Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

windows defender warning trojandownloader:win32/renos.dz

Started by buckeye11 , Jun 03 2009 05:16 PM

  • Please log in to reply

#1
buckeye11
Posted 03 June 2009 - 05:16 PM

buckeye11

    New Member

  • Member
  • Pip
  • 4 posts
I keep getting this windows defender warning and when i click remove al it seems to be fine then after a half hour or so i get the same popup. I haven't noticed any other issues except that it may be messing up some of my searches as when i searched this on google and clicked on a link it took me to an unrelated website so i went back and clicked again then it took me to correct site.....

any help is appreciated. just let me know what you need me to do and i'll try and do it

P.S. i'm not extremely computer savvy so sorry if i don't understand some of the more technical wordings
  • 0

Advertisements

#2
kahdah
Posted 03 June 2009 - 05:30 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello buckeye11

Welcome to G2Go. :)
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#3
buckeye11
Posted 03 June 2009 - 05:43 PM

buckeye11

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
ok so i ran the scan and here are the two logs that came up when it ended.. and thanks in advance for any help :)




OTL logfile created on: 6/3/2009 7:37:46 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Jon\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.45% Memory free
4.00 Gb Paging File | 2.94 Gb Available in Paging File | 73.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.69 Gb Total Space | 89.25 Gb Free Space | 63.44% Space Free | Partition Type: NTFS
Drive D: | 8.36 Gb Total Space | 1.80 Gb Free Space | 21.57% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JONS-COMPUTER
Current User Name: Jon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe (Cognizance Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
PRC - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe ()
PRC - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
PRC - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Users\Jon\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (ASBroker [Auto | Running]) -- c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll (Cognizance Corporation)
SRV - (ASChannel [Auto | Running]) -- c:\Program Files\Bioscrypt\VeriSoft\Bin\AsChnl.dll (Cognizance Corporation)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr [Auto | Running]) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLCapSvc [Auto | Running]) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CLSched [Auto | Running]) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLTNetCnService [Auto | Running]) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (comHost [On_Demand | Stopped]) -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (EraserSvc10910 [Auto | Running]) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Running]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (HP Health Check Service [Auto | Running]) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
SRV - (hpqwmiex [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IAANTMON [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (ISPwdSvc [On_Demand | Stopped]) -- c:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Ex [Auto | Running]) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Service [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (Symantec Core LC [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (SymAppCore [Auto | Running]) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (ATSWPDRV [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\ATSwpDrv.sys (AuthenTec, Inc.)
DRV - (BCM43XV [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\bcmwl6.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (btwaudio [On_Demand | Running]) -- C:\Windows\system32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwavdt [On_Demand | Running]) -- C:\Windows\system32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E100B [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (eabfiltr [System | Running]) -- C:\Windows\system32\DRIVERS\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (HBtnKey [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\cpqbttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (IDSvix86 [System | Running]) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20090527.001\IDSvix86.sys (Symantec Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\system32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090602.007\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090602.007\NAVEX15.SYS (Symantec Corporation)
DRV - (NETw4v32 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\NETw4v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\Rtlh86.sys (Realtek Corporation )
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (smserial [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\smserial.sys (Motorola Inc.)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SRTSP [System | Running]) -- C:\Windows\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\Windows\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (SYMDNS [On_Demand | Running]) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\Windows\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\Windows\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDISV [On_Demand | Running]) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winachsf [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\VSTCNXT3.SYS (Conexant Systems, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/04/29 17:53:33 | 00,000,000 | ---D | M]


