Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktop Defender problems doesnt seem to go away


  • This topic is locked This topic is locked
2 replies to this topic

#1 reachsumo

reachsumo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 24 January 2010 - 11:07 PM

This site seems to be a big help for all..I hope someone helps me out...I cant use the laptop at school and is becoming an issue...I have tons of data on the hard drive..please please Help wacko.gif
I have tried everything that i know to get rid of this virus called Desktop Defender 2010 and it doesnt seem to go away.
1) i have removed the Registry Entries
2) deleted the folder Deskstop Defender 2010 in Program files.
3) tried to delete the files in AppData./Local.temp..but they seem to keep coming back.
4) ran Spy Bot and Malware bytes....

I cant use my machine and its become a big problem for me since i use this machine in school... ohmy.gif but now cant use it...
I was unable to login to the machine and finally i was able to go into Safe mode and I thgouht i got rid of all the files but nope...these pop ups came back pesky...
I did a search for file names and no dice..
THe specific pop ups are
1) Screeb.Grab.J.exe>> activate protection..
2) your computer maybe at risk
3) Unauthorized remote connection!>>prevent connection

looks like a similar problem like this individual: http://www.bleepingcomputer.com/forums/t/288367/desktop-defender-2010-infection/..
so I downloaded OTA and this is what I got from OTL....I am jumping ahead of myself....but I am really desperate to get this fixed...thanks...
OTL logfile created on: 1/24/2010 9:10:35 PM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Users\Anastasia\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 174.47 Gb Total Space | 69.96 Gb Free Space | 40.10% Space Free | Partition Type: NTFS
Drive D: | 11.84 Gb Total Space | 2.00 Gb Free Space | 16.88% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANASTASIA-PC
Current User Name: Anastasia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/24 20:52:12 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Anastasia\Desktop\OTL.exe
PRC - [2010/01/16 13:00:22 | 00,391,680 | ---- | M] () -- C:\Users\Anastasia\AppData\Roaming\la55qcvsc6kq.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/20 01:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/05 14:10:02 | 03,634,024 | ---- | M] (AOL LLC) -- C:\Program Files\AIM\aim.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/28 21:10:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/01/29 17:09:14 | 00,578,920 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/04 02:42:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/16 08:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008/06/02 02:55:22 | 00,080,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
PRC - [2008/01/20 21:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/18 06:31:32 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/01/18 06:31:22 | 01,033,512 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/12/19 21:28:34 | 00,271,760 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2007/12/19 21:28:34 | 00,112,016 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2007/12/19 21:27:50 | 00,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2007/09/19 16:31:34 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2007/09/13 10:47:52 | 00,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007/09/05 15:09:54 | 01,620,520 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/09/05 15:09:54 | 00,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/09/04 15:54:20 | 00,554,320 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
PRC - [2007/08/23 16:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/08/23 16:36:30 | 00,455,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2007/07/10 09:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/05/16 12:43:06 | 00,677,432 | R--- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/01/09 05:25:30 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/01/08 17:53:06 | 00,311,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/05/02 17:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe


========== Modules (SafeList) ==========

MOD - [2010/01/24 20:52:12 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Anastasia\Desktop\OTL.exe
MOD - [2008/01/20 21:23:44 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/20 01:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe -- (NAV)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/01/29 17:09:14 | 00,578,920 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -- (MrHealthyService)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/04 02:42:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/06/16 08:02:28 | 00,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/01/20 21:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/19 21:28:34 | 00,271,760 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2007/12/19 21:28:34 | 00,112,016 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2007/08/23 16:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/07/23 18:33:06 | 00,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/07/10 09:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/03/05 12:30:06 | 00,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/09 05:25:30 | 00,272,024 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/02 17:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/01/19 00:06:15 | 00,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/01/18 01:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100119.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/01/18 01:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/01/18 01:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/01/18 01:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100119.008\NAVENG.SYS -- (NAVENG)
DRV - [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/12/04 23:54:05 | 00,529,456 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\BASHDefs\20091205.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/11/05 17:06:13 | 00,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1101000.013\SYMDS.SYS -- (SymDS)
DRV - [2009/10/28 17:37:22 | 00,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\IPSDefs\20100119.001\IDSvix86.sys -- (IDSVix86)
DRV - [2009/10/20 01:35:50 | 00,501,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1101000.013\ccHPx86.sys -- (ccHP)
DRV - [2009/10/14 20:50:48 | 00,339,504 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1101000.013\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2009/10/08 21:55:01 | 00,171,056 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1101000.013\SYMEFA.SYS -- (SymEFA)
DRV - [2009/10/08 21:54:25 | 00,114,736 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1101000.013\Ironx86.SYS -- (SymIRON)
DRV - [2009/10/08 21:54:10 | 00,325,168 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\system32\drivers\NAV\1101000.013\SRTSP.SYS -- (SRTSP)
DRV - [2009/10/08 21:54:10 | 00,043,696 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1101000.013\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/12/04 02:42:00 | 07,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/20 21:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 00,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 00,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 00,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 00,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:22 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 21:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/18 06:31:26 | 00,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/12/06 15:40:14 | 00,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/09/18 08:12:28 | 00,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/09/18 08:12:28 | 00,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007/09/18 08:12:28 | 00,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007/09/09 17:12:28 | 00,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 12:30:22 | 00,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 09:27:56 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 06:29:56 | 00,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 06:28:34 | 00,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 06:28:22 | 00,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/18 19:12:04 | 00,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 00:02:04 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/06 21:15:58 | 01,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 16:42:22 | 00,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 16:50:32 | 00,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 18:40:20 | 00,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:53 | 00,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/06/18 18:26:58 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-304538451-2921232432-339800710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKU\S-1-5-21-304538451-2921232432-339800710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKU\S-1-5-21-304538451-2921232432-339800710-1000\S-1-5-21-304538451-2921232432-339800710-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-304538451-2921232432-339800710-1000\S-1-5-21-304538451-2921232432-339800710-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.mystart.com?pr=oovoo2_0"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {99E00A4C-D35E-11DD-BA95-9B6A56D89593}:2.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.5.1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\IPSFFPlgn\ [2010/01/19 00:08:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/03 11:25:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/05 10:06:14 | 00,000,000 | ---D | M]

[2009/02/13 11:06:55 | 00,000,000 | ---D | M] -- C:\Users\Anastasia\AppData\Roaming\Mozilla\Extensions
[2009/02/13 11:06:55 | 00,000,000 | ---D | M] -- C:\Users\Anastasia\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/24 19:40:32 | 00,000,000 | ---D | M] -- C:\Users\Anastasia\AppData\Roaming\Mozilla\Firefox\Profiles\9v6c5oha.default\extensions
[2009/04/28 22:07:03 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Anastasia\AppData\Roaming\Mozilla\Firefox\Profiles\9v6c5oha.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/05 12:20:45 | 00,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\Anastasia\AppData\Roaming\Mozilla\Firefox\Profiles\9v6c5oha.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/12/06 22:57:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 00,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-304538451-2921232432-339800710-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [la55qcvsc6kq] C:\Windows\System32\la55qcvsc6kq.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-304538451-2921232432-339800710-1000..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL LLC)
O4 - HKU\S-1-5-21-304538451-2921232432-339800710-1000..\Run: [Google Update] C:\Users\Anastasia\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-304538451-2921232432-339800710-1000..\Run: [iLike] C:\Program Files\iLike\1.2.16\ilikesidebar.exe File not found
O4 - HKU\S-1-5-21-304538451-2921232432-339800710-1000..\Run: [la55qcvsc6kq] C:\Users\Anastasia\AppData\Roaming\la55qcvsc6kq.exe ()
O4 - HKU\S-1-5-21-304538451-2921232432-339800710-1000..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-304538451-2921232432-339800710-1000..\Run: [SecurityCenter] C:\Users\Anastasia\AppData\Roaming\la55qcvsc6kq.exe ()
O4 - HKU\S-1-5-21-304538451-2921232432-339800710-1000..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\4.0 ( File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Anastasia\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Anastasia\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/24 21:23:11 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{ca868ff4-6877-11dd-9607-0021863bc848}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/24 20:57:52 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/24 20:52:57 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Users\Anastasia\Desktop\OTL.exe
[2010/01/24 20:45:26 | 00,000,000 | ---D | C] -- C:\Users\Anastasia\AppData\Roaming\Malwarebytes
[2010/01/24 20:45:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/24 20:45:14 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/24 20:45:14 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/24 20:45:13 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/24 20:44:21 | 04,129,799 | ---- | C] (McAfee Inc.) -- C:\Users\Anastasia\Desktop\stinger1001624.exe
[2010/01/24 20:44:19 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Anastasia\Desktop\mbam-setup.exe
[2010/01/24 18:01:54 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/01/24 16:43:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/01/24 16:43:13 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/19 00:19:25 | 00,000,000 | ---D | C] -- C:\Users\Anastasia\AppData\Local\CrashDumps
[2010/01/19 00:06:52 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/01/19 00:06:15 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/01/19 00:05:55 | 00,339,504 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1101000.013\symtdiv.sys
[2010/01/19 00:05:55 | 00,171,056 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1101000.013\SymEFA.sys
[2010/01/19 00:05:54 | 00,501,888 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1101000.013\cchpx86.sys
[2010/01/19 00:05:54 | 00,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1101000.013\SymDS.sys
[2010/01/19 00:05:54 | 00,325,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1101000.013\srtsp.sys
[2010/01/19 00:05:54 | 00,114,736 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1101000.013\Ironx86.sys
[2010/01/19 00:05:54 | 00,043,696 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1101000.013\srtspx.sys
[2010/01/19 00:05:34 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2010/01/19 00:05:34 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1101000.013
[2010/01/19 00:05:32 | 00,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2010/01/18 23:38:42 | 00,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2010/01/12 20:52:52 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/12 20:52:52 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/12/29 00:32:35 | 00,000,000 | ---D | C] -- C:\Users\Anastasia\Documents\Downloads
[2009/12/29 00:28:10 | 00,000,000 | ---D | C] -- C:\Users\Anastasia\AppData\Local\Google

