylom
[2010/04/28 12:25:18 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\WildTangentv1001
[2010/04/28 11:04:21 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Documents\LDW
[2010/04/28 10:26:34 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Documents\TikGames
[2010/04/19 02:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/19 02:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/19 02:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/04/19 02:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/04/19 02:09:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/04/18 23:17:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/18 23:17:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/04/18 22:54:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari

========== Files - Modified Within 90 Days ==========

[2010/07/04 03:17:47 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/04 03:14:19 | 001,572,864 | -HS- | M] () -- C:\Users\Jenny\NTUSER.DAT
[2010/07/04 03:12:42 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/04 03:12:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/03 17:06:45 | 001,143,340 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\Cat.DB
[2010/07/03 17:03:32 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/03 17:03:32 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/03 17:03:32 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/03 17:01:10 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe
[2010/07/03 07:54:37 | 000,293,376 | ---- | M] () -- C:\Users\Jenny\Desktop\rn9inevl.exe
[2010/07/03 07:40:48 | 000,525,824 | ---- | M] () -- C:\Users\Jenny\Desktop\dds.scr
[2010/07/02 18:52:16 | 000,002,093 | ---- | M] () -- C:\Users\Jenny\Desktop\HijackThis.lnk
[2010/06/29 05:49:38 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/06/28 19:16:03 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJenny.job
[2010/06/28 07:38:43 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration RunOnce Task.job
[2010/06/28 07:38:03 | 001,283,722 | -H-- | M] () -- C:\Users\Jenny\AppData\Local\IconCache.db
[2010/06/27 15:27:57 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2010/06/27 06:43:33 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/27 06:43:33 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/24 18:58:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/24 18:57:49 | 1556,500,480 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/19 20:06:43 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/06/19 06:51:07 | 000,001,313 | ---- | M] () -- C:\Users\Jenny\Desktop\Norton Installation Files.lnk
[2010/06/16 01:13:07 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2010/06/15 00:19:35 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2010/06/15 00:08:02 | 000,324,096 | ---- | M] () -- C:\Windows\SysWow64\DfsShlEx3232.dll
[2010/06/14 21:16:24 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll
[2010/06/14 21:16:22 | 000,084,992 | ---- | M] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll
[2010/06/11 19:02:05 | 000,080,222 | ---- | M] () -- C:\Users\Jenny\Documents\MPN loan form.pdf
[2010/06/09 10:34:10 | 000,354,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/14 01:32:01 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\isolate.ini
[2010/05/05 23:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symtdiv.sys
[2010/05/05 23:01:43 | 000,001,473 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnetv.inf
[2010/05/05 23:01:43 | 000,001,445 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnet.inf
[2010/04/29 23:44:20 | 000,073,475 | ---- | M] () -- C:\Users\Jenny\Documents\License.pdf
[2010/04/29 23:42:49 | 000,447,469 | ---- | M] () -- C:\Users\Jenny\Documents\Pin Reset Form.pdf
[2010/04/29 22:05:01 | 000,001,227 | ---- | M] () -- C:\Users\Jenny\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.20.6.lnk
[2010/04/29 22:05:00 | 000,001,203 | ---- | M] () -- C:\Users\Jenny\Desktop\FrostWire 4.20.6.lnk
[2010/04/29 22:01:58 | 000,000,017 | ---- | M] () -- C:\Users\Jenny\AppData\Local\resmon.resmoncfg
[2010/04/29 00:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys
[2010/04/29 00:03:51 | 000,007,402 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\iron.cat
[2010/04/29 00:03:51 | 000,000,771 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\iron.inf
[2010/04/26 03:18:45 | 000,007,829 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.cat
[2010/04/24 06:31:04 | 000,003,373 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa.inf
[2010/04/21 22:02:36 | 000,007,787 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnetv64.cat
[2010/04/21 22:02:36 | 000,007,368 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnet64.cat
[2010/04/21 22:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys
[2010/04/21 22:01:56 | 000,007,406 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.cat
[2010/04/21 21:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.sys
[2010/04/21 21:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys
[2010/04/21 21:29:51 | 000,007,414 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.cat
[2010/04/21 21:29:51 | 000,001,421 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.inf
[2010/04/21 21:29:50 | 000,007,410 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.cat
[2010/04/21 21:29:50 | 000,001,437 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.inf
[2010/04/19 02:14:50 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/19 02:09:50 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/18 22:54:51 | 000,002,515 | ---- | M] () -- C:\Users\Jenny\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/04/18 22:54:51 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/04/15 23:57:06 | 000,203,030 | ---- | M] () -- C:\Users\Jenny\Documents\Reynolds v.pptm
[2010/04/07 01:14:19 | 000,620,453 | ---- | M] () -- C:\Users\Jenny\Documents\taxes.zip

========== Files Created - No Company Name ==========

[2010/07/03 07:54:33 | 000,293,376 | ---- | C] () -- C:\Users\Jenny\Desktop\rn9inevl.exe
[2010/07/03 07:40:31 | 000,525,824 | ---- | C] () -- C:\Users\Jenny\Desktop\dds.scr
[2010/07/02 18:52:15 | 000,002,093 | ---- | C] () -- C:\Users\Jenny\Desktop\HijackThis.lnk
[2010/06/19 06:45:56 | 000,001,313 | ---- | C] () -- C:\Users\Jenny\Desktop\Norton Installation Files.lnk
[2010/06/16 01:13:07 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2010/06/15 00:19:35 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/06/15 00:07:57 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\DfsShlEx3232.dll
[2010/06/11 19:02:04 | 000,080,222 | ---- | C] () -- C:\Users\Jenny\Documents\MPN loan form.pdf
[2010/04/30 22:03:41 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/04/29 23:44:20 | 000,073,475 | ---- | C] () -- C:\Users\Jenny\Documents\License.pdf
[2010/04/29 23:42:49 | 000,447,469 | ---- | C] () -- C:\Users\Jenny\Documents\Pin Reset Form.pdf
[2010/04/29 22:05:01 | 000,001,227 | ---- | C] () -- C:\Users\Jenny\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.20.6.lnk
[2010/04/29 22:05:00 | 000,001,203 | ---- | C] () -- C:\Users\Jenny\Desktop\FrostWire 4.20.6.lnk
[2010/04/19 02:14:50 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/19 02:09:50 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/18 22:54:51 | 000,002,515 | ---- | C] () -- C:\Users\Jenny\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/04/18 22:54:51 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/04/15 23:53:26 | 000,203,030 | ---- | C] () -- C:\Users\Jenny\Documents\Reynolds v.pptm
[2010/04/07 01:14:17 | 000,620,453 | ---- | C] () -- C:\Users\Jenny\Documents\taxes.zip
[2010/01/06 08:06:12 | 000,000,333 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/01/06 08:06:12 | 000,000,274 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2009/09/29 17:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/07/04 03:18:55 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\FrostWire
[2010/05/30 09:46:57 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\GOL_byHasbro
[2010/03/26 01:15:10 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PlayFirst
[2010/06/19 07:20:02 | 000,000,000 | -HSD | M] -- C:\Users\Jenny\AppData\Roaming\SystemProc
[2010/04/29 23:36:51 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Temp
[2010/03/05 14:22:17 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\WildTangent
[2010/04/28 12:25:18 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\WildTangentv1001
[2010/06/28 07:38:43 | 000,000,414 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration RunOnce Task.job
[2010/06/27 15:27:57 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2009/07/14 00:08:49 | 000,010,122 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\drivers\*.sys /90 >

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 20:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/07/13 20:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
< End of report >



OTL Extras logfile created on: 7/4/2010 3:13:21 AM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Jenny\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 34.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.40 Gb Total Space | 150.41 Gb Free Space | 68.24% Space Free | Partition Type: NTFS
Drive D: | 12.29 Gb Total Space | 2.06 Gb Free Space | 16.75% Space Free | Partition Type: NTFS
Drive E: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNY-PC
Current User Name: Jenny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java(TM) 6 Update 15 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java(TM) SE Development Kit 6 Update 15 (64-bit)
"{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E78A769A-592F-4154-8277-07CC3BDCAAD8}" = MobileMe Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}" = HP User Guides 0156
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}" = HP Support Assistant
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"DivX Setup.divx.com" = DivX Setup
"EADM" = EA Download Manager
"Fraps" = Fraps
"FrostWire" = FrostWire 4.20.6
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"NIS" = Norton Internet Security
"Super Winspy_is1" = Super Winspy v3.5
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

[RPMcMurphy]

Hi jennyferr,

You have more than one antivirus (AV) program running. Your logs show both Norton Internet Security (NIS) and Microsoft Security Essentials (MSE) running. Running more than one AV program does not offer any more protection and often causes conflicts and slow downs with your computer. Please uninstall either NIS or MSE via Control Panel > Add/Remove Programs. Run the removal tool (links below) for whichever app you uninstall also:

Microsoft Security Essentials Removal Tool
Norton Removal Tool

You are infected with a trojan know to sometimes have backdoor properties. Backdoor Trojans are very dangerous because they use advanced techniques (backdoors) to steal sensitive information which they send back to the hacker. All passwords should be changed immediately using a different computer and, if necessary, banking and credit card institutions should be notified of the possible security breach.

P2P - I see you have P2P software (FrostWire) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to malware infections. Malware authors use P2P filesharing as a major conduit to spread their wares. I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs. If you choose to keep these applications, please do not use them until our fixes at TSG are complete.

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  Code:

  :OTL
  O2 - BHO: (no name) - {02809028-07A3-4EC9-B1D3-9F72884C805e} - C:\Windows\SysWOW64\DfsShlEx3232.dll ()
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
  O33 - MountPoints2\{202166d2-24d8-11df-a1ff-806e6f6e6963}\Shell - "" = AutoRun
  O33 - MountPoints2\{202166d2-24d8-11df-a1ff-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009/04/29 21:57:16 | 000,054,544 | R--- | M] (Electronic Arts)
  [2010/06/15 00:08:02 | 000,324,096 | ---- | M] () -- C:\Windows\SysWow64\DfsShlEx3232.dll
  [2010/04/29 22:01:58 | 000,000,017 | ---- | M] () -- C:\Users\Jenny\AppData\Local\resmon.resmoncfg
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
  O4 - HKLM..\Run: []  File not found
  O4 - HKLM..\Run: [Conime] C:\Windows\SysWow64\conime.exe File not found
  
  :Commands
  [ClearAllRestorePoints]
  [CreateRestorePoint]
  [EmptyFlash]
  [EmptyTemp]
  [Purity]

• Then click the Run Fix button at the top
• Let the program run unhindered, it will reboot when it is done and produce a log

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

• Once the update is complete, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, adware, dialers, and other riskware
  • Archives
  • E-mail databases
• Click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View report... at the bottom.
• Click the Save report... button.
  
  
• Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Please include the following in your next post:

• OTL Fix log
• Kaspersky log

[jennyferr]

All processes killed
Error: Unable to interpret <Code:> in the current context!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{02809028-07A3-4EC9-B1D3-9F72884C805e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02809028-07A3-4EC9-B1D3-9F72884C805e}\ not found.
File C:\Windows\SysWOW64\DfsShlEx3232.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explo rer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explo rer\\NoActiveDesktopChanges not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{202166d2-24d8-11df-a1ff-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{202166d2-24d8-11df-a1ff-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{202166d2-24d8-11df-a1ff-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{202166d2-24d8-11df-a1ff-806e6f6e6963}\ not found.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File C:\Windows\SysWow64\DfsShlEx3232.dll not found.
File C:\Users\Jenny\AppData\Local\resmon.resmoncfg not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Conime not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jenny
->Flash cache emptied: 2051870 bytes

User: Public

Total Flash Files Cleaned = 2.00 mb

[jennyferr]

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, July 5, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, July 05, 2010 00:26:06
Records in database: 4245667
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Objects scanned: 197421
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 19:01:38

File name / Threat / Threats count
C:\_OTL\MovedFiles\07042010_225225\C_Windows\SysWOW64\DfsShlEx3232.dll Infected: Packed.Win32.Delfpack.a 1
Selected area has been scanned.

[RPMcMurphy]

jennyferr,

How is your computer running now - are you still being redirected? Please run this next:

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please post the results.

Please include the following in your next post:

• MBAM log
• How is the computer running?

[jennyferr]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4281
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
7/6/2010 7:44:48 AM
mbam-log-2010-07-06 (07-44-48).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 308890
Time elapsed: 1 hour(s), 47 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Users\Jenny\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\_OTL\MovedFiles\07042010_225225\C_Windows\SysWOW64\DfsShlEx3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Jenny\AppData\Roaming\SystemProc\upd.exe (Trojan.Agent) -> Quarantined and deleted successfully.




Its running well. No more search engine redirecting.

[RPMcMurphy]

jennyferr,

Your logs look good. All that's left are some important updates and cleanup:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
• Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 20. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
• Click the "Download" button to the right.
• Select the Windows platform from the dropdown menu.
• Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Now go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version.
• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    Applications and AppletsTrace and Log Files
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Temporary Files Window
• Click OK to leave the Java Control Panel.

Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version.

Go HERE to scan for any other out of date and/or vulnerable applications on your computer and follow the instructions given for updating them.

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.
• Manually delete any remaining logs or tools.

Finally, I'd like to make a couple of suggestions to help you stay clean in the future:

• Restart any anti-malware programs that we disabled while we were cleaning your machine.
• Keep your antivirus application current and updated. Also, hang on to MBAM. Scan with them at least weekly.
• Avoid using P2P programs. Refer back to my earlier post for more information.
• Consider running in a limited user account. See this post for more information.
• Please carefully review the information in our Security - Best Practices and Prevention forum located HERE

Please post once more so I know you are all set. Good luck and stay safe!

[jennyferr]

Thank you so much!!! I have had no problems so far and have updated everything I could find! Thanks again!

[RPMcMurphy]

You're welcome, jennyferr. Take care.