O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (VeriSoft Access Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule (Cognizance Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (NVIDIA Corporation)
O4 - HKLM..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKCU..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun (Hewlett-Packard)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
O4 - HKLM..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe (soft thinks)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\wshtcpip.dll,-60103] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [NTDS] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [Bluetooth Namespace] - C:\Windows\system32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: gscdn.com ([rfonline-full] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} http://rfonline-full..._downloader.cab (ccr_downloader Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.124,85.255.112.233
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{BA203F29-0957-4786-9733-80F2F3541FFF}\\NameServer = 85.255.112.124,85.255.112.233
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{CB006B13-4EA5-4D8D-B76A-EC0EF6D2C5AD}\\NameServer = 85.255.112.124,85.255.112.233
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{FDC66BA8-5B42-4746-ADC5-6BE3BE267257}\\NameServer = 85.255.112.124,85.255.112.233
O18 - Protocol\Filter: - application/octet-stream - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\system32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\system32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\system32\browseui.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\system32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/12 13:15:45 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/02 16:19:20 | 00,000,399 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2009/06/02 16:19:20 | 00,000,323 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/03 19:35:31 | 00,000,000 | R--D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/06/03 19:35:30 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Users\Jon\Desktop\OTL.exe
[2009/06/03 17:19:55 | 00,018,561 | ---- | C] () -- C:\Users\Jon\Desktop\302-Ethics assignment-SP09 - [TR].docx
[2009/06/02 16:19:27 | 00,000,256 | -H-- | C] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/06/02 16:19:20 | 00,000,399 | RHS- | C] () -- C:\autorun.inf
[2009/06/02 16:19:20 | 00,000,000 | ---D | C] -- C:\RECYCLER
[2009/06/01 14:41:51 | 00,021,209 | ---- | C] () -- C:\Users\Jon\Desktop\Engineering for A County.docx
[2009/05/31 22:11:35 | 00,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Ventrilo
[2009/05/31 21:43:07 | 00,000,752 | ---- | C] () -- C:\Users\Jon\Desktop\Ventrilo.lnk
[2009/05/31 21:43:05 | 00,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2009/05/31 21:43:03 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/05/31 21:42:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/05/14 00:12:10 | 00,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\WildTangent
[2009/05/13 23:59:50 | 00,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/05/13 23:59:33 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/05/08 10:21:30 | 90,711,595 | ---- | C] () -- C:\Users\Jon\Desktop\1_Dynamics_Sol[1].pdf
[2009/05/06 20:17:17 | 00,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Move Networks
[2009/05/06 00:36:40 | 00,016,519 | ---- | C] () -- C:\Users\Jon\Desktop\Soc 302.docx
[2009/04/29 03:52:11 | 00,000,321 | ---- | C] () -- C:\Windows\System32\XMLConfig_SYSID.ini
[2007/02/27 16:43:02 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/20 12:00:12 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/12/14 02:01:36 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 02:01:36 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 06:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 20:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 08:06:00 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2005/04/03 16:30:00 | 00,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll
[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1998/05/06 21:10:00 | 00,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll

========== Files - Modified Within 30 Days ==========

[2009/06/03 19:35:33 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\Jon\Desktop\OTL.exe
[2009/06/03 19:23:39 | 00,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/06/03 19:23:39 | 00,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/06/03 19:02:30 | 00,000,256 | -H-- | M] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/06/03 17:31:48 | 00,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/06/03 17:31:48 | 00,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/06/03 17:31:48 | 00,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/06/03 17:24:36 | 00,027,145 | ---- | M] () -- C:\Users\Jon\AppData\Roaming\nvModes.001
[2009/06/03 17:24:36 | 00,000,147 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2009/06/03 17:23:45 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/06/03 17:23:26 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/06/03 17:22:54 | 21,458,37056 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/03 17:21:34 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/06/03 17:19:58 | 00,018,561 | ---- | M] () -- C:\Users\Jon\Desktop\302-Ethics assignment-SP09 - [TR].docx
[2009/06/03 08:29:10 | 00,027,145 | ---- | M] () -- C:\Users\Jon\AppData\Roaming\nvModes.dat
[2009/06/02 22:31:49 | 00,021,209 | ---- | M] () -- C:\Users\Jon\Desktop\Engineering for A County.docx
[2009/06/02 16:19:20 | 00,000,399 | RHS- | M] () -- C:\autorun.inf
[2009/06/01 20:00:16 | 00,000,542 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Jon.job
[2009/06/01 13:18:19 | 36,379,6605 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/05/31 21:43:13 | 00,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/05/31 21:43:07 | 00,000,752 | ---- | M] () -- C:\Users\Jon\Desktop\Ventrilo.lnk
[2009/05/29 03:10:06 | 00,000,314 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJon.job
[2009/05/28 19:25:52 | 00,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/05/20 16:07:10 | 00,000,188 | ---- | M] () -- C:\Windows\System32\hpasset.xml
[2009/05/13 23:55:03 | 00,352,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/05/13 16:47:08 | 00,000,188 | ---- | M] () -- C:\Windows\System32\hpasset.xml.bkp
[2009/05/08 10:21:47 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf
[2009/05/07 09:57:50 | 00,016,519 | ---- | M] () -- C:\Users\Jon\Desktop\Soc 302.docx
[2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe

========== LOP Check ==========

[2009/05/31 22:11:35 | 00,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming
[2009/04/29 12:04:31 | 00,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Adobe
[2009/04/30 01:02:19 | 00,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\CyberLink
[2009/04/29 03:21:00 | 00,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Hewlett-Packard
[2009/04/30 01:02:12 | 00,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\HP
[2009/04/29 03:07:15 | 00,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Identities
[2009/04/29 03:49:36 | 00,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\InstallShield
[2009/04/29 03:01:46 | 00,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Macromedia
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Media Center Programs
[2009/05/20 17:22:48 | 00,000,000 | --SD | M] -- C:\Users\Jon\AppData\Roaming\Microsoft
[2009/05/06 20:17:17 | 00,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Move Networks
[2009/06/01 21:05:13 | 00,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Ventrilo
[2009/05/14 00:12:10 | 00,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\WildTangent
[2009/05/29 03:10:06 | 00,000,314 | ---- | M] () -- C:\Windows\Tasks\HPCeeScheduleForJon.job
[2009/06/01 20:00:16 | 00,000,542 | ---- | M] () -- C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Jon.job
[2009/06/03 17:23:45 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/06/03 17:21:32 | 00,010,502 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/06/03 19:02:30 | 00,000,256 | -H-- | M] () -- C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

========== Purity Check ==========

< End of report >


































OTL Extras logfile created on: 6/3/2009 7:37:46 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Jon\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.45% Memory free
4.00 Gb Paging File | 2.94 Gb Available in Paging File | 73.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.69 Gb Total Space | 89.25 Gb Free Space | 63.44% Space Free | Partition Type: NTFS
Drive D: | 8.36 Gb Total Space | 1.80 Gb Free Space | 21.57% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JONS-COMPUTER
Current User Name: Jon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"DisableNotifications" = 0
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 0
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"DisableNotifications" = 0
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink (EarthLink, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========


========== Vista Active Application Exception List ==========

{338C3B67-A6CB-470A-BAC8-D6E246EC46D4} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE |
{47DDD09A-61C6-4A83-A10F-A81F0D25A8B4} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{4BDD73EC-36E4-44E3-99D5-B97EB42CC9A5} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE |
{9BEB4610-00C3-43D7-8D3C-2063220D9F1C} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\VENTRILO\VENTRILO.EXE |
{A8F7E893-D8DA-4DF1-A51B-4F2315F02EDF} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{B53FE2D3-54A5-4490-93B7-7608CB64E3FB} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE |
{C7539C9D-9A89-429C-BA53-97BB48B5ED7A} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE |
{D8832AF1-7367-4565-9280-500D1D4535C5} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE |
{D9A8A729-F40A-466B-96FA-4ADB0C863949} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\VENTRILO\VENTRILO.EXE |
{DB81D00D-CCC7-4E12-8B7C-0C04F61D3D29} = DIR=IN | APP=C:\PROGRAM FILES\HP\QUICKPLAY\QPSERVICE.EXE |
{E48151A9-6885-4560-8BC4-0F737E7DE350} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE |
{E50D077B-F1A0-4523-AF63-ABEBAABF0E63} = DIR=IN | APP=C:\PROGRAM FILES\HP\QUICKPLAY\QP.EXE |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0ABA40AF-288D-41F1-B735-C5155692CD7D}" = VeriSoft Access Manager
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1517A7CB-5F00-4A88-8F06-E89B6DB63784}" = ESU for Microsoft Vista
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74B90BF4-5D1D-4F24-BA21-5D59F667FDE4}" = Symantec Real Time Storage Protection Component
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = HP Integrated Module with Bluetooth wireless technology
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AF625E18-119F-4B10-8A77-119D866AA655}" = SymNet
"{B61B6668-A674-4A06-8405-51944D5CCDDD}" = AuthenTec Fingerprint Sensor Minimum Install
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"RFOnline" = RFOnline
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent hp Master Uninstall" = HP Games
"WildTangent hplaptop Master Uninstall" = My HP Games