========== Files - Modified Within 30 Days ==========

[2010/01/24 21:17:45 | 03,407,872 | -HS- | M] () -- C:\Users\Anastasia\NTUSER.DAT
[2010/01/24 21:04:12 | 00,000,323 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/01/24 21:04:02 | 00,028,219 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/01/24 21:02:26 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/24 21:02:26 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/24 21:02:20 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/24 21:02:14 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/24 21:01:56 | 31,529,20576 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/24 20:58:43 | 00,524,288 | -HS- | M] () -- C:\Users\Anastasia\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/24 20:58:43 | 00,065,536 | -HS- | M] () -- C:\Users\Anastasia\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/24 20:58:35 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/24 20:55:58 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/24 20:55:58 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/24 20:55:58 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/24 20:52:12 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Anastasia\Desktop\OTL.exe
[2010/01/24 20:45:22 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/24 20:43:08 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Anastasia\Desktop\mbam-setup.exe
[2010/01/24 20:33:06 | 00,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-304538451-2921232432-339800710-1000UA.job
[2010/01/24 20:09:09 | 00,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{014BEF7E-ED86-4731-BAEF-0D04B35B2688}.job
[2010/01/24 20:05:06 | 00,000,104 | ---- | M] () -- C:\Users\Anastasia\Desktop\Recycle Bin - Shortcut.lnk
[2010/01/24 20:03:53 | 00,389,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/01/24 17:49:18 | 00,028,219 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/01/24 16:43:33 | 00,001,055 | ---- | M] () -- C:\Users\Anastasia\Desktop\Spybot - Search & Destroy.lnk
[2010/01/24 15:33:13 | 01,819,602 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1101000.013\Cat.DB
[2010/01/19 00:41:20 | 00,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-304538451-2921232432-339800710-1000Core.job
[2010/01/19 00:06:15 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/01/19 00:06:15 | 00,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/01/19 00:06:15 | 00,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/01/19 00:06:12 | 00,000,640 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Anastasia.job
[2010/01/19 00:05:59 | 00,002,125 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010/01/19 00:05:00 | 00,000,853 | ---- | M] () -- C:\Users\Anastasia\Desktop\Norton Installation Files.lnk
[2010/01/16 13:00:22 | 00,391,680 | ---- | M] () -- C:\Windows\System32\la55qcvsc6kq.exe
[2010/01/16 13:00:22 | 00,391,680 | ---- | M] () -- C:\Users\Anastasia\AppData\Roaming\la55qcvsc6kq.exe
[2010/01/14 16:43:00 | 00,000,566 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Anastasia.job
[2010/01/14 11:48:04 | 00,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAnastasia.job
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/29 00:29:26 | 00,002,062 | ---- | M] () -- C:\Users\Anastasia\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2010/01/24 20:45:21 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/24 20:05:06 | 00,000,104 | ---- | C] () -- C:\Users\Anastasia\Desktop\Recycle Bin - Shortcut.lnk
[2010/01/24 20:03:29 | 31,529,20576 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/24 16:43:32 | 00,001,055 | ---- | C] () -- C:\Users\Anastasia\Desktop\Spybot - Search & Destroy.lnk
[2010/01/19 00:07:04 | 01,819,602 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\Cat.DB
[2010/01/19 00:06:52 | 00,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/01/19 00:06:52 | 00,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/01/19 00:05:59 | 00,002,125 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010/01/19 00:05:34 | 00,007,774 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\symnetv.cat
[2010/01/19 00:05:34 | 00,007,493 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\SymDS.cat
[2010/01/19 00:05:34 | 00,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\srtsp.cat
[2010/01/19 00:05:34 | 00,007,431 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\SymEFA.cat
[2010/01/19 00:05:34 | 00,007,429 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\srtspx.cat
[2010/01/19 00:05:34 | 00,007,424 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\iron.cat
[2010/01/19 00:05:34 | 00,007,396 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\cchpx86.cat
[2010/01/19 00:05:34 | 00,007,355 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\SymNet.cat
[2010/01/19 00:05:34 | 00,003,373 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\SymEFA.inf
[2010/01/19 00:05:34 | 00,002,793 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\SymDS.inf
[2010/01/19 00:05:34 | 00,001,756 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\ccHPx86.inf
[2010/01/19 00:05:34 | 00,001,474 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\SymNetV.inf
[2010/01/19 00:05:34 | 00,001,446 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\SymNet.inf
[2010/01/19 00:05:34 | 00,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\srtspx.inf
[2010/01/19 00:05:34 | 00,001,383 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\srtsp.inf
[2010/01/19 00:05:34 | 00,000,743 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\Iron.inf
[2010/01/19 00:05:34 | 00,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1101000.013\isolate.ini
[2010/01/18 23:10:41 | 00,000,853 | ---- | C] () -- C:\Users\Anastasia\Desktop\Norton Installation Files.lnk
[2010/01/18 22:21:33 | 00,391,680 | ---- | C] () -- C:\Users\Anastasia\AppData\Roaming\la55qcvsc6kq.exe
[2010/01/18 12:05:04 | 00,391,680 | ---- | C] () -- C:\Windows\System32\la55qcvsc6kq.exe
[2009/12/29 00:29:26 | 00,002,062 | ---- | C] () -- C:\Users\Anastasia\Desktop\Google Chrome.lnk
[2009/12/29 00:28:29 | 00,000,924 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-304538451-2921232432-339800710-1000UA.job
[2009/12/29 00:28:27 | 00,000,872 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-304538451-2921232432-339800710-1000Core.job
[2009/10/18 17:59:51 | 00,000,000 | ---- | C] () -- C:\Users\Anastasia\AppData\Roaming\wklnhst.dat
[2009/02/17 08:24:29 | 00,028,219 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/02/17 08:24:22 | 00,028,219 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/08/23 17:16:51 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/08/21 09:08:40 | 00,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2008/08/21 08:30:05 | 00,006,944 | ---- | C] () -- C:\Users\Anastasia\AppData\Local\d3d9caps.dat
[2008/08/01 08:35:19 | 00,008,192 | ---- | C] () -- C:\Users\Anastasia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/31 21:17:45 | 00,027,715 | ---- | C] () -- C:\Users\Anastasia\AppData\Roaming\nvModes.001
[2008/07/31 21:08:08 | 00,027,715 | ---- | C] () -- C:\Users\Anastasia\AppData\Roaming\nvModes.dat
[2008/07/31 21:01:40 | 00,000,000 | ---- | C] () -- C:\Users\Anastasia\AppData\Local\QSwitch.txt
[2008/07/31 21:01:40 | 00,000,000 | ---- | C] () -- C:\Users\Anastasia\AppData\Local\DSwitch.txt
[2008/07/31 21:01:40 | 00,000,000 | ---- | C] () -- C:\Users\Anastasia\AppData\Local\AtStart.txt
[2008/07/14 21:08:29 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/04/24 21:38:18 | 00,000,372 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/09/05 14:52:04 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 04:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 15:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

Edited by Orange Blossom, 24 January 2010 - 11:18 PM.
Move to HJT forum. ~ OB


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:06 AM

Posted 31 January 2010 - 06:01 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.

    First Location
    Second Location
    Third Location

  • Open on your desktop.
  • Click the tab.
  • Click the button.
  • Check all seven boxes:
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:06 AM

Posted 05 February 2010 - 03:14 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users