Infected by Tidserv Activity and Activity 2

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Infected by Tidserv Activity and Activity 2

#1 rhale7425

Member

Group: Members
Posts: 23
Joined: 14-August 10

Posted 02 May 2011 - 02:53 PM

The following is a list of alerts from my daughter's Norton History on her Vista Home Premium PC (I'm posting from a separate PC):

1. Low item shown for googleupdatesetup.exe
2. Low item shown for Unauthorized access by Norton
3. Low item with PC configuration changes by wrxnsecaom.exe
4. Low item with PC configuration changes by setup1285330688.exe
5. Low item with PC configuration changes by setup1683134592.exe
6. Trojan block of Fake AV!gen42
7. When running quick scans on Norton shows Trojan cookies
8. High blocks on either Tidserv Activity or Tidserv Activity 2 for Application path \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\MOXILLA FIREFOX\FIREFOX.EXE (most when doing google searches)
9. Other high blocks on either Tidserv Activity or Tidserv Activity 2 for Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE. (I've gotten this one without opening the browser)
10. I've created the attach DDS.txt and attach.txt files and the gmer.txt. The GMER did find rootkit activity.

Other symptoms:
1. I'm also getting some window (not browser) popups "Microsoft Windows - Host Process for Windows services stopped working and was closed" (wermgr.exe). I'm not sure what services were being stopped.

2. I've first tried running an older version of Malwarebytes that was already on the PC. It would not run saying "The dependency service or group failed to start". I was also getting this if I try running Windows Explorer in Administrative mode. I could run Windows Explorer in normal mode. After trying to restart the PC (see system #5) I was then able to run both. I updated Malwarebytes which then found a trojan (that I forgot to document) in a temp folder.

3. Note: Before the restart in #2, I tried downloading a new version of Malwarebytes, but setup says "Shellexecute.exe failed" with the same "The dependency service or group failed to start" message.

4. If I try running a full Norton Scan and close the laptop for it to run in background when I return I have to log back in and when doing so I get a windows popup "Microsoft Windows - Windows has recovered from an unexpected shutdown" and the scan has stopped running.

5. I also have a restart Issue with the PC which may or may not be related. If I try to shut down or restart the PC I get a Blue Screen saying INTERNAL_POWER_ERROR. This keeps the PC from shutting down and it automatically reboots. This began around the same time as the virus. We've had some power issues with this HP PC (18 month old PC) which HP fixed under warranty in the first year. Then a few months ago we had to replace the power cable (which seems to be a common problem on some of their products). Therefore I don't know if the virus caused this to occur via some software change or if by coincidence that problem popped up at the same time.

Thank you for your help. I had a nasty virus on another PC many months ago and you all provided me great assistance and the problem was resolved after many attempts over 3-4 weeks and the PC was flawless after than until a motherboard issue later occurred.

Attached File(s)

DDS.txt (13.7K)
Number of downloads: 2
Attach.txt (4.96K)
Number of downloads: 0
ark.txt (7.61K)
Number of downloads: 1

This post has been edited by rhale7425: 02 May 2011 - 03:06 PM

#2 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 08 May 2011 - 09:52 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Posted Image

One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.

I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

NEXT:

Running TDSSKiller

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

NEXT:

Running OTL

We need to create an OTL Report

Please download OTL from one of the following mirrors:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

NEXT:

Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#3 rhale7425

Member

Group: Members
Posts: 23
Joined: 14-August 10

Posted 08 May 2011 - 06:11 PM

First of all thank you very much for your assistance in this troublesome problem. A Bleepingcomputer volunteer helped me last summer with a separate PC incident to a successful conclusion.

Here are the steps I've taken today since receiving your email (Note: I'm doing all posting and downloads via a separate computer and have the internet off on the PC that has been infected).
1. Turn off Norton Virus Protection
2. Downloaded TDSSKiller and OTL and copied to infected machine
3. Ran TDSSKiller which found virus in a short time period
4. Kept cure and clicked Continue and then clicked on Reboot Now per instructions
5. PC received Blue Screen for "INTERNAL_POWER_ERROR" during reboot
6. Upon reboot I selected the prompted option of "Start Windows Now"
7. Received windows popup stating Windows Received Unexpected Shutdown
8. Ran OTL
9. Saved TDSSKiller log and OTL logs. Contents are posted below rather than using attachments per instructions.
10. Out of curiosity rebooted (restart option) PC to see if would get Blue Screen again. I did not get Blue Screen and PC Rebooted (restarted) normally.
11. When logging back on I did not get the popup stating Windows Received Unexpected Shutdown as I had in the past
12. I turned Virus Protection back on to try accessing the internet
13. I turned Internet back on and was able to Google a couple of items and go to CNN.com without Norton blocking problems as it had in the past. All was done via FireFox.
14. I closed browser and turned internet off (pushed button to turn off wireless connection)
15. At the moment I still have Norton Virus turned on, but it is giving me warnings that the files are now out of date. Internet is still turned off. I did not want to do any other testing or actions without your direction

Other:
1. I appreciate the warning message about the backdoor situation. I'm trying to access my vulnerability understanding without a reformat and reinstall there are no 100% guarantees. After the virus hit we thought Norton had blocked it and thought we were okay until more warnings occurred. In the mean time we had signed on to two sites that required passwords. One we did an order from using an already stored credit card that we only had to confirm to use. We will change those passwords from another PC. We do not have any financial or other personal data other than name/address on the PC.
2. We know the PC is out of date for Windows Updates and know that is a no-no. When we got the PC immediately a Windows Update caused the Wireless Connection to fail and HP instructed us to back them all out. We did so and figured out the problem install. Since then we have occasionally manually done the updates, but are several months behind.
3. Once this PC is deemed clean please direct us as to steps to take to try and get PC to stay clean

Here is the TDSSKiller log (TDSSKiller.2.5.0.0_08.05.2011_18.13.37_log.txt)

2011/05/08 18:13:37.0549 4412 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/08 18:13:39.0265 4412 ================================================================================
2011/05/08 18:13:39.0265 4412 SystemInfo:
2011/05/08 18:13:39.0265 4412
2011/05/08 18:13:39.0265 4412 OS Version: 6.0.6001 ServicePack: 1.0
2011/05/08 18:13:39.0265 4412 Product type: Workstation
2011/05/08 18:13:39.0265 4412 ComputerName: AMANDA-PC
2011/05/08 18:13:39.0265 4412 UserName: Amanda
2011/05/08 18:13:39.0265 4412 Windows directory: C:\Windows
2011/05/08 18:13:39.0265 4412 System windows directory: C:\Windows
2011/05/08 18:13:39.0265 4412 Processor architecture: Intel x86
2011/05/08 18:13:39.0265 4412 Number of processors: 2
2011/05/08 18:13:39.0265 4412 Page size: 0x1000
2011/05/08 18:13:39.0265 4412 Boot type: Normal boot
2011/05/08 18:13:39.0265 4412 ================================================================================
2011/05/08 18:13:39.0499 4412 Initialize success
2011/05/08 18:14:05.0223 5136 ================================================================================
2011/05/08 18:14:05.0223 5136 Scan started
2011/05/08 18:14:05.0223 5136 Mode: Manual;
2011/05/08 18:14:05.0223 5136 ================================================================================
2011/05/08 18:14:05.0769 5136 Accelerometer (3b10711ad8656c097e0d16a41b29c54c) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/05/08 18:14:06.0050 5136 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/05/08 18:14:06.0144 5136 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/08 18:14:06.0175 5136 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/08 18:14:06.0268 5136 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/08 18:14:06.0284 5136 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/08 18:14:06.0409 5136 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/05/08 18:14:06.0518 5136 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/08 18:14:06.0627 5136 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/08 18:14:06.0877 5136 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
2011/05/08 18:14:07.0251 5136 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/08 18:14:07.0735 5136 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
2011/05/08 18:14:07.0844 5136 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/08 18:14:07.0891 5136 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/08 18:14:08.0016 5136 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/08 18:14:08.0140 5136 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/08 18:14:08.0250 5136 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/08 18:14:08.0328 5136 atapi (9c0e70031905adbf94edb9ea14af943b) C:\Windows\system32\drivers\atapi.sys
2011/05/08 18:14:08.0530 5136 atikmdag (96f5eea88f9146f5f803ad20c4264565) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/08 18:14:08.0686 5136 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/08 18:14:08.0858 5136 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys
2011/05/08 18:14:08.0967 5136 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/08 18:14:09.0092 5136 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/08 18:14:09.0201 5136 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/08 18:14:09.0248 5136 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/08 18:14:09.0342 5136 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/08 18:14:09.0373 5136 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/08 18:14:09.0404 5136 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/08 18:14:09.0513 5136 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/08 18:14:09.0622 5136 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/08 18:14:09.0794 5136 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys
2011/05/08 18:14:09.0903 5136 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/08 18:14:10.0012 5136 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/08 18:14:10.0028 5136 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/08 18:14:10.0106 5136 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
2011/05/08 18:14:10.0231 5136 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/08 18:14:10.0262 5136 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
2011/05/08 18:14:10.0371 5136 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/08 18:14:10.0402 5136 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/08 18:14:10.0496 5136 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/08 18:14:10.0636 5136 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/05/08 18:14:10.0761 5136 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/05/08 18:14:10.0824 5136 drmkaud (a261867e0862be565bc1f86d387c0805) C:\Windows\system32\drivers\drmkaud.sys
2011/05/08 18:14:10.0902 5136 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/08 18:14:11.0042 5136 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/08 18:14:11.0167 5136 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/05/08 18:14:11.0245 5136 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/08 18:14:11.0385 5136 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/08 18:14:11.0510 5136 enecir (004b2ea6cc2598ec5f0552e43ce29cef) C:\Windows\system32\DRIVERS\enecir.sys
2011/05/08 18:14:11.0650 5136 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/08 18:14:11.0744 5136 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/08 18:14:11.0884 5136 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/05/08 18:14:12.0009 5136 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/05/08 18:14:12.0040 5136 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/08 18:14:12.0134 5136 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/08 18:14:12.0165 5136 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/08 18:14:12.0243 5136 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/08 18:14:12.0259 5136 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/05/08 18:14:12.0399 5136 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/08 18:14:12.0477 5136 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/08 18:14:12.0540 5136 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/08 18:14:12.0649 5136 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/08 18:14:12.0727 5136 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/08 18:14:12.0758 5136 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/08 18:14:12.0852 5136 HidIr (5a87127718873bd7f3bd7ac42b951d8e) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/08 18:14:13.0569 5136 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/08 18:14:13.0741 5136 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/08 18:14:13.0850 5136 hpdskflt (24f3f496c18efc234777723a67a85f81) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/05/08 18:14:13.0944 5136 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/05/08 18:14:14.0068 5136 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
2011/05/08 18:14:14.0162 5136 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/08 18:14:14.0287 5136 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/08 18:14:14.0318 5136 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/08 18:14:14.0490 5136 IDSVix86 (7c8ce2b83a89ee1cb0c3fee5991e62a2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110428.002\IDSvix86.sys
2011/05/08 18:14:14.0568 5136 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/08 18:14:14.0895 5136 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
2011/05/08 18:14:15.0114 5136 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/08 18:14:15.0223 5136 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/08 18:14:15.0348 5136 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/08 18:14:15.0441 5136 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/08 18:14:15.0550 5136 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/08 18:14:15.0566 5136 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/08 18:14:15.0675 5136 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/08 18:14:15.0753 5136 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/08 18:14:15.0769 5136 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/08 18:14:15.0816 5136 JMCR (ab772e9cc29c29f59cb4b75f9d6f3f96) C:\Windows\system32\DRIVERS\jmcr.sys
2011/05/08 18:14:15.0894 5136 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/08 18:14:15.0972 5136 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/08 18:14:16.0034 5136 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/08 18:14:16.0159 5136 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/08 18:14:16.0346 5136 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/08 18:14:16.0424 5136 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/08 18:14:16.0564 5136 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/08 18:14:16.0642 5136 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/08 18:14:16.0752 5136 MBAMSwissArmy (c7dd7d9739785bd3a6b8499eec1dee7e) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/05/08 18:14:16.0876 5136 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/08 18:14:16.0970 5136 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/08 18:14:17.0079 5136 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/08 18:14:17.0157 5136 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/08 18:14:17.0266 5136 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/08 18:14:17.0594 5136 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/08 18:14:17.0672 5136 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/08 18:14:17.0766 5136 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/08 18:14:17.0797 5136 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/08 18:14:17.0906 5136 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/08 18:14:17.0984 5136 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/05/08 18:14:18.0000 5136 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/08 18:14:18.0093 5136 mrxsmb10 (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/08 18:14:18.0140 5136 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/08 18:14:18.0234 5136 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys
2011/05/08 18:14:18.0249 5136 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/08 18:14:18.0312 5136 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/08 18:14:18.0405 5136 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/08 18:14:18.0514 5136 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/08 18:14:18.0624 5136 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/08 18:14:18.0702 5136 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/08 18:14:18.0858 5136 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/05/08 18:14:18.0951 5136 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/08 18:14:19.0029 5136 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/08 18:14:19.0060 5136 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/05/08 18:14:19.0154 5136 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/08 18:14:19.0294 5136 NAVENG (c34e2a884ccca8b5567d0c2752527073) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110428.019\NAVENG.SYS
2011/05/08 18:14:19.0388 5136 NAVEX15 (b3916eeec738dd4178f4fd6a44a32e36) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110428.019\NAVEX15.SYS
2011/05/08 18:14:19.0513 5136 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/05/08 18:14:19.0606 5136 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/08 18:14:19.0684 5136 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/08 18:14:19.0747 5136 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/08 18:14:19.0809 5136 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/08 18:14:19.0887 5136 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/08 18:14:19.0918 5136 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/08 18:14:20.0090 5136 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/05/08 18:14:20.0355 5136 NETw5v32 (83f310bf50985f2a52121f2614787c38) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/05/08 18:14:20.0464 5136 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/08 18:14:20.0574 5136 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/05/08 18:14:20.0667 5136 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/08 18:14:20.0792 5136 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/05/08 18:14:20.0886 5136 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/08 18:14:21.0104 5136 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/08 18:14:21.0182 5136 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/08 18:14:21.0260 5136 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/08 18:14:21.0291 5136 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/08 18:14:21.0432 5136 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/08 18:14:21.0525 5136 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/08 18:14:21.0619 5136 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/05/08 18:14:21.0650 5136 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/08 18:14:21.0744 5136 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/05/08 18:14:21.0822 5136 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
2011/05/08 18:14:21.0868 5136 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/08 18:14:21.0978 5136 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/08 18:14:22.0134 5136 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/08 18:14:22.0227 5136 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/08 18:14:22.0336 5136 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/08 18:14:22.0477 5136 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/08 18:14:22.0555 5136 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/08 18:14:22.0602 5136 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/08 18:14:22.0680 5136 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/08 18:14:22.0726 5136 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/08 18:14:22.0789 5136 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/08 18:14:22.0836 5136 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/08 18:14:22.0898 5136 rcmirror (aa3eaac5827c73ce50eff2883f986144) C:\Windows\system32\DRIVERS\rcmirror.sys
2011/05/08 18:14:22.0960 5136 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/08 18:14:23.0038 5136 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/08 18:14:23.0085 5136 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/08 18:14:23.0163 5136 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/08 18:14:23.0210 5136 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/05/08 18:14:23.0319 5136 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/08 18:14:23.0413 5136 RTL8169 (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/05/08 18:14:23.0444 5136 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/08 18:14:23.0569 5136 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/08 18:14:23.0756 5136 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/08 18:14:23.0928 5136 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/08 18:14:24.0630 5136 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/08 18:14:24.0708 5136 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/08 18:14:24.0786 5136 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/08 18:14:24.0864 5136 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/08 18:14:24.0895 5136 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/08 18:14:24.0988 5136 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/08 18:14:25.0082 5136 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/08 18:14:25.0113 5136 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/08 18:14:25.0207 5136 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/08 18:14:25.0300 5136 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/05/08 18:14:25.0378 5136 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/08 18:14:25.0581 5136 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS
2011/05/08 18:14:25.0706 5136 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS
2011/05/08 18:14:25.0800 5136 srv (73dddbeec61e78568082916a27aadaee) C:\Windows\system32\DRIVERS\srv.sys
2011/05/08 18:14:25.0878 5136 srv2 (4ceeb95e0b79e48b81f2da0a6c24c64b) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/08 18:14:25.0940 5136 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/08 18:14:26.0080 5136 STHDA (84c78b53838bdec2b0853adc782cd5de) C:\Windows\system32\DRIVERS\stwrt.sys
2011/05/08 18:14:26.0190 5136 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/08 18:14:26.0283 5136 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/08 18:14:26.0455 5136 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS
2011/05/08 18:14:26.0564 5136 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/05/08 18:14:26.0704 5136 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS
2011/05/08 18:14:26.0798 5136 SymIM (34f1c9d5dcc19df1e824d6b73767b8af) C:\Windows\system32\DRIVERS\SymIMv.sys
2011/05/08 18:14:26.0907 5136 SYMNDISV (dcbf73da96cce94933c8cc6eded3c98b) C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS
2011/05/08 18:14:27.0126 5136 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS
2011/05/08 18:14:27.0204 5136 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/08 18:14:27.0282 5136 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/08 18:14:27.0406 5136 SynTP (a94629c2c456a6d002556563d6b8ad1a) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/08 18:14:27.0547 5136 Tcpip (8a7ad2a214233f684242f289ed83ebc3) C:\Windows\system32\drivers\tcpip.sys
2011/05/08 18:14:27.0672 5136 Tcpip6 (8a7ad2a214233f684242f289ed83ebc3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/08 18:14:27.0984 5136 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/08 18:14:28.0030 5136 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/08 18:14:28.0124 5136 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/08 18:14:28.0202 5136 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/08 18:14:28.0233 5136 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/08 18:14:28.0374 5136 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/08 18:14:28.0405 5136 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/08 18:14:28.0748 5136 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/08 18:14:28.0873 5136 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/08 18:14:28.0966 5136 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/08 18:14:29.0091 5136 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/08 18:14:29.0169 5136 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/08 18:14:29.0263 5136 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/08 18:14:29.0356 5136 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/08 18:14:29.0450 5136 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/08 18:14:29.0497 5136 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/08 18:14:29.0590 5136 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/08 18:14:29.0622 5136 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/08 18:14:29.0731 5136 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/08 18:14:29.0746 5136 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/08 18:14:29.0840 5136 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/08 18:14:29.0871 5136 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/08 18:14:29.0918 5136 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/08 18:14:30.0012 5136 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/08 18:14:30.0121 5136 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/08 18:14:30.0230 5136 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/08 18:14:30.0308 5136 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/08 18:14:30.0339 5136 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/08 18:14:30.0417 5136 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/08 18:14:30.0448 5136 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
2011/05/08 18:14:30.0526 5136 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/08 18:14:30.0573 5136 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/05/08 18:14:30.0667 5136 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/05/08 18:14:30.0745 5136 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/08 18:14:30.0854 5136 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/08 18:14:30.0885 5136 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/08 18:14:30.0901 5136 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/08 18:14:30.0994 5136 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/08 18:14:31.0026 5136 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/08 18:14:31.0182 5136 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/08 18:14:31.0260 5136 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/08 18:14:31.0353 5136 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/08 18:14:31.0478 5136 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/08 18:14:31.0587 5136 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/05/08 18:14:31.0696 5136 {55662437-DA8C-40c0-AADA-2C816A897A49} (556b5cfe8d21b256add7f87d7f4b4123) C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
2011/05/08 18:14:31.0743 5136 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/08 18:14:31.0743 5136 ================================================================================
2011/05/08 18:14:31.0743 5136 Scan finished
2011/05/08 18:14:31.0743 5136 ================================================================================
2011/05/08 18:14:31.0759 3544 Detected object count: 1
2011/05/08 18:15:03.0286 3544 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/08 18:15:03.0286 3544 \HardDisk0 - ok
2011/05/08 18:15:03.0286 3544 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/08 18:15:21.0086 4284 Deinitialize success

Here is the OTL.txg Log:

OTL logfile created on: 5/8/2011 6:20:35 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Amanda\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.18 Gb Total Space | 176.32 Gb Free Space | 61.40% Space Free | Partition Type: NTFS
Drive D: | 10.91 Gb Total Space | 1.82 Gb Free Space | 16.71% Space Free | Partition Type: NTFS
Drive E: | 2.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: AMANDA-PC | User Name: Amanda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/08 17:52:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/08/22 03:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/02/09 18:14:02 | 000,296,320 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/02/09 18:14:02 | 000,116,096 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/02/09 18:13:36 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2008/12/25 16:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/25 16:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/12/17 20:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/11/28 21:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/18 22:35:44 | 000,914,224 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/26 16:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\stacsv.exe
PRC - [2008/10/26 16:48:30 | 000,450,659 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/10/09 11:58:56 | 000,075,008 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2008/06/27 11:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\AEstSrv.exe
PRC - [2008/06/10 08:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

========== Modules (SafeList) ==========

MOD - [2011/05/08 17:52:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
MOD - [2008/01/20 22:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/22 03:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/02/09 18:14:02 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/02/09 18:14:02 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/12/17 20:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/10/26 16:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\stacsv.exe -- (STacSV)
SRV - [2008/06/27 11:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\AEstSrv.exe -- (AESTFilters)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011/03/31 04:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110428.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110428.019\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/14 14:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110428.002\IDSvix86.sys -- (IDSVix86)
DRV - [2010/05/27 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/03 16:32:24 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/09/13 00:09:05 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/22 03:21:19 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 03:21:19 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 03:21:19 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 03:21:19 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 03:21:19 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 03:21:19 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/22 03:21:19 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 03:21:06 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/03/31 09:26:18 | 004,232,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/12/31 10:00:52 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/11/28 21:04:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/06/18 03:04:30] [Kernel | Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008/10/26 16:50:56 | 000,391,168 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/10/23 05:42:10 | 000,107,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/10/08 15:05:16 | 000,003,328 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rcmirror.sys -- (rcmirror)
DRV - [2008/09/04 13:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/08/06 12:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/27 15:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/03/27 15:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1473863923-1105852967-1443751112-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-1473863923-1105852967-1443751112-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-1473863923-1105852967-1443751112-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1473863923-1105852967-1443751112-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1473863923-1105852967-1443751112-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 19:14:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 18:44:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 18:44:41 | 000,000,000 | ---D | M]

[2009/06/26 12:40:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Extensions
[2009/06/26 12:40:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\1l4pymfc.default\extensions
[2010/10/24 16:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\86gbu8sa.default\extensions
[2011/05/08 18:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/26 19:14:31 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
[2011/05/08 18:16:48 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN

Hosts file not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1473863923-1105852967-1443751112-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-1473863923-1105852967-1443751112-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1473863923-1105852967-1443751112-1000..\Run: [EA Core] File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1473863923-1105852967-1443751112-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Amanda\Pictures\firstlight21280.jpg
O24 - Desktop BackupWallPaper: C:\Users\Amanda\Pictures\firstlight21280.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1473863923-1105852967-1443751112-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/08 18:12:54 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\tdsskiller
[2011/05/08 18:12:11 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
[2011/05/02 15:10:29 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\gmer
[2011/04/28 19:28:16 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/04/25 19:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/04/10 11:38:03 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Documents\Elysia.tsm
[2011/04/10 11:37:52 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Documents\Elysia.tsm.backup

========== Files - Modified Within 30 Days ==========

[2011/05/08 18:16:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 18:16:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 18:16:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/08 18:16:33 | 3218,276,352 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/08 18:16:26 | 358,912,256 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/08 17:52:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
[2011/05/08 17:50:52 | 001,280,815 | ---- | M] () -- C:\Users\Amanda\Desktop\tdsskiller.zip
[2011/05/08 17:42:59 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1473863923-1105852967-1443751112-1000UA.job
[2011/05/08 17:42:59 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1473863923-1105852967-1443751112-1000Core.job
[2011/05/02 16:52:42 | 000,640,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/02 16:52:42 | 000,118,362 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/02 14:46:33 | 000,293,176 | ---- | M] () -- C:\Users\Amanda\Desktop\gmer.zip
[2011/05/02 14:43:53 | 000,625,664 | ---- | M] () -- C:\Users\Amanda\Desktop\dds.scr
[2011/05/02 07:26:38 | 000,282,480 | ---- | M] () -- C:\Users\Amanda\Desktop\bookmarks-2011-05-02.json
[2011/04/30 12:13:47 | 000,006,836 | ---- | M] () -- C:\Users\Amanda\AppData\Local\d3d9caps.dat
[2011/04/28 22:57:42 | 000,002,047 | ---- | M] () -- C:\Users\Amanda\Desktop\Google Chrome.lnk
[2011/04/28 22:57:42 | 000,002,009 | ---- | M] () -- C:\Users\Amanda\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/10 11:28:41 | 000,000,484 | ---- | M] () -- C:\Users\Amanda\Documents\Commands.ini

========== Files Created - No Company Name ==========

[2011/05/08 18:12:02 | 001,280,815 | ---- | C] () -- C:\Users\Amanda\Desktop\tdsskiller.zip
[2011/05/02 15:09:50 | 000,293,176 | ---- | C] () -- C:\Users\Amanda\Desktop\gmer.zip
[2011/05/02 15:04:25 | 000,625,664 | ---- | C] () -- C:\Users\Amanda\Desktop\dds.scr
[2011/05/02 07:26:38 | 000,282,480 | ---- | C] () -- C:\Users\Amanda\Desktop\bookmarks-2011-05-02.json
[2011/04/30 12:12:20 | 3218,276,352 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/28 19:27:34 | 358,912,256 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/10 11:28:31 | 000,000,484 | ---- | C] () -- C:\Users\Amanda\Documents\Commands.ini
[2010/11/05 17:39:34 | 000,006,836 | ---- | C] () -- C:\Users\Amanda\AppData\Local\d3d9caps.dat
[2010/03/03 20:41:08 | 000,008,210 | -HS- | C] () -- C:\Users\Amanda\AppData\Local\jXP7U0T4
[2009/07/05 18:37:53 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/18 06:01:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/01/16 07:57:19 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/01/16 07:57:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/31 08:36:16 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/12/31 07:55:34 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/10/30 05:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/10/21 08:40:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008/10/21 08:40:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/10/08 15:05:06 | 000,010,752 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,270,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,640,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,118,362 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe

< End of report >

Here is the Extras.txt log:

OTL Extras logfile created on: 5/8/2011 6:20:35 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Amanda\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.18 Gb Total Space | 176.32 Gb Free Space | 61.40% Space Free | Partition Type: NTFS
Drive D: | 10.91 Gb Total Space | 1.82 Gb Free Space | 16.71% Space Free | Partition Type: NTFS
Drive E: | 2.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: AMANDA-PC | User Name: Amanda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1473863923-1105852967-1443751112-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0267F4F9-A4FA-4DE5-B164-0BC6777445C9}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{12889FD0-0EF9-4A93-939A-0A02199F62E2}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe |
"{1DB50EB8-91F1-41BB-A41C-8E1DE89F01E3}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{49F5780E-1528-4BD7-BCEE-80D7D9A3C0A7}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |
"{4C885CB9-91B8-49A6-9EB0-707A000403DE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{541E054F-BB71-4F2A-8E4E-4E197209EE18}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{70C5BA26-4440-47F6-820A-ABAC30B985FA}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{750BAAC1-E79A-41DB-BEE0-8577E35F40DD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8209C2D1-ACB4-45D9-A6ED-1A9841CFC029}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{82D143CB-2983-4211-9E2B-AD4BE2248E73}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{84975C3F-CA68-4747-A08A-8800CE57EF8F}" = protocol=17 | dir=in | app=c:\users\amanda\appdata\local\temp\7zs75f.tmp\symnrt.exe |
"{8898FD0C-4D0A-48A6-948F-13CEABD0507C}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{89C28F89-74CC-4E90-A210-B6221D6C78E5}" = protocol=6 | dir=in | app=c:\users\amanda\appdata\local\temp\7zs75f.tmp\symnrt.exe |
"{8C4F459A-9D64-4BFD-AEEF-255307ADB4E8}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{94B07D01-7437-4669-86E9-3E25A8575AAB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{964C790F-C4B5-4D56-B929-13FF1378AC39}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qpservice.exe |
"{96D83ABE-D418-4C32-A547-44BBB702AD62}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9CBBD267-2078-4BA4-BC68-BC09DE279B55}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A75A3AC7-EE57-4C1F-B14F-CD9D7E61011D}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{C493F801-945A-42FD-AB57-14BCF5E03F9C}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qp.exe |
"{CFF4B6B9-7762-4C5B-91F7-20D19F8335B6}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{DF66E763-8EE2-410D-ABDD-9908B68BA376}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C7F8FBE-435C-34D2-6813-2A632AAC0C92}" = Catalyst Control Center Localization Greek
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E1F58B6-39BF-23FC-B4E5-3A2B4A0FADEB}" = CCC Help Turkish
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0EEF3E07-3971-5080-2A3F-910691DA1135}" = Catalyst Control Center Graphics Previews Vista
"{114C14EE-652A-5EF6-59B8-3E5B33D6A4DF}" = Catalyst Control Center Graphics Full New
"{116C3B09-ADE0-1B8B-2F9F-C8B09A89F9AA}" = CCC Help Thai
"{12C11B2C-00F3-AF06-94D4-1AAF70616507}" = Catalyst Control Center Graphics Light
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1ACA994D-3EF6-45E8-9206-19B599BEE31B}" = HP RC Mirror Driver
"{1EC09CDB-0674-B3D6-FCB1-7B3CE2BFF3E8}" = Catalyst Control Center Localization Danish
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{255C206B-4776-1D14-9EDD-2F9458847739}" = ccc-core-static
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34CFF761-7AD1-7C1A-4513-79B3E2F54290}" = CCC Help Greek
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{36E90C09-EB23-4EAC-8B47-12C0CA5DBD3A}" = HP User Guides 0126
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3A6F3C3C-A83C-34D5-F80A-4FDA2FBBFE2F}" = Catalyst Control Center Localization Chinese Standard
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DFA31F1-4747-60E4-6CA9-0060CFB99E30}" = CCC Help Spanish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4198AAE5-A938-B0A0-9AD2-95C2F23ED677}" = Catalyst Control Center Localization Italian
"{46345EA6-1608-2E99-B47F-D83725A5C4D9}" = CCC Help Hungarian
"{46ACB9C1-6109-088B-931F-B7A5CE735504}" = CCC Help Italian
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA}" = EA Download Manager UI
"{51B8CA01-3E68-9993-E6F3-7F8982A0F600}" = CCC Help Finnish
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{650A275F-75B8-B71E-4C9D-04E952A63E5F}" = Catalyst Control Center Graphics Previews Common
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6756A967-2904-DE46-3265-4BB80B934904}" = Catalyst Control Center Localization Chinese Traditional
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{735DAC68-3FF4-2895-83A2-DBF135AB9F44}" = CCC Help German
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DAD42E6-BBE7-C12B-C78D-8AC8C87F4055}" = Catalyst Control Center Localization German
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90EF242A-A2ED-FBBD-2F1F-A159DB0DDAC3}" = CCC Help Chinese Traditional
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{9198CC8F-8B08-6F7B-BF7D-A6594526B5DF}" = Catalyst Control Center Localization Hungarian
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{93DD8BC9-ADD5-D20B-22B5-1526E45CB6C8}" = CCC Help French
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{99AF6670-F557-F4D3-3069-AE62DA675A70}" = Catalyst Control Center Localization French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B88930B-A7E7-03E5-1313-BED90FCCF72C}" = CCC Help Swedish
"{9F19486B-B187-5A51-189F-FCCEBBB70E2E}" = Catalyst Control Center Localization Dutch
"{A019B329-BFA8-3F59-6F80-6A3714104CE9}" = CCC Help English
"{A107F928-EED3-28FC-857F-ED33FEDBA02A}" = Catalyst Control Center Localization Korean
"{A15B2786-6F7E-0B96-A222-141202F9CECC}" = CCC Help Japanese
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5D5CC36-6A42-6FB6-882F-90C6262C8DCA}" = CCC Help Korean
"{A7AC8E69-01FF-494E-9A2C-423B82CEA604}" = HP MediaSmart SmartMenu
"{A9359BA2-B496-8E14-EDA9-923DBE8913CB}" = Catalyst Control Center Localization Thai
"{AAD72731-807A-4B79-AE05-9190B7002B7B}" = ProtectSmart Hard Drive Protection
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3D11644-94AB-17E7-D9CF-52EF943D9F52}" = Catalyst Control Center Localization Spanish
"{B4B199E3-4D33-4F08-688A-9BCE5920AAF6}" = Catalyst Control Center Localization Japanese
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BDDB0932-2C7F-ABB3-ED54-6F045EEF14F7}" = Catalyst Control Center Localization Swedish
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C2E52B6F-E4F1-B9D6-D671-D7E2FC60C7C0}" = CCC Help Chinese Standard
"{C3BB5992-04BD-5A27-A8A5-5D976DF8E743}" = ATI Catalyst Install Manager
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C58AED82-0DD9-DF4B-1CE7-F7EE9B1BBB83}" = CCC Help Danish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C61D8EF2-D9BF-B36F-4887-ADE39C924F3F}" = Catalyst Control Center Localization Polish
"{C7D02E19-07F2-8EE5-7C18-1617A656AF74}" = Catalyst Control Center Localization Turkish
"{C91CC841-7B39-9454-4A16-91C7FF300EC8}" = CCC Help Portuguese
"{CAAAB039-95E4-6F1C-36CC-2E6005E2540D}" = ccc-utility
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE60D4C0-86A7-52C8-7C8A-AFD2E99A1790}" = Catalyst Control Center Graphics Full Existing
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D6EA6018-0F5B-E4CC-C930-990412BED306}" = Catalyst Control Center Localization Czech
"{D80D6A7D-A6AA-019A-12D8-CA58F76FA313}" = Skins
"{DB7DE91F-AC23-7A23-B1A7-6FD3A05534E2}" = CCC Help Czech
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DFC21203-E063-A351-8027-F5D43162539D}" = CCC Help Norwegian
"{E0FE7850-04F8-D01A-971F-C7B00F8D003A}" = Catalyst Control Center Localization Russian
"{E18407AE-614D-5B0B-9C38-5A1853E8AB5D}" = Catalyst Control Center Core Implementation
"{E1B2BA63-4023-B582-0D88-ABB528E281D9}" = Catalyst Control Center InstallProxy
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E651B083-2904-8342-5C27-39800B39E03B}" = CCC Help Polish
"{E6695454-03CD-146E-4A10-75FCB5AFE3FB}" = Catalyst Control Center Localization Finnish
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{E9D045D8-E31E-E3D6-004D-9AD4EE6C2747}" = CCC Help Russian
"{E9EEB277-B66C-9A72-9CF0-90AC7BFC2095}" = Catalyst Control Center Localization Norwegian
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F98DF01D-F1C3-3878-FCE6-F749729A8949}" = CCC Help Dutch
"{FDBA2850-0054-7733-527B-A6286D639345}" = Catalyst Control Center Localization Portuguese
"7DE39862CC26DCE2446838AAF7CD5C163F835A57" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"EA Download Manager" = EA Download Manager
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP.MediaSmartSlingPlayer_is1" = HP MediaSmart SlingPlayer
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.5.18)" = Mozilla Firefox (3.5.18)
"NIS" = Norton Internet Security
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent hp Master Uninstall" = My HP Games

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1473863923-1105852967-1443751112-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/30/2011 12:15:45 PM | Computer Name = Amanda-PC | Source = EventSystem | ID = 4621
Description =

Error - 4/30/2011 12:21:41 PM | Computer Name = Amanda-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/30/2011 12:28:09 PM | Computer Name = Amanda-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/30/2011 2:41:27 PM | Computer Name = Amanda-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/2/2011 7:34:36 AM | Computer Name = Amanda-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/2/2011 1:05:16 PM | Computer Name = Amanda-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/2/2011 3:15:31 PM | Computer Name = Amanda-PC | Source = Perflib | ID = 1010
Description =

Error - 5/2/2011 3:43:53 PM | Computer Name = Amanda-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/2/2011 4:49:29 PM | Computer Name = Amanda-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/8/2011 6:17:58 PM | Computer Name = Amanda-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 10/10/2009 1:33:53 PM | Computer Name = Amanda-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/1/2009 8:40:02 PM | Computer Name = Amanda-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/4/2010 12:00:05 AM | Computer Name = Amanda-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/4/2010 12:00:33 AM | Computer Name = Amanda-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ OSession Events ]
Error - 2/4/2010 9:30:06 PM | Computer Name = Amanda-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6433
seconds with 4920 seconds of active time. This session ended with a crash.

Error - 3/13/2011 9:50:33 PM | Computer Name = Amanda-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23930
seconds with 12600 seconds of active time. This session ended with a crash.

Error - 3/27/2011 1:22:09 AM | Computer Name = Amanda-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 46106
seconds with 10800 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/2/2011 1:04:00 PM | Computer Name = Amanda-PC | Source = HTTP | ID = 15016
Description =

Error - 5/2/2011 1:05:16 PM | Computer Name = Amanda-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/2/2011 3:42:28 PM | Computer Name = Amanda-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:40:36 PM on 5/2/2011 was unexpected.

Error - 5/2/2011 3:42:40 PM | Computer Name = Amanda-PC | Source = HTTP | ID = 15016
Description =

Error - 5/2/2011 3:43:53 PM | Computer Name = Amanda-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/2/2011 4:48:07 PM | Computer Name = Amanda-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:46:10 PM on 5/2/2011 was unexpected.

Error - 5/2/2011 4:48:18 PM | Computer Name = Amanda-PC | Source = HTTP | ID = 15016
Description =

Error - 5/2/2011 4:49:29 PM | Computer Name = Amanda-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/8/2011 6:16:43 PM | Computer Name = Amanda-PC | Source = HTTP | ID = 15016
Description =

Error - 5/8/2011 6:17:59 PM | Computer Name = Amanda-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

#4 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 08 May 2011 - 07:48 PM

Hi!

I'm not ignoring your questions/comments in your previous post, but I wanted to get a new post out to you before I went to bed. I will revisit your thread tomorrow morning, and do my best to answer the questions you have then.

The main infection that you were infected with is called TDL4.

See the snippet of text below:

Quote

2011/05/08 18:14:31.0759 3544 Detected object count: 1
2011/05/08 18:15:03.0286 3544 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/08 18:15:03.0286 3544 \HardDisk0 - ok
2011/05/08 18:15:03.0286 3544 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/08 18:15:21.0086 4284 Deinitialize success

You can read more about this infection here:

Special thanks to quietman7 for providing the above links.

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:OTL
O4 - HKU\S-1-5-21-1473863923-1105852967-1443751112-1000..\Run: [EA Core] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O37 - HKU\S-1-5-21-1473863923-1105852967-1443751112-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
[2010/03/03 20:41:08 | 000,008,210 | -HS- | C] () -- C:\Users\Amanda\AppData\Local\jXP7U0T4
:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

#5 rhale7425

Member

Group: Members
Posts: 23
Joined: 14-August 10

Posted 09 May 2011 - 05:55 AM

Thank you so much again. Here are my steps and the results of your directions:

1. With Norton and Internet off I ran OTL with the fixes. I was prompted for reboot so I did. I saved the OTL generated

log below.
2. I turned Internet Wireless back on
3. I tried running Malwarebytes update and got MBAM_ERROR_UPDATING
4. I tried 2nd time and update appeared to work and was prompted for reboot so I restarted.
5. After restart I tried running Malwarebytes and was prompted that database was outdated by 139 days. I tried to get

Internet started again (wireless button) and had no luck so I turned Norton back on (wanted some protection) and rebooted PC.
6. After reboot, I was ablt to get Internet back on and started Malwawarebytes and got same outdated database message. I

clicked ok and update was successful (database updated from version 5363 to 6534).
7. I started Malwarebytes scan (default was Full scan) (Note: After starting I immediately turned off Internet and Norton

again)
8. Results from Malwarebytes is shown below - no problems were found.
9. At this point I have Norton off and Internet wireless off.

OTL FIX Generated Log (OTL_05082011_224447.log):

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1473863923-1105852967-1443751112-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EA

Core deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution

Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\

not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution

Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\

not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution

Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\

not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\S-1-5-21-1473863923-1105852967-1443751112-1000_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1473863923-1105852967-1443751112-1000_Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Users\Amanda\AppData\Local\jXP7U0T4 moved successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Amanda\Desktop\cmd.bat deleted successfully.
C:\Users\Amanda\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Amanda
->Temp folder emptied: 1645093820 bytes
->Temporary Internet Files folder emptied: 76800382 bytes
->Java cache emptied: 10303 bytes
->FireFox cache emptied: 126131164 bytes
->Google Chrome cache emptied: 224928540 bytes
->Flash cache emptied: 3005977 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 330144370 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 4809373057 bytes

Total Files Cleaned = 6,881.00 mb

[EMPTYFLASH]

User: All Users

User: Amanda
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05082011_224447

Files\Folders moved on Reboot...
C:\Users\Amanda\AppData\Local\Temp\ehmsas.txt moved successfully.
File\Folder C:\Windows\temp\JET9D28.tmp not found!

Registry entries deleted on Reboot...

Malwarebytes log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6534

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18828

5/9/2011 12:41:00 AM
mbam-log-2011-05-09 (00-41-00).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 298770
Time elapsed: 1 hour(s), 38 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 09 May 2011 - 10:31 AM

Hi rhale7425!

Quote

I appreciate the warning message about the backdoor situation. I'm trying to access my vulnerability understanding without a reformat and reinstall there are no 100% guarantees. After the virus hit we thought Norton had blocked it and thought we were okay until more warnings occurred. In the mean time we had signed on to two sites that required passwords. One we did an order from using an already stored credit card that we only had to confirm to use. We will change those passwords from another PC. We do not have any financial or other personal data other than name/address on the PC.

Okay.

Quote

Once this PC is deemed clean please direct us as to steps to take to try and get PC to stay clean

Of course I can! One of my last posts to you will be my all clean speech which will have methods for avoiding becoming infected again.

Your logs are looking better. I'm going to ask that you run an Online Virus Scan with ESET, followed by a scan that shows me programs that require our attention.

Please let me know what issues you are experiencing with your computer after running these two scans below.

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
- Enable Anti-Stealth technology
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

NEXT:

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#7 rhale7425

Member

Group: Members
Posts: 23
Joined: 14-August 10

Posted 10 May 2011 - 05:52 AM

Here are the steps I took per the above instructions. Thank you.

1. Connected to Internet with Norton turned on.
2. Downloaded ESET per instructions from Firefox
3. Turned Norton off.
4. Started ESET. Checked "Scan archives"; Unchecked "Remove found threats"; Verified "Enable Anti-Stealth technology"

checked. Started scan. No Threats found so no log produced. Closed with uninstall option checked.
5. Turned Norton back on.
6. Left connection to Internet on.
7. Ran SecurityCheck. Result posted below.
8. Closed Firefox.
9. Turned Internet off an
10. Current status: Internet off; Norton on (data files outdated since not updated since began working with you all).

Note: I see SecurityCheck says "Windows/Firewall Disabled". I looked at the Security on the PC and it says Norton Firewall

is turned on.

SecurityCheck results:

Results of screen317's Security Check version 0.99.10
Windows Vista Service Pack 1 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Norton Internet Security
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.1.85.3
Adobe Reader 9
Out of date Adobe Reader installed!
Mozilla Firefox (3.5.18) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````

#8 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 10 May 2011 - 11:10 AM

Hi!

Quote

Note: I see SecurityCheck says "Windows/Firewall Disabled". I looked at the Security on the PC and it says Norton Firewall

That's fine.

Java Outdated
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
Look for "Java Platform, Standard Edition".
Click the "Download JRE" button to the right.
Read the License Agreement, and then check the box that says: "Accept License Agreement".
From the list, select your OS and Platform.
- 32-bit Select: Windows x86 Offline.
- 64-bit Select: Windows x64.
If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
Close any programs you may have running - especially your web browser.

Go to

> Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u25-windows-i586.exe to install the newest version.
If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
When the Java Setup - Welcome window opens, click the Install > button.
If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.

NEXT

Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy

Go to Start > Control Panel > Add/Remove Programs
Remove ALL instances of Adobe Reader
Re-boot your computer as required.
Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader

Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.

NEXT:

Update FireFox
You're currently using an outdated version of Firefox. The latest version of Firefox is 3.6.17.

You can get the latest version of Firefox by accessing the Posted Image

menu in Firefox and then selecting Posted Image

.

Please make sure that you again after updating to the latest version to make sure that you have in fact received the latest version.

NEXT:

OTL Custom Scan

We need to run an OTL Custom Scan

Please reopen on your desktop.
Copy and Paste the following code into the textbox.

netsvcs
drivers32
hklm\software\clients\startmenuinternet|command /rs
%USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Push the button.
A report will open. Copy and Paste that report in your next reply.

NEXT:

What outstanding issues (if any) are you still experiencing with your computer?

#9 rhale7425

Member

Group: Members
Posts: 23
Joined: 14-August 10

Posted 10 May 2011 - 10:43 PM

Here are my steps and thank you again for your kind help!

1. Note: I saw that Norton updated its data files while I had internet on so Norton is up to date.
2. Downloaded Java JRE 6 version 25 (offline version for Vista 32 bit)
3. Removed current Java and rebooted
4. Installed Java JRE 6 version 25 (was not given any install options to check or uncheck) and
rebooted
5. Went into Java options/advanced and did not have option to check or uncheck JQS (it was not
checked)
6. Removed Adobe Reader 9 and rebooted
7. Downloaded Adobe Reader X (10.0.1) and installed (had to install Adobe download manager)
8. Checked for updates for Firefox and only had 4.0.1 as an option so I downloaded that
9. Firefox would not initially install saying to checkif had other sessions running. No browser was
up, but I saw in Task Manager a Firefox process so I ended it.
10. I clicked on Firefox icon and 4.0.1 installed (without Norton Toolbar 3.7.2 which said was not
compatible with Firefox 4)
11. I ran OTL with the quickscan parameters and have pasted below.
12. I don't appear to be having any issues, but am still nervous to use the PC. I've only used it to
perform tasks you have directed me to. I've done no other browsing other than to do a google search or
two to see if anything weird happened and nothing did.

Questions I have:

1. After doing all the above I notice that my Norton Siteadvisor is no longer working even after a

reboot. I don't know if it is related to the Norton Toolbar, the Java upgrade or something else, but it

does not work in IE either (but I rarely used IE so I do not know how it worked beforehand). I did

some searches from another PC and it appears that it just may not work with Firefox 4. I really like

this feature to get some level of comfort when googling items before going to unknow sites. I saw that

McAfee Siteadvisor may work with Firefox 4. Should I try that even though Norton is my security

protection?

2. When removing Adobe Reader 9 I saw other Adobe products such as Adobe AIR (version 1.57), Adobe

Flash Player 10 Plugin (version 10.1) and Adobe Flashplayer Active X (version 9.0). After installing

Adobe Reader X the adobe site showed newer versions for AIR (2.5) and Flash Player (10.2). Do I or

should I upgrade to these versions?

3. We've been getting for a long while (prior to the virus), a message of "Windows has blocked some

startup programs" and when going to see what the blocked programs are it is always the Malwarebytes'

Anti-Malware. Is this something I should be concerned with or should I just continue to ignore or take

some other action? The messge pops up when first signing on and then randomly pops up at times later.

4. As stated in an earlier post, I know we are behind on our Windows Updates. When we first got the

PC an update for Microsoft .NET 3.5 Service Pack 1 (KB951847) caused our wireless connection to

randomly, but often drop. HP had us restore back to the original features and basically said to not do

the updates. I manually installed other Windows updates for a few months, but then failed to continue

and now I see 84 important updates. The PC is basically too frustrating to use with the wireless

connection drops and hard to maintain the updates manually. What are your suggestions?

OTL scan results:

OTL logfile created on: 5/10/2011 10:57:27 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Amanda\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.18 Gb Total Space | 183.14 Gb Free Space | 63.77% Space Free | Partition Type: NTFS
Drive D: | 10.91 Gb Total Space | 1.82 Gb Free Space | 16.71% Space Free | Partition Type: NTFS
Drive E: | 3.93 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: AMANDA-PC | User Name: Amanda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30

Days

========== Processes (SafeList) ==========

PRC - [2011/05/08 17:52:48 | 000,580,608 | ---- | M] (OldTimer Tools) --

C:\Users\Amanda\Desktop\OTL.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security

Scan\2.0.181\SSScheduler.exe
PRC - [2009/08/22 03:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton

Internet Security\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/02/09 18:14:02 | 000,296,320 | ---- | M] () -- C:\Program

Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/02/09 18:14:02 | 000,116,096 | ---- | M] () -- C:\Program

Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/02/09 18:13:36 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program

Files\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2008/12/25 16:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program

Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/25 16:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program

Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/12/17 20:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/11/28 21:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program

Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/18 22:35:44 | 000,914,224 | ---- | M] (Hewlett-Packard) -- C:\Program

Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/26 16:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) --

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\stacsv.exe
PRC - [2008/10/26 16:48:30 | 000,450,659 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/06/27 11:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) --

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\AEstSrv.exe

========== Modules (SafeList) ==========

MOD - [2011/05/08 17:52:48 | 000,580,608 | ---- | M] (OldTimer Tools) --

C:\Users\Amanda\Desktop\OTL.exe
MOD - [2008/01/20 22:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) --

C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a08

3979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program

Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/22 03:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] --

C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/02/09 18:14:02 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program

Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service

(TVBCS)
SRV - [2009/02/09 18:14:02 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program

Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/12/17 20:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program

Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/10/26 16:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) [Auto | Running] --

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\stacsv.exe -- (STacSV)
SRV - [2008/06/27 11:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running]

-- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\AEstSrv.exe -- (AESTFilters)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] --

C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011/05/09 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running]

-- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/09 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand |

Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --

(EraserUtilRebootDrv)
DRV - [2011/03/31 04:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand |

Running] --

C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110510.024\

NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand |

Running] --

C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110510.024\

NAVENG.SYS -- (NAVENG)
DRV - [2011/03/14 14:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running]

--

C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110509.001\ID

Svix86.sys -- (IDSVix86)
DRV - [2010/02/03 16:32:24 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running]

-- C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/09/13 00:09:05 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand |

Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/22 03:21:19 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot |

Running] -- C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 03:21:19 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand |

Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 03:21:19 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running]

-- C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 03:21:19 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running]

-- C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 03:21:19 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand |

Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 03:21:19 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand |

Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/22 03:21:19 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running]

-- C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage

Protection (PEL)
DRV - [2009/08/22 03:21:06 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running]

-- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/03/31 09:26:18 | 004,232,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running]

-- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/12/31 10:00:52 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand |

Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/11/28 21:04:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/06/18 03:04:30] [Kernel |

Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl --

({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008/10/26 16:50:56 | 000,391,168 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] --

C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/10/23 05:42:10 | 000,107,360 | ---- | M] (JMicron Technology Corporation) [Kernel |

On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/10/08 15:05:16 | 000,003,328 | ---- | M] (Windows ® Codename Longhorn DDK provider)

[Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rcmirror.sys -- (rcmirror)
DRV - [2008/09/04 13:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand |

Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/08/06 12:26:08 | 000,124,928 | ---- | M] (Realtek Corporation

) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/27 15:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot |

Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/03/27 15:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand

| Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped]

-- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.)

[Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.102
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:

C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 19:14:31 |

000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla

Firefox\components [2011/05/10 22:36:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla

Firefox\plugins [2011/05/10 22:36:46 | 000,000,000 | ---D | M]

[2009/06/26 12:40:39 | 000,000,000 | ---D | M] (No name found) --

C:\Users\Amanda\AppData\Roaming\Mozilla\Extensions
[2009/06/26 12:40:39 | 000,000,000 | ---D | M] (No name found) --

C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\1l4pymfc.default\extensions
[2011/05/10 22:49:02 | 000,000,000 | ---D | M] (No name found) --

C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\86gbu8sa.default\extensions
[2011/05/10 22:36:59 | 000,000,000 | ---D | M] (No name found) --

C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\86gbu8sa.default\extensions\nostmp
[2011/05/10 22:45:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla

Firefox\extensions
[2011/05/10 21:58:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla

Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/10 22:45:03 | 000,000,000 | ---D | M] (Norton IPS) --

C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
[2011/05/10 22:36:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla

Firefox\components\browsercomps.dll
[2011/05/10 21:57:40 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla

Firefox\plugins\npdeployJava1.dll
[2011/05/10 22:36:11 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla

Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/08 22:44:53 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton

Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program

Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program

Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} -

c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program

Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value

found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program

Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe

(Adobe Systems Incorporated)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program

Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health

Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes'

Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

(Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

(Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink

Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe

(CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

(CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

(CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program

Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

(CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft

Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple

Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A}

http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support

Services)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}

http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet

Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Amanda\Pictures\firstlight21280.jpg
O24 - Desktop BackupWallPaper: C:\Users\Amanda\Pictures\firstlight21280.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen

IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte

Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/10 22:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/05/10 21:59:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/05/10 21:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/09 22:21:38 | 002,322,184 | ---- | C] (ESET) --

C:\Users\Amanda\Desktop\esetsmartinstaller_enu.exe
[2011/05/08 22:44:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/08 18:12:54 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\tdsskiller
[2011/05/08 18:12:11 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
[2011/05/02 15:10:29 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\gmer
[2011/04/28 19:28:16 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/04/25 19:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start

Menu\Programs\Microsoft Silverlight

========== Files - Modified Within 30 Days ==========

[2011/05/10 22:51:11 | 000,640,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/10 22:51:11 | 000,118,362 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/10 22:45:05 | 000,003,216 | -H-- | M] () --

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/10 22:45:05 | 000,003,216 | -H-- | M] () --

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/10 22:44:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/10 22:44:52 | 3218,276,352 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/10 22:43:00 | 000,000,912 | ---- | M] () --

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1473863923-1105852967-1443751112-1000UA.job
[2011/05/10 22:23:04 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/10 22:03:09 | 000,006,836 | ---- | M] () -- C:\Users\Amanda\AppData\Local\d3d9caps.dat
[2011/05/09 22:45:07 | 000,002,047 | ---- | M] () -- C:\Users\Amanda\Desktop\Google Chrome.lnk
[2011/05/09 22:45:07 | 000,002,009 | ---- | M] () -- C:\Users\Amanda\Application

Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/09 22:21:53 | 002,322,184 | ---- | M] (ESET) --

C:\Users\Amanda\Desktop\esetsmartinstaller_enu.exe
[2011/05/09 22:13:32 | 000,879,081 | ---- | M] () -- C:\Users\Amanda\Desktop\SecurityCheck.exe
[2011/05/08 22:44:53 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/08 18:16:26 | 358,912,256 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/08 17:52:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
[2011/05/08 17:50:52 | 001,280,815 | ---- | M] () -- C:\Users\Amanda\Desktop\tdsskiller.zip
[2011/05/08 17:42:59 | 000,000,860 | ---- | M] () --

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1473863923-1105852967-1443751112-1000Core.job
[2011/05/02 14:46:33 | 000,293,176 | ---- | M] () -- C:\Users\Amanda\Desktop\gmer.zip
[2011/05/02 14:43:53 | 000,625,664 | ---- | M] () -- C:\Users\Amanda\Desktop\dds.scr
[2011/05/02 07:26:38 | 000,282,480 | ---- | M] () -- C:\Users\Amanda\Desktop\bookmarks-2011-05-02.json

========== Files Created - No Company Name ==========

[2011/05/10 22:36:48 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start

Menu\Programs\Mozilla Firefox.lnk
[2011/05/10 22:23:04 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/10 22:23:03 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start

Menu\Programs\Adobe Reader X.lnk
[2011/05/09 22:19:58 | 000,879,081 | ---- | C] () -- C:\Users\Amanda\Desktop\SecurityCheck.exe
[2011/05/08 18:12:02 | 001,280,815 | ---- | C] () -- C:\Users\Amanda\Desktop\tdsskiller.zip
[2011/05/02 15:09:50 | 000,293,176 | ---- | C] () -- C:\Users\Amanda\Desktop\gmer.zip
[2011/05/02 15:04:25 | 000,625,664 | ---- | C] () -- C:\Users\Amanda\Desktop\dds.scr
[2011/05/02 07:26:38 | 000,282,480 | ---- | C] () -- C:\Users\Amanda\Desktop\bookmarks-2011-05-02.json
[2011/04/30 12:12:20 | 3218,276,352 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/28 19:27:34 | 358,912,256 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/05 17:39:34 | 000,006,836 | ---- | C] () -- C:\Users\Amanda\AppData\Local\d3d9caps.dat
[2009/07/05 18:37:53 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/18 06:01:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/01/16 07:57:19 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/01/16 07:57:19 | 000,018,904 | ---- | C] () --

C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/31 08:36:16 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/12/31 07:55:34 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/10/30 05:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/10/21 08:40:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008/10/21 08:40:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/10/08 15:05:06 | 000,010,752 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,270,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,640,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,118,362 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe

========== LOP Check ==========

[2011/01/01 00:21:04 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Amazon
[2009/06/28 00:02:09 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\WildTangent
[2010/08/16 14:46:47 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\YScienceLabs
[2011/05/10 22:43:44 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand:

"C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/10 22:36:12 |

000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand:

"C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/10 22:36:12 |

000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand:

"C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/10 22:36:12 |

000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program

Files\Mozilla Firefox\firefox.exe [2011/05/10 22:36:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\:

"C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/10 22:36:10 | 000,924,632 | ---- |

M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program

Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/10 22:36:10 | 000,924,632 | ---- | M] (Mozilla

Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand:

"C:\Users\Amanda\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/06 15:21:41

| 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand:

"C:\Users\Amanda\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/06 15:21:41

| 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand:

"C:\Users\Amanda\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/06

15:21:41 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\:

"C:\Users\Amanda\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/05/06 15:21:41 | 001,010,232

| ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand:

"C:\Windows\system32\ie4uinit.exe" -hide [2009/08/26 23:42:23 | 000,173,056 | ---- | M] (Microsoft

Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand:

"C:\Windows\system32\ie4uinit.exe" -show [2009/08/26 23:42:23 | 000,173,056 | ---- | M] (Microsoft

Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand:

"C:\Windows\system32\ie4uinit.exe" -reinstall [2009/08/26 23:42:23 | 000,173,056 | ---- | M] (Microsoft

Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program

Files\Internet Explorer\iexplore.exe" -extoff [2009/08/27 01:23:17 | 000,638,232 | ---- | M] (Microsoft

Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program

Files\Internet Explorer\iexplore.exe [2009/08/27 01:23:17 | 000,638,232 | ---- | M] (Microsoft

Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2011/03/20 01:08:13 | 000,000,005 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\chrome_shutdown_ms.txt
[2011/03/20 01:08:12 | 000,002,499 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Local State
[2011/03/20 00:47:32 | 005,358,840 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Safe Browsing Bloom
[2011/03/20 00:47:32 | 002,053,575 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Safe Browsing Bloom Filter 2
[2011/03/20 01:08:13 | 000,409,600 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Archived History
[2010/09/26 14:43:23 | 000,000,505 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Bookmarks
[2010/09/26 14:43:23 | 000,000,505 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Bookmarks.bak
[2011/03/20 01:06:50 | 000,146,432 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Cookies
[2011/03/20 01:08:13 | 000,037,344 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Current Session
[2011/03/20 01:08:12 | 000,013,719 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Current Tabs
[2010/09/26 14:50:09 | 000,006,144 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Extension Cookies
[2011/03/20 01:04:42 | 000,016,384 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Favicons
[2011/03/20 01:08:12 | 004,648,960 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\History
[2010/09/26 14:45:23 | 000,043,008 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\History Index 2010-04
[2010/12/28 18:42:38 | 006,268,928 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\History Index 2010-09
[2011/01/27 23:01:36 | 003,766,272 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\History Index 2010-10
[2011/03/20 01:04:43 | 012,688,384 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\History Index 2010-11
[2011/03/20 01:08:13 | 009,357,312 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\History Index 2010-12
[2011/03/20 01:08:13 | 009,670,656 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\History Index 2011-01
[2011/02/13 14:15:17 | 001,622,016 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\History Index 2011-02
[2011/03/20 01:08:13 | 000,045,056 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\History Index 2011-03
[2011/02/19 00:25:26 | 000,000,238 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Last Session
[2011/02/19 00:25:26 | 000,000,126 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Last Tabs
[2011/03/19 23:14:24 | 000,012,288 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Login Data
[2011/03/20 01:08:13 | 000,019,911 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Preferences
[2011/03/19 23:14:01 | 000,147,456 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Top Sites
[2011/03/20 01:08:13 | 000,131,072 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Visited Links
[2011/03/19 23:14:14 | 000,061,440 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Web Data
[2011/02/13 14:15:04 | 000,009,216 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\databases\Databases.db
[2010/11/19 18:19:50 | 000,654,150 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0\Cached Theme.pak
[2010/11/19 18:19:49 | 000,001,465 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0\manifest.json
[2010/11/19 18:19:49 | 000,002,136 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0\i\agxjaHJvbWV0aGVtZXNyDAsSBEZpbGUY-cMGDA
[2010/11/19 18:19:49 | 000,003,581 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0\i\agxjaHJvbWV0aGVtZXNyDAsSBEZpbGUYk8oEDA
[2010/11/19 18:19:49 | 000,000,822 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0\i\agxjaHJvbWV0aGVtZXNyDAsSBEZpbGUYmPkCDA
[2010/11/19 18:19:49 | 000,139,296 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0\i\agxjaHJvbWV0aGVtZXNyDAsSBEZpbGUYoYEDDA
[2010/11/19 18:19:49 | 000,000,406 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0\i\agxjaHJvbWV0aGVtZXNyDAsSBEZpbGUYv_ECDA
[2010/11/13 11:42:12 | 000,003,072 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Local Storage\http_www.fanfiction.net_0.localstorage
[2009/06/26 12:47:42 | 000,017,408 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Plugin Data\Google Gears\localserver.db
[2009/06/26 12:47:42 | 000,019,456 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\Plugin Data\Google Gears\permissions.db
[2010/09/26 14:43:20 | 000,000,000 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User

Data\Default\User StyleSheets\Custom.css

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto

Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto

Update\Results\Install\\LastSuccessTime: 2009-11-23 15:34:26

< End of report >

#10 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 11 May 2011 - 07:51 AM

Hi!

Quote

I really like this feature to get some level of comfort when googling items before going to unknow sites. I saw that
McAfee Siteadvisor may work with Firefox 4. Should I try that even though Norton is my security protection?

I can understand your concern, and the reason why you like having this feature enabled. In my all clean speech, I recommend an addon called WOT which basically does the same thing. You can try to use McAfee Site Advisor, and see if it does what you're looking for it to do.

Quote

Do I or should I upgrade to these versions?

Yes, you should update these. Sometimes they may prompt you to install an update and sometimes they don't. In my all clean speech, I'll be providing you with a link to a tool called FileHippo Updated Checker. This utility checks for outdated programs on your computer, and then opens up a window with download links for the tools that need to be updated.

Quote

Is this something I should be concerned with or should I just continue to ignore or take some other action? The messge pops up when first signing on and then randomly pops up at times later.

If I recall correctly this was something that should have been fixed with the new version of MalwareBytes' Anti-Malware.

Quote

What are your suggestions?

This is tough one, I really think that you need to allow these updates to install because you're basically leaving your computer wide open to getting infected again.

I need for you to re-run the OTL custom scan for me, but first ensure that word wrap is unchecked in Notepad.

You have word wrap turned on, this is making your logs difficult to read
Run notepad
Goto Format and untick Word Wrap

#11 rhale7425

Member

Group: Members
Posts: 23
Joined: 14-August 10

Posted 11 May 2011 - 06:26 PM

Thank you for all your answers to my questions. Sorry about the Notepad Wordwrap. I've turned that off. I'll also plan to do the Windows updates, but will wait until you direct me to do so. I'm looking forward to the clean speech to implement recommendations from there. Here is the rerun of the OTL logs:

OTL logfile created on: 5/11/2011 7:14:02 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Amanda\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.18 Gb Total Space | 185.10 Gb Free Space | 64.45% Space Free | Partition Type: NTFS
Drive D: | 10.91 Gb Total Space | 1.82 Gb Free Space | 16.71% Space Free | Partition Type: NTFS
Drive E: | 67.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: AMANDA-PC | User Name: Amanda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/08 17:52:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/08/22 03:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/02/09 18:14:02 | 000,296,320 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/02/09 18:14:02 | 000,116,096 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/02/09 18:13:36 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2008/12/25 16:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/25 16:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/12/17 20:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/11/28 21:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/18 22:35:44 | 000,914,224 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/26 16:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\stacsv.exe
PRC - [2008/10/26 16:48:30 | 000,450,659 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/06/27 11:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\AEstSrv.exe

========== Modules (SafeList) ==========

MOD - [2011/05/08 17:52:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
MOD - [2008/01/20 22:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/22 03:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/02/09 18:14:02 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/02/09 18:14:02 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/12/17 20:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/10/26 16:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\stacsv.exe -- (STacSV)
SRV - [2008/06/27 11:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\AEstSrv.exe -- (AESTFilters)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011/05/09 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/09 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/03/31 04:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110510.024\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110510.024\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/14 14:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110509.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/02/03 16:32:24 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/09/13 00:09:05 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/22 03:21:19 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 03:21:19 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 03:21:19 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 03:21:19 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 03:21:19 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 03:21:19 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/22 03:21:19 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 03:21:06 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/03/31 09:26:18 | 004,232,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/12/31 10:00:52 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/11/28 21:04:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/06/18 03:04:30] [Kernel | Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008/10/26 16:50:56 | 000,391,168 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/10/23 05:42:10 | 000,107,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/10/08 15:05:16 | 000,003,328 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rcmirror.sys -- (rcmirror)
DRV - [2008/09/04 13:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/08/06 12:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/27 15:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/03/27 15:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.102
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 19:14:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/10 22:36:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/10 22:36:46 | 000,000,000 | ---D | M]

[2009/06/26 12:40:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Extensions
[2009/06/26 12:40:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\1l4pymfc.default\extensions
[2011/05/10 22:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\86gbu8sa.default\extensions
[2011/05/10 22:36:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\86gbu8sa.default\extensions\nostmp
[2011/05/10 22:45:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/10 21:58:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/10 22:45:03 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
[2011/05/10 22:36:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/10 21:57:40 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/10 22:36:11 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/08 22:44:53 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Amanda\Pictures\firstlight21280.jpg
O24 - Desktop BackupWallPaper: C:\Users\Amanda\Pictures\firstlight21280.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/10 22:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/05/10 21:59:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/05/10 21:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/09 22:21:38 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Amanda\Desktop\esetsmartinstaller_enu.exe
[2011/05/08 22:44:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/08 18:12:54 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\tdsskiller
[2011/05/08 18:12:11 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
[2011/05/02 15:10:29 | 000,000,000 | ---D | C] -- C:\Users\Amanda\Desktop\gmer
[2011/04/28 19:28:16 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/04/25 19:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

========== Files - Modified Within 30 Days ==========

[2011/05/11 18:43:11 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1473863923-1105852967-1443751112-1000UA.job
[2011/05/11 18:33:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/10 22:51:11 | 000,640,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/10 22:51:11 | 000,118,362 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/10 22:45:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/10 22:45:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/10 22:44:52 | 3218,276,352 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/10 22:23:04 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/10 22:03:09 | 000,006,836 | ---- | M] () -- C:\Users\Amanda\AppData\Local\d3d9caps.dat
[2011/05/09 22:45:07 | 000,002,047 | ---- | M] () -- C:\Users\Amanda\Desktop\Google Chrome.lnk
[2011/05/09 22:45:07 | 000,002,009 | ---- | M] () -- C:\Users\Amanda\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/09 22:21:53 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Amanda\Desktop\esetsmartinstaller_enu.exe
[2011/05/09 22:13:32 | 000,879,081 | ---- | M] () -- C:\Users\Amanda\Desktop\SecurityCheck.exe
[2011/05/08 22:44:53 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/08 18:16:26 | 358,912,256 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/08 17:52:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Amanda\Desktop\OTL.exe
[2011/05/08 17:50:52 | 001,280,815 | ---- | M] () -- C:\Users\Amanda\Desktop\tdsskiller.zip
[2011/05/08 17:42:59 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1473863923-1105852967-1443751112-1000Core.job
[2011/05/02 14:46:33 | 000,293,176 | ---- | M] () -- C:\Users\Amanda\Desktop\gmer.zip
[2011/05/02 14:43:53 | 000,625,664 | ---- | M] () -- C:\Users\Amanda\Desktop\dds.scr
[2011/05/02 07:26:38 | 000,282,480 | ---- | M] () -- C:\Users\Amanda\Desktop\bookmarks-2011-05-02.json

========== Files Created - No Company Name ==========

[2011/05/10 22:36:48 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/10 22:23:04 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/10 22:23:03 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/09 22:19:58 | 000,879,081 | ---- | C] () -- C:\Users\Amanda\Desktop\SecurityCheck.exe
[2011/05/08 18:12:02 | 001,280,815 | ---- | C] () -- C:\Users\Amanda\Desktop\tdsskiller.zip
[2011/05/02 15:09:50 | 000,293,176 | ---- | C] () -- C:\Users\Amanda\Desktop\gmer.zip
[2011/05/02 15:04:25 | 000,625,664 | ---- | C] () -- C:\Users\Amanda\Desktop\dds.scr
[2011/05/02 07:26:38 | 000,282,480 | ---- | C] () -- C:\Users\Amanda\Desktop\bookmarks-2011-05-02.json
[2011/04/30 12:12:20 | 3218,276,352 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/28 19:27:34 | 358,912,256 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/05 17:39:34 | 000,006,836 | ---- | C] () -- C:\Users\Amanda\AppData\Local\d3d9caps.dat
[2009/07/05 18:37:53 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/18 06:01:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/01/16 07:57:19 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/01/16 07:57:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/31 08:36:16 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/12/31 07:55:34 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/10/30 05:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/10/21 08:40:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008/10/21 08:40:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/10/08 15:05:06 | 000,010,752 | ---- | C] () -- C:\Windows\System32\rcmirror.dll
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,270,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,640,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,118,362 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe

========== LOP Check ==========

[2011/01/01 00:21:04 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\Amazon
[2009/06/28 00:02:09 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\WildTangent
[2010/08/16 14:46:47 | 000,000,000 | ---D | M] -- C:\Users\Amanda\AppData\Roaming\YScienceLabs
[2011/05/10 22:43:44 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/10 22:36:12 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/10 22:36:12 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/10 22:36:12 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/10 22:36:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/10 22:36:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/10 22:36:10 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Amanda\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/06 15:21:41 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Amanda\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/06 15:21:41 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Amanda\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/06 15:21:41 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Amanda\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/05/06 15:21:41 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2009/08/26 23:42:23 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2009/08/26 23:42:23 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2009/08/26 23:42:23 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/08/27 01:23:17 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/08/27 01:23:17 | 000,638,232 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2011/03/20 01:08:13 | 000,000,005 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
[2011/03/20 01:08:12 | 000,002,499 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Local State
[2011/03/20 00:47:32 | 005,358,840 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
[2011/03/20 00:47:32 | 002,053,575 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
[2011/03/20 01:08:13 | 000,409,600 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2010/09/26 14:43:23 | 000,000,505 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2010/09/26 14:43:23 | 000,000,505 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2011/03/20 01:06:50 | 000,146,432 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2011/03/20 01:08:13 | 000,037,344 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2011/03/20 01:08:12 | 000,013,719 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2010/09/26 14:50:09 | 000,006,144 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
[2011/03/20 01:04:42 | 000,016,384 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2011/03/20 01:08:12 | 004,648,960 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\History
[2010/09/26 14:45:23 | 000,043,008 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\History Index 2010-04
[2010/12/28 18:42:38 | 006,268,928 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\History Index 2010-09
[2011/01/27 23:01:36 | 003,766,272 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\History Index 2010-10
[2011/03/20 01:04:43 | 012,688,384 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\History Index 2010-11
[2011/03/20 01:08:13 | 009,357,312 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\History Index 2010-12
[2011/03/20 01:08:13 | 009,670,656 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-01
[2011/02/13 14:15:17 | 001,622,016 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-02
[2011/03/20 01:08:13 | 000,045,056 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-03
[2011/02/19 00:25:26 | 000,000,238 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Last Session
[2011/02/19 00:25:26 | 000,000,126 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
[2011/03/19 23:14:24 | 000,012,288 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2011/03/20 01:08:13 | 000,019,911 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2011/03/19 23:14:01 | 000,147,456 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2011/03/20 01:08:13 | 000,131,072 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2011/03/19 23:14:14 | 000,061,440 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2011/02/13 14:15:04 | 000,009,216 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
[2010/11/19 18:19:50 | 000,654,150 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0\Cached Theme.pak
[2010/11/19 18:19:49 | 000,001,465 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0\manifest.json
[2010/11/19 18:19:49 | 000,002,136 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0\i\agxjaHJvbWV0aGVtZXNyDAsSBEZpbGUY-cMGDA
[2010/11/19 18:19:49 | 000,003,581 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0\i\agxjaHJvbWV0aGVtZXNyDAsSBEZpbGUYk8oEDA
[2010/11/19 18:19:49 | 000,000,822 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0\i\agxjaHJvbWV0aGVtZXNyDAsSBEZpbGUYmPkCDA
[2010/11/19 18:19:49 | 000,139,296 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0\i\agxjaHJvbWV0aGVtZXNyDAsSBEZpbGUYoYEDDA
[2010/11/19 18:19:49 | 000,000,406 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0\i\agxjaHJvbWV0aGVtZXNyDAsSBEZpbGUYv_ECDA
[2010/11/13 11:42:12 | 000,003,072 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.fanfiction.net_0.localstorage
[2009/06/26 12:47:42 | 000,017,408 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\localserver.db
[2009/06/26 12:47:42 | 000,019,456 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\permissions.db
[2010/09/26 14:43:20 | 000,000,000 | ---- | M] () -- C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-11-23 15:34:26

< End of report >

#12 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 11 May 2011 - 06:49 PM

Hi!

Quote

You're more than welcome, and thank you for posting the logs for me again.

It's much easier for me to process the logs when they aren't on multiple lines.

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.
Copy and Paste the following code into the textbox.
```
:Commands
[ClearAllRestorePoints]
```
Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.

NEXT:

OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:

Reopen on your desktop.
Click on
You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

NEXT:

All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.

Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.

Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Extra Goodies

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them then consider a password keeper, to keep all your passwords safe.
Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:
- Open Malwarebytes' Anti-Malware
- Select the Update tab
- Click Check for Updates
Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.
FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT has an addon available for Chrome and Opera.
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

#13 rhale7425

Member

Group: Members
Posts: 23
Joined: 14-August 10

Posted 11 May 2011 - 10:16 PM

Here's what I did tonight:

1. Ran OTL with the RunFix. The log was:

========== COMMANDS ==========

OTL by OldTimer - Version 3.2.22.3 log created on 05112011_211940

2. Ran OTL Cleanup and did the Restart
3. All of Norton enabled (virus, firewall, etc...)
4. We don't have any P2P on this PC that I know of
5. I installed Google Chrome
6. I checked the IE settings and believe I have the recommended settings. The following is what I have:

Active-X controls and plug-ins
. Allow perviously unused ActiveX controls to run without prompt: Disabled
. Allow Scriplets: Disable
. Automatic prompting for ActiveX controls: Disable
. Binary and script behaviors: Enable
. Display video and animation on a webpage that does not use external media player: Disable
. Download singed ActiveX controls: Prompt
. Download unsigned ActiveX contols: Disable
. Initialize and script ActiveX controls not marked safe for scripting: Disable
. Only allow approved domains to use ActiveX without prompt: Enable
. Run ActiveX controls and plug-ins: Enable
. Script ActiveX controls marked safe from scripting: Enable

8. I will plan to run MalwareByes often. Note: I updated MalwareBytes when we were going through the visus fixes, but I still get that Windows Blocks Startup Programs.

9. I added the WOT to each of my 3 browses: Firefox, IE and Google Chrome.

10. I downloaded and did the AFT CLeaner and ran
11. I downloaded the FileHippo and ran and will be using
12. I will bite the bullet and begin installing the Windows Updates to make PC current.

Questions:

1. Is Google Chrome much more secure than Firefox also?

2. Do I need to do anything with System Restore such as clearning it out or was that one of the steps we performed via OTL?

3. What are your thoughts on using the HOST files from winhelp2002.mvps.org/hosts.htm? I was suggested to use that for a prior PC that an infection cleaned up by your team.

4. When I install the Windows Updates if I get into the problem I described earlier where we were dropping wireless connection, do you have a suggestion as to who I could work with? Is there suggested forum via bleepingcomputers?

Thank you once again for all your assistance. You have been a grand help! I plan to turn the PC back over to my daughter tomorrow (who got the virus).

#14 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 12 May 2011 - 12:05 PM

Are you using the free version of MBAM?

If so, please run this fix:

OTL Fix

We need to run an OTL Fix

Please download OTL by OldTimer and save it to your desktop.
Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:OTL
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

:Reg

:Files
ipconfig /flushdns /c
:Commands
[CreateRestorePoint]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

----------
____________________________________________________

Quote

1. Is Google Chrome much more secure than Firefox also?

There are infections that are currently targeting Firefox.

I'm not seeing many infections that are specifically targeting Chrome browsers.

Quote

2. Do I need to do anything with System Restore such as clearning it out or was that one of the steps we performed via OTL?

That should have been accomplished when you ran the OTL fix. When you run the OTL fix above, it should create a new restore point for you. If it doesn't for some reason, we will manually create a new one just to be on the safe side.

Quote

3. What are your thoughts on using the HOST files from winhelp2002.mvps.org/hosts.htm? I was suggested to use that for a prior PC that an infection cleaned up by your team.

I use to recommend a download a custom host file from that site, but no longer do so, as it's not something I personally use on my own computer. I like to recommend tools that I use on my personal computer.

It can't hurt to install it.

Quote

4. When I install the Windows Updates if I get into the problem I described earlier where we were dropping wireless connection, do you have a suggestion as to who I could work with? Is there suggested forum via bleepingcomputers?

The best forum would most likely be the Windows XP forum.

#15 rhale7425

Member

Group: Members
Posts: 23
Joined: 14-August 10

Posted 12 May 2011 - 07:27 PM

Thank you again. Yes, I am using the free version of Malwarebytes. Here's my steps:
1. Downloaded OTL and ran the Fix
2. Was not asked to reboot, but did so anyway to see if I got the popup when logging back on
3. After reboot and logging on I have not see the Windows Blocks Startup Program message. Yeah!
4. We're back to using the PC now thanks to all your assistance! I'll start doing the Windows Updates this weekend (or very soon thereafter) to catch the PC up.
5. Here is the OTL log:

========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Malware (reboot) deleted successfully.
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe moved successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Amanda\Desktop\cmd.bat deleted successfully.
C:\Users\Amanda\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.22.3 log created on 05122011_201555