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/3/2009 8:29:33 AM | Computer Name = Jons-Computer | Source = VSS | ID = 8194
Description =

Error - 6/3/2009 8:29:38 AM | Computer Name = Jons-Computer | Source = System Restore | ID = 8193
Description =

Error - 6/3/2009 3:19:28 PM | Computer Name = Jons-Computer | Source = VSS | ID = 8194
Description =

Error - 6/3/2009 3:19:34 PM | Computer Name = Jons-Computer | Source = System Restore | ID = 8193
Description =

Error - 6/3/2009 5:18:26 PM | Computer Name = Jons-Computer | Source = Application Error | ID = 1000
Description = Faulting application ssvagent.exe, version 6.0.130.3, time stamp 0x49b4f3b6,
faulting module msvcrt.dll!_resetstkoflw, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000139, fault offset 0x00008fc7, process id 0x1e0c, application
start time 0x01c9e490d53406f0.

Error - 6/3/2009 5:51:03 PM | Computer Name = Jons-Computer | Source = VSS | ID = 8194
Description =

Error - 6/3/2009 5:55:52 PM | Computer Name = Jons-Computer | Source = System Restore | ID = 8193
Description =

Error - 6/3/2009 6:01:59 PM | Computer Name = Jons-Computer | Source = VSS | ID = 8194
Description =

Error - 6/3/2009 6:02:48 PM | Computer Name = Jons-Computer | Source = System Restore | ID = 8193
Description =

Error - 6/3/2009 7:02:25 PM | Computer Name = Jons-Computer | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 6/3/2009 3:04:12 AM | Computer Name = Jons-Computer | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 6/3/2009 3:04:12 AM | Computer Name = Jons-Computer | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 6/3/2009 3:04:12 AM | Computer Name = Jons-Computer | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 6/3/2009 3:04:12 AM | Computer Name = Jons-Computer | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 6/3/2009 3:04:12 AM | Computer Name = Jons-Computer | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 6/3/2009 3:04:12 AM | Computer Name = Jons-Computer | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 6/3/2009 3:04:12 AM | Computer Name = Jons-Computer | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 6/3/2009 7:46:03 AM | Computer Name = Jons-Computer | Source = DCOM | ID = 10010
Description =

Error - 6/3/2009 12:58:26 PM | Computer Name = Jons-Computer | Source = Service Control Manager | ID = 7011
Description =

Error - 6/3/2009 5:24:17 PM | Computer Name = Jons-Computer | Source = Service Control Manager | ID = 7000
Description =

[ VeriSoft Events ]
Error - 5/4/2009 1:10:17 PM | Computer Name = Jons-Computer | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Fingerprints Error: (0xC5161001) The fingerprints provided do not match.


< End of report >
  • 0

#4
kahdah
Posted 03 June 2009 - 06:03 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi could you get the Gmer log?
  • 0

#5
buckeye11
Posted 03 June 2009 - 06:05 PM

buckeye11

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
sorry whats the Gmer log? i'm not great with computers :S
  • 0

#6
kahdah
Posted 03 June 2009 - 06:09 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi it is the second program that I asked you to download.
Please re-read this post.
http://www.geekstogo...f...t&p=1551494
  • 0

#7
buckeye11
Posted 03 June 2009 - 06:38 PM

buckeye11

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
sorry i missed that second part here is the log


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-03 20:35:41
Windows 6.0.6000


---- System - GMER 1.0.15 ----

SSDT 8759A628 ZwAlertResumeThread
SSDT 8759A708 ZwAlertThread
SSDT 8EF10100 ZwAllocateVirtualMemory
SSDT 8EF4BF10 ZwConnectPort
SSDT 8EF194A8 ZwCreateMutant
SSDT 8EF15770 ZwCreateThread
SSDT 8EF10EF0 ZwFreeVirtualMemory
SSDT 8EF19558 ZwImpersonateAnonymousToken
SSDT 8EF19638 ZwImpersonateThread
SSDT 8EF10E10 ZwMapViewOfSection
SSDT 8EF104D0 ZwOpenEvent
SSDT 8EF10008 ZwOpenProcessToken
SSDT 8EF0FCC0 ZwOpenThreadToken
SSDT 8EF57DD8 ZwResumeThread
SSDT 8EF0FBE0 ZwSetContextThread
SSDT 8EF0F678 ZwSetInformationProcess
SSDT 8EF0FAF0 ZwSetInformationThread
SSDT 8EF103F0 ZwSuspendProcess
SSDT 8EF12F28 ZwSuspendThread
SSDT 875B3860 ZwTerminateProcess
SSDT 8EF74638 ZwTerminateThread
SSDT 8EF10040 ZwUnmapViewOfSection
SSDT 8EF10FC0 ZwWriteVirtualMemory

Code 8EE55108 ZwEnumerateKey
Code 8EE6C6B8 ZwFlushInstructionCache
Code 8EE6A13D IofCallDriver
Code 8EE6C956 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 81C27F37 5 Bytes JMP 8EE6A142
.text ntkrnlpa.exe!IofCompleteRequest 81C27FA4 5 Bytes JMP 8EE6C95B
.text ntkrnlpa.exe!ZwCallbackReturn + 2F0 81C807FC 4 Bytes CALL 72C90882
PAGE ntkrnlpa.exe!ZwEnumerateKey 81D37F06 5 Bytes JMP 8EE5510C
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 81DE849F 5 Bytes JMP 8EE6C6BC

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\BTHUSB \Device\0000007a bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000007c bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\gxvxcqlmrbuckkpqycjfrycblcdjkdyajuhot.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [888] 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\gxvxcikadqtjxactowjjtdlxdgwmvymegikhq.sys (*** hidden *** ) [SYSTEM] gxvxcserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6be1228e
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \systemroot\system32\drivers\gxvxcikadqtjxactowjjtdlxdgwmvymegikhq.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\[email protected] \\?\globalroot\systemroot\system32\drivers\gxvxcikadqtjxactowjjtdlxdgwmvymegikhq.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\[email protected] \\?\globalroot\systemroot\system32\gxvxcqlmrbuckkpqycjfrycblcdjkdyajuhot.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\[email protected] \\?\globalroot\systemroot\system32\gxvxcuneufhcpyssbbkwyjjdtihobjtoajhgg.dll
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6be1228e
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] \systemroot\system32\drivers\gxvxcikadqtjxactowjjtdlxdgwmvymegikhq.sys
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] file system
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\[email protected] \\?\globalroot\systemroot\system32\drivers\gxvxcikadqtjxactowjjtdlxdgwmvymegikhq.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\[email protected] \\?\globalroot\systemroot\system32\gxvxcqlmrbuckkpqycjfrycblcdjkdyajuhot.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\[email protected] \\?\globalroot\systemroot\system32\gxvxcuneufhcpyssbbkwyjjdtihobjtoajhgg.dll

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\System32\drivers\gxvxcikadqtjxactowjjtdlxdgwmvymegikhq.sys 48128 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\System32\gxvxccount 4 bytes
File C:\WINDOWS\System32\gxvxcqlmrbuckkpqycjfrycblcdjkdyajuhot.dll 22529 bytes executable
File C:\WINDOWS\System32\gxvxcuneufhcpyssbbkwyjjdtihobjtoajhgg.dll 27649 bytes executable

---- EOF - GMER 1.0.15 ----
  • 0

#8
kahdah
Posted 03 June 2009 - 07:51 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.124,85.255.112.233
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{BA203F29-0957-4786-9733-80F2F3541FFF}\\NameServer = 85.255.112.124,85.255.112.233
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{CB006B13-4EA5-4D8D-B76A-EC0EF6D2C5AD}\\NameServer = 85.255.112.124,85.255.112.233
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{FDC66BA8-5B42-4746-ADC5-6BE3BE267257}\\NameServer = 85.255.112.124,85.255.112.233
O32 - AutoRun File - [2009/06/02 16:19:20 | 00,000,399 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/06/02 16:19:20 | 00,000,323 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]

:Commands
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
================================ComboFix=================================
Please visit this webpage for download links, and instructions for running Combofix:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP