Solved Help to remove Virus/Malware causing Redirection, Playing Sounds, Blue Screen Crash

Status
Not open for further replies.

Obi3000

Posts: 37   +0
Hello ,
My laptop running windows 7 and windows security essentials was infected by a virus. My computer started showing the following symptoms:
- Unidentified sounds played from the speakers on a loop. e.g. Music, Porn
- Internet Explorer becoming unstable and freezing
- Google search results and web pages been redirected
- Computer frequently blue screening with error regarding DRIVER_IRQL_NOT_LESS_OR_EQUAL
- Firewall reporting various intrusion attempts.

I bought and installed Noton Antivirus. This detected and reported that Trojan.FakeAV was removed, However I have still getting the above issues.

I have run through the 8 step process and included log files. Below are the logs from Malwarebytes and GMER. Will attached DDS logs in seperate post.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5415

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

29/12/2010 12:53:29
mbam-log-2010-12-29 (12-53-29).txt

Scan type: Quick scan
Objects scanned: 164406
Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-29 13:44:51
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\iaStor0 ST932042 rev.0006
Running: xzjjte4s.exe; Driver: C:\Users\Obinna\AppData\Local\Temp\ugriypog.sys


---- System - GMER 1.0.15 ----

SSDT 8864F108 ZwAlertResumeThread
SSDT 886547C8 ZwAlertThread
SSDT 887276F8 ZwAllocateVirtualMemory
SSDT 8841CE60 ZwAlpcConnectPort
SSDT 88674048 ZwAssignProcessToJobObject
SSDT \??\C:\windows\system32\windrvNT.sys ZwCreateFile [0xA2C2C36A]
SSDT 8872D7B0 ZwCreateMutant
SSDT 88733B60 ZwCreateSymbolicLinkObject
SSDT 88727360 ZwCreateThread
SSDT 88733F30 ZwCreateThreadEx
SSDT 8866A048 ZwDebugActiveProcess
SSDT 88725EF8 ZwDuplicateObject
SSDT 88729908 ZwFreeVirtualMemory
SSDT 88657820 ZwImpersonateAnonymousToken
SSDT 8864F4A8 ZwImpersonateThread
SSDT 884D9840 ZwLoadDriver
SSDT 887295E0 ZwMapViewOfSection
SSDT 886564A8 ZwOpenEvent
SSDT \??\C:\windows\system32\windrvNT.sys ZwOpenFile [0xA2C2CCD8]
SSDT 88643008 ZwOpenProcess
SSDT 88618110 ZwOpenProcessToken
SSDT 88660048 ZwOpenSection
SSDT 88643090 ZwOpenThread
SSDT 88732670 ZwProtectVirtualMemory
SSDT \??\C:\windows\system32\windrvNT.sys ZwQueryDirectoryFile [0xA2C2C842]
SSDT \??\C:\windows\system32\windrvNT.sys ZwQueryInformationProcess [0xA2C291E0]
SSDT 8864D0B0 ZwResumeThread
SSDT 88641BC0 ZwSetContextThread
SSDT \??\C:\windows\system32\windrvNT.sys ZwSetInformationFile [0xA2C2D142]
SSDT 887292A8 ZwSetInformationProcess
SSDT 88661500 ZwSetSystemInformation
SSDT 8865C048 ZwSuspendProcess
SSDT 886475C8 ZwSuspendThread
SSDT 88610CB0 ZwTerminateProcess
SSDT 886415B0 ZwTerminateThread
SSDT 886429E8 ZwUnmapViewOfSection
SSDT 88729B98 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83459599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8347DF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 224 83485734 8 Bytes [08, F1, 64, 88, C8, 47, 65, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 8348574C 4 Bytes [F8, 76, 72, 88]
.text ntkrnlpa.exe!RtlSidHashLookup + 248 83485758 4 Bytes [60, CE, 41, 88]
.text ntkrnlpa.exe!RtlSidHashLookup + 29C 834857AC 4 Bytes [48, 40, 67, 88]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F8 83485808 4 Bytes [6A, C3, C2, A2]
.text ...
? C:\windows\System32\Drivers\SafeBoot.sys The process cannot access the file because it is being used by another process.
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A819C000 68 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 4FD5 A819C045 203 Bytes [8B, C6, F0, 0F, BA, 28, 00, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50A1 A819C111 17 Bytes [87, 01, 6A, 00, 6A, 20, A3, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A819C123 629 Bytes [75, 19, A8, FE, 05, 34, 75, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 A819C399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\windows\system32\svchost.exe[1196] ntdll.dll!NtProtectVirtualMemory 76E95380 5 Bytes JMP 0037000A
.text C:\windows\system32\svchost.exe[1196] ntdll.dll!NtWriteVirtualMemory 76E95F00 5 Bytes JMP 0054000A
.text C:\windows\system32\svchost.exe[1196] ntdll.dll!KiUserExceptionDispatcher 76E96448 5 Bytes JMP 0035000A
.text C:\windows\system32\svchost.exe[1196] ole32.dll!CoCreateInstance 75F5590C 5 Bytes JMP 00D1000A
.text C:\windows\Explorer.EXE[5772] ntdll.dll!NtProtectVirtualMemory 76E95380 5 Bytes JMP 0053000A
.text C:\windows\Explorer.EXE[5772] ntdll.dll!NtWriteVirtualMemory 76E95F00 5 Bytes JMP 005F000A
.text C:\windows\Explorer.EXE[5772] ntdll.dll!KiUserExceptionDispatcher 76E96448 5 Bytes JMP 0024000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74202494] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741E5624] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741E56E2] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [7420250F] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [741F8573] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741F4D27] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [741F50CE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [741F51A3] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [741F66D0] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741F82CA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [741F8819] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [741F907A] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [741FE21D] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741F4C59] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskST9320423AS_____________________________0006HPM1#4&8a7e86f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713cef008
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713cef008@307c30deecd3 0xCF 0xF4 0xDA 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713cef008@002557a72036 0xE8 0xF3 0x81 0xBE ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713cef008 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713cef008@307c30deecd3 0xCF 0xF4 0xDA 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713cef008@002557a72036 0xE8 0xF3 0x81 0xBE ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 625142192 (+255): rootkit-like behavior;

---- Files - GMER 1.0.15 ----

File C:\sccfg.sys 20 bytes

---- EOF - GMER 1.0.15 ----
 
DDS Log

DDS (Ver_10-12-12.02) - NTFSx86
Run by [MyUserID] at 13:48:25.25 on 29/12/2010
Internet Explorer: 9.0.7930.16406
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3058.1372 [GMT 0:00]

AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\STacSV.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\nvvsvc.exe
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\aestsrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Windows Home Server\esClient.exe
C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
c:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
C:\windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
C:\windows\system32\conhost.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
C:\windows\system32\conhost.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k HPService
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\WerFault.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ehome\ehmsas.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\hsplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hp\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\taskeng.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Obinna\Downloads\dds.scr
C:\windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bbc.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: File Sanitizer for HP ProtectTools: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
BHO: HP ProtectTools Security Manager Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\hewlett-packard\hp protecttools security manager\bin\DpOtsPluginIe8.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.8.0.5\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\obinna\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HPPowerAssistant] c:\program files\hewlett-packard\hp power assistant\HPPA_Main.exe /hidden
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [IFXSPMGT] "c:\program files\hewlett-packard\embedded security software\ifxspmgt.exe" /NotifyLogon
mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [JP595IR86O] c:\windows\temp\Gzo.exe
dRun: [NtWqIVLZEWZU] c:\windows\temp\Gzy.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10k_ActiveX.exe -update activex
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 3 (0x3)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: DeviceNP - DeviceNP.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
LSA: Notification Packages = DPPassFilter scecli

================= FIREFOX ===================

FF - ProfilePath - c:\users\obinna\appdata\roaming\mozilla\firefox\profiles\7lfrslg4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\hewlett-packard\hp protecttools security manager\bin\firefoxext\components\dpffcli.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\obinna\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: DigitalPersona Extension: otis@digitalpersona.com - c:\program files\hewlett-packard\hp protecttools security manager\bin\FirefoxExt
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\coFFPlgn
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3

============= SERVICES / DRIVERS ===============

R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2009-11-11 51800]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2009-11-11 13256]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1108000.005\symds.sys [2010-12-16 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1108000.005\symefa.sys [2010-12-16 173104]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys [2010-12-16 501888]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\ipsdefs\20101228.001\IDSvix86.sys [2010-12-28 353912]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2009-10-2 39712]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2009-11-11 40088]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1108000.005\ironx86.sys [2010-12-16 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1108000.005\symtdiv.sys [2010-12-16 339504]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_1fb74af29935fce6\AEstSrv.exe [2010-6-4 81920]
R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2009-10-7 239464]
R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2009-10-7 97128]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\hewlett-packard\hp power assistant\HPPA_Service.exe [2009-12-16 102968]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\2009 password filter for hp protecttools\PTChangeFilterService.exe [2009-11-18 36864]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2009-11-19 102968]
R2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files\hewlett-packard\hp skyroom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2009-11-12 250936]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2009-11-11 277096]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2009-11-4 297984]
R2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\hewlett-packard\hp mediasmart server\MSSConnectorService.exe [2009-10-5 20992]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 26168]
R2 MediaCollectorService;MediaCollectorService;c:\program files\hewlett-packard\hp mediasmart server\MediaCollectorClient.exe [2009-10-5 81920]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.8.0.5\ccsvchst.exe [2010-12-16 126392]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2010-11-13 635416]
R2 rgsender;Remote Graphics Sender Service;c:\program files\hewlett-packard\hp skyroom\remote graphics sender\rgsendersvc.exe [2010-6-4 379904]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-6-4 2320920]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2009-10-7 376680]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-6-4 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-6-4 228408]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-6-4 214696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-16 102448]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-11-13 132480]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-9-9 6758912]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-9-9 68200]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2010-6-4 49152]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-20 135664]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-6-4 48640]
S2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-6-4 47616]
S2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-6-4 38912]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-2-18 1664304]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2009-10-21 32312]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-11-9 362040]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-19 1343400]

=============== Created Last 30 ================

2010-12-29 12:46:56 -------- d-----w- c:\users\obinna\appdata\roaming\Malwarebytes
2010-12-29 12:46:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-29 12:46:47 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-29 12:46:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-29 12:46:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-29 11:50:46 -------- d-----w- c:\users\obinna\appdata\local\Symantec
2010-12-29 11:05:59 388096 ----a-r- c:\users\obinna\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-12-29 11:05:59 -------- d-----w- c:\program files\Trend Micro
2010-12-20 21:23:30 -------- d-----w- c:\users\obinna\appdata\local\CrashDumps
2010-12-20 09:43:23 -------- d-----w- c:\users\obinna\appdata\roaming\Tific
2010-12-17 11:30:29 15256 ----a-w- c:\users\obinna\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
2010-12-17 09:26:07 -------- d-----w- c:\windows\en
2010-12-17 09:23:39 -------- d-----w- c:\program files\MSN Toolbar
2010-12-17 09:23:28 -------- d-----w- c:\program files\Bing Bar Installer
2010-12-17 09:23:25 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-12-17 09:23:25 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-12-17 09:23:25 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-17 09:23:08 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-17 09:22:09 469256 ----a-w- c:\program files\common files\windows live\.cache\e070167e1cb9dcb07\InstallManager_WLE_WLE.exe
2010-12-17 09:22:04 94040 ----a-w- c:\program files\common files\windows live\.cache\ddc170ff1cb9dcb06\DSETUP.dll
2010-12-17 09:22:04 525656 ----a-w- c:\program files\common files\windows live\.cache\ddc170ff1cb9dcb06\DXSETUP.exe
2010-12-17 09:22:04 1691480 ----a-w- c:\program files\common files\windows live\.cache\ddc170ff1cb9dcb06\dsetup32.dll
2010-12-17 09:22:02 94040 ----a-w- c:\program files\common files\windows live\.cache\dd3388d21cb9dcb05\DSETUP.dll
2010-12-17 09:22:02 525656 ----a-w- c:\program files\common files\windows live\.cache\dd3388d21cb9dcb05\DXSETUP.exe
2010-12-17 09:22:02 1691480 ----a-w- c:\program files\common files\windows live\.cache\dd3388d21cb9dcb05\dsetup32.dll
2010-12-17 09:21:48 -------- d-----w- c:\users\obinna\appdata\local\Windows Live
2010-12-16 17:46:55 -------- d-----w- c:\progra~2\Research In Motion
2010-12-16 09:53:31 501888 ----a-w- c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys
2010-12-16 09:53:31 43696 ----a-w- c:\windows\system32\drivers\nis\1108000.005\srtspx.sys
2010-12-16 09:53:31 339504 ----a-w- c:\windows\system32\drivers\nis\1108000.005\symtdiv.sys
2010-12-16 09:53:31 328752 ----a-r- c:\windows\system32\drivers\nis\1108000.005\symds.sys
2010-12-16 09:53:31 325680 ----a-w- c:\windows\system32\drivers\nis\1108000.005\srtsp.sys
2010-12-16 09:53:31 173104 ----a-w- c:\windows\system32\drivers\nis\1108000.005\symefa.sys
2010-12-16 09:53:31 116784 ----a-w- c:\windows\system32\drivers\nis\1108000.005\ironx86.sys
2010-12-16 09:53:10 -------- d-----w- c:\windows\system32\drivers\nis\1108000.005
2010-12-16 09:33:48 44080 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-12-16 01:48:04 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-16 01:48:04 -------- d-----w- c:\program files\Symantec
2010-12-16 01:48:04 -------- d-----w- c:\program files\common files\Symantec Shared
2010-12-16 01:47:48 -------- d-----w- c:\windows\system32\drivers\NIS
2010-12-16 01:47:47 -------- d-----w- c:\program files\Norton Internet Security
2010-12-16 01:47:35 -------- d-----w- c:\program files\NortonInstaller
2010-12-16 01:47:35 -------- d-----w- c:\progra~2\NortonInstaller
2010-12-16 01:40:35 -------- d-----w- c:\progra~2\Norton
2010-12-12 17:46:11 -------- d-----w- c:\program files\Conduit
2010-12-12 17:46:08 -------- d-----w- c:\program files\ConduitEngine
2010-12-12 17:46:06 -------- d-----w- c:\program files\uTorrentBar
2010-12-12 17:46:04 -------- d-----w- C:\extensions
2010-12-03 17:15:25 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-12-03 14:10:13 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-12-03 14:02:58 -------- d-----w- C:\Windows Home Server Drivers for Restore
2010-11-29 14:57:03 -------- d-----w- c:\progra~2\Rosetta Stone
2010-11-29 14:52:11 -------- d-----w- c:\program files\Rosetta Stone
2010-11-29 14:51:57 -------- d-----w- c:\progra~2\RosettaStoneLtdBackup
2010-11-29 14:48:20 -------- d-----w- c:\program files\common files\Macrovision Shared
2010-11-29 14:44:11 -------- d-----w- c:\program files\Elaborate Bytes

==================== Find3M ====================

2010-11-13 09:05:14 368912 ----a-w- c:\windows\system32\VBAR332.DLL
2010-11-13 09:05:14 252176 ----a-w- c:\windows\system32\MSRD2X35.DLL
2010-11-13 09:05:14 24848 ----a-w- c:\windows\system32\MSJTER35.DLL
2010-11-13 09:05:14 123664 ----a-w- c:\windows\system32\MSJINT35.DLL
2010-11-13 09:05:14 1045776 ----a-w- c:\windows\system32\MSJET35.DLL
2010-11-10 22:36:37 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-11-10 22:36:37 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-11-10 22:36:36 214312 ----a-w- c:\windows\system32\SynCtrl.dll
2010-11-10 22:36:36 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST932042 rev.0006 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: >>UNKNOWN [0x83416000]<< >>UNKNOWN [0x83E30000]<< >>UNKNOWN [0x8D103000]<< >>UNKNOWN [0x8D0C8000]<< >>UNKNOWN [0x83826000]<< >>UNKNOWN [0x83C9A000]<< >>UNKNOWN [0x88270555]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x83452458] -> \Device\Harddisk0\DR0[0x8824E030]
\Driver\Disk[0x8824BA18] -> IRP_MJ_CREATE -> 0x83E3439F
3 [0x83E3459E] -> ntkrnlpa!IofCallDriver[0x83452458] -> [0x8824DAC8]
\Driver\hpdskflt[0x882026E0] -> IRP_MJ_CREATE -> 0x8D0C9FB0
5 [0x8D0CA090] -> ntkrnlpa!IofCallDriver[0x83452458] -> [0x8775E958]
\Driver\ACPI[0x8693ED50] -> IRP_MJ_CREATE -> 0x83CA34AA
7 [0x83CA33B2] -> ntkrnlpa!IofCallDriver[0x83452458] -> \IAAStorageDevice-1[0x87782028]
\Driver\iaStor[0x8824D9E0] -> IRP_MJ_CREATE -> 0x88270555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskST9320423AS_____________________________0006HPM1#4&8a7e86f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 625142446 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 13:49:01.00 ===============
 
DDS Attach Log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 15/07/2010 20:35:59
System Uptime: 29/12/2010 13:20:00 (0 hours ago)

Motherboard: Hewlett-Packard | | 172B
Processor: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz | CPU 1 | 2667/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 281 GiB total, 233.533 GiB free.
D: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Photosmart C4380 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer:
Name: Photosmart C4380 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID:
Description: Photosmart C4380 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer:
Name: Photosmart C4380 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:

Class GUID:
Description: Photosmart C4380 series
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer:
Name: Photosmart C4380 series
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000F\8&5CCACCA&0&002557A72036_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000F\8&5CCACCA&0&002557A72036_C00000000
Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4380 series
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: HP
Name: Photosmart C4380 series
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000F\8&5CCACCA&0&307C30DEECD3_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000F\8&5CCACCA&0&307C30DEECD3_C00000000
Service:

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart C4380 series
Device ID: ROOT\IMAGE\0002
Manufacturer: HP
Name: Photosmart C4380 series
PNP Device ID: ROOT\IMAGE\0002
Service: StillCam

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000F\8&5CCACCA&0&002557A72036_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000F\8&5CCACCA&0&002557A72036_C00000000
Service:

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000F\8&5CCACCA&0&307C30DEECD3_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000F\8&5CCACCA&0&307C30DEECD3_C00000000
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

32 Bit HP CIO Components Installer
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
AIO_Scan
Any Video Converter 3.0.7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 6 FREE
µTorrent
Bing Bar
Bing Bar Platform
BlackBerry Desktop Software 6.0.1
Bonjour
BufferChm
C4380
C4380_Help
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Conduit Engine
Copy
CutePDF Writer 2.7
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
Destinations
Device Access Manager for HP ProtectTools
DeviceDiscovery
DocProc
Drive Encryption for HP ProtectTools
Embedded Security for HP ProtectTools
Fax
Feedback Tool
File Sanitizer For HP ProtectTools
Folder Lock
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HiJackThis
HP 3D DriveGuard
HP Business Card Reader
HP Common Access Service Library
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Data Vault 3.0 Update 1
HP ESU for Microsoft Windows 7
HP Imaging Device Functions 13.0
HP Integrated Module with Bluetooth wireless technology
HP Photosmart All-In-One Driver Software 13.0 Rel. 2
HP Photosmart Essential 3.5
HP Power Assistant
HP Power Data
HP Product Detection
HP ProtectTools Security Manager
HP Quick Launch Buttons
HP QuickLook
HP QuickWeb
HP Setup
HP SkyRoom
HP Smart Web Printing 4.51
HP SoftPaq Download Manager
HP Software Setup
HP Solution Center 13.0
HP Support Assistant
HP Update
HP User Guides 0160
HP Wallpaper
HP Web Camera
HP Webcam
HP Webcam Driver
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
IDT Audio
Intel(R) Management Engine Components
Intel(R) Network Connections Drivers
Intel(R) Turbo Boost Technology Driver
Intel® Matrix Storage Manager
iTunes
Junk Mail filter update
LSI HDA Modem
Malwarebytes' Anti-Malware
MarketResearch
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.0
Microsoft IntelliType Pro 8.0
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
Norton Internet Security
NVIDIA Drivers
NVIDIA nView Desktop Manager
OCR Software by I.R.I.S. 13.0
PDF Complete Special Edition
Pre-Boot Security for HP ProtectTools
Privacy Manager for HP ProtectTools
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
QLBCASL
QuickTime
Remote Graphics Receiver
Remote Graphics Sender
RICOH Media Driver
Rosetta Stone Version 3
Scan
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Word 2010 (KB2345000)
Shop for HP Supplies
Skype Toolbars
Skype™ 4.2
SmartWebPrinting
SolutionCenter
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft OneNote 2010 (KB2288640)
Update for Microsoft Outlook Social Connector (KB2289116)
uTorrentBar Toolbar
Validity Fingerprint Driver
VirtualCloneDrive
VLC media player 1.1.4
WebReg
Windows 7 Default Setting
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Home Server Connector
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
WinSCP 4.2.9

==== Event Viewer Messages From Past Week ========

29/12/2010 13:20:30, Error: Service Control Manager [7000] - The rixdpcie service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
29/12/2010 13:20:30, Error: Service Control Manager [7000] - The risdpcie service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
29/12/2010 13:20:30, Error: Service Control Manager [7000] - The rimsptsk service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
29/12/2010 13:20:30, Error: Service Control Manager [7000] - The rimspci service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
29/12/2010 13:20:30, Error: Service Control Manager [7000] - The Ricoh xD-Picture Card Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
29/12/2010 13:20:21, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x7ffd96e8, 0x00000002, 0x00000001, 0x83f56ac7). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122910-18298-01.
29/12/2010 12:55:03, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/12/2010 12:55:03, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
29/12/2010 12:55:03, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/12/2010 12:55:03, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/12/2010 12:55:03, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
29/12/2010 12:53:56, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
29/12/2010 12:38:50, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
29/12/2010 12:29:51, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x001904fb, 0x8d10a7a4, 0x8d10a380, 0x828ae11d). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122910-22011-01.
29/12/2010 12:26:18, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
29/12/2010 12:25:24, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
29/12/2010 12:25:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
29/12/2010 12:25:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
29/12/2010 12:25:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
29/12/2010 12:25:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
29/12/2010 12:25:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
29/12/2010 12:25:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
29/12/2010 12:24:20, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x00000002, 0x00000001, 0x8b84de85). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122910-21668-01.
29/12/2010 12:24:18, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP CSC ctxusbm DfsC discache eeCtrl ElbyCDIO IDSVix86 NetBIOS NetBT nsiproxy Psched rdbss RsvLock spldr SRTSPX SymIM SymIRON SYMTDIv tdx vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf
29/12/2010 12:24:15, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
29/12/2010 12:24:15, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
29/12/2010 12:24:15, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
29/12/2010 12:24:15, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
29/12/2010 12:24:15, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
29/12/2010 12:24:15, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
29/12/2010 12:24:15, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
29/12/2010 12:24:15, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
29/12/2010 12:24:15, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
29/12/2010 12:24:15, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
29/12/2010 12:22:32, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP ctxusbm discache eeCtrl ElbyCDIO IDSVix86 RsvLock spldr SRTSPX SymIRON SYMTDIv vpcvmm Wanarpv6
29/12/2010 12:22:32, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
29/12/2010 12:22:21, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x000000a1, 0x00000002, 0x00000001, 0x83f35ac7). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122910-21309-01.
29/12/2010 12:14:48, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x000002f1, 0x00000002, 0x00000001, 0x83f29ac7). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122910-21216-01.
29/12/2010 12:11:47, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x00000002, 0x00000001, 0x8c45bdb8). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122910-21184-01.
29/12/2010 11:44:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
29/12/2010 11:44:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
29/12/2010 11:43:50, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
29/12/2010 11:43:21, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000003, 0x00000002, 0x00000001, 0x83472861). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122910-26691-01.
29/12/2010 11:36:35, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x00000002, 0x00000001, 0x83f62e85). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122910-29094-01.
29/12/2010 10:41:12, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
29/12/2010 10:41:12, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
29/12/2010 10:41:12, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
29/12/2010 10:40:12, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
29/12/2010 00:17:03, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
29/12/2010 00:15:03, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
29/12/2010 00:15:03, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
29/12/2010 00:15:03, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
29/12/2010 00:15:03, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
29/12/2010 00:15:03, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
29/12/2010 00:15:03, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
29/12/2010 00:15:03, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/12/2010 00:15:03, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
29/12/2010 00:15:03, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
29/12/2010 00:15:03, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
29/12/2010 00:15:03, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
29/12/2010 00:15:03, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
29/12/2010 00:15:03, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
29/12/2010 00:15:03, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
27/12/2010 20:49:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
27/12/2010 09:53:56, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x835042f1, 0x8ed9ba60, 0x8ed9b640). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122710-22869-01.

==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
TDSSKiller Log

Hi Broni :)
Thanks so much for your swift reply. I followed the steps as you instructed and was asked to reboot my computer. See below for the logs.

2010/12/30 10:54:26.0955 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/30 10:54:26.0955 ================================================================================
2010/12/30 10:54:26.0956 SystemInfo:
2010/12/30 10:54:26.0956
2010/12/30 10:54:26.0956 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/30 10:54:26.0956 Product type: Workstation
2010/12/30 10:54:26.0956 ComputerName: HP-NOTEBOOK
2010/12/30 10:54:26.0962 UserName: Obinna
2010/12/30 10:54:26.0962 Windows directory: C:\windows
2010/12/30 10:54:26.0962 System windows directory: C:\windows
2010/12/30 10:54:26.0962 Processor architecture: Intel x86
2010/12/30 10:54:26.0962 Number of processors: 4
2010/12/30 10:54:26.0962 Page size: 0x1000
2010/12/30 10:54:26.0962 Boot type: Normal boot
2010/12/30 10:54:26.0962 ================================================================================
2010/12/30 10:54:27.0473 Initialize success
2010/12/30 10:55:16.0178 ================================================================================
2010/12/30 10:55:16.0178 Scan started
2010/12/30 10:55:16.0178 Mode: Manual;
2010/12/30 10:55:16.0178 ================================================================================
2010/12/30 10:55:16.0468 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2010/12/30 10:55:16.0521 Accelerometer (4df5e6215a102a192b2b6dbb61f2fba5) C:\windows\system32\DRIVERS\Accelerometer.sys
2010/12/30 10:55:16.0564 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2010/12/30 10:55:16.0609 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2010/12/30 10:55:16.0661 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2010/12/30 10:55:16.0708 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2010/12/30 10:55:16.0782 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2010/12/30 10:55:16.0869 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
2010/12/30 10:55:16.0933 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\windows\system32\DRIVERS\AGRSM.sys
2010/12/30 10:55:16.0989 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2010/12/30 10:55:17.0052 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2010/12/30 10:55:17.0108 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2010/12/30 10:55:17.0145 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2010/12/30 10:55:17.0189 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2010/12/30 10:55:17.0230 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2010/12/30 10:55:17.0262 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2010/12/30 10:55:17.0293 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
2010/12/30 10:55:17.0331 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2010/12/30 10:55:17.0354 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
2010/12/30 10:55:17.0382 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2010/12/30 10:55:17.0439 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2010/12/30 10:55:17.0471 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2010/12/30 10:55:17.0529 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2010/12/30 10:55:17.0579 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2010/12/30 10:55:17.0653 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2010/12/30 10:55:17.0721 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2010/12/30 10:55:17.0783 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2010/12/30 10:55:17.0946 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
2010/12/30 10:55:18.0008 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2010/12/30 10:55:18.0066 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
2010/12/30 10:55:18.0094 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2010/12/30 10:55:18.0138 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2010/12/30 10:55:18.0193 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2010/12/30 10:55:18.0221 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2010/12/30 10:55:18.0288 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2010/12/30 10:55:18.0321 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2010/12/30 10:55:18.0375 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys
2010/12/30 10:55:18.0418 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2010/12/30 10:55:18.0445 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
2010/12/30 10:55:18.0501 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys
2010/12/30 10:55:18.0537 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys
2010/12/30 10:55:18.0593 btwaudio (ce5833c144ca6623bcbde93b188aa850) C:\windows\system32\drivers\btwaudio.sys
2010/12/30 10:55:18.0637 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\windows\system32\DRIVERS\btwavdt.sys
2010/12/30 10:55:18.0687 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
2010/12/30 10:55:18.0726 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\windows\system32\DRIVERS\btwrchid.sys
2010/12/30 10:55:18.0809 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys
2010/12/30 10:55:18.0865 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2010/12/30 10:55:18.0972 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2010/12/30 10:55:19.0024 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2010/12/30 10:55:19.0072 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2010/12/30 10:55:19.0123 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2010/12/30 10:55:19.0150 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2010/12/30 10:55:19.0184 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2010/12/30 10:55:19.0235 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2010/12/30 10:55:19.0275 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2010/12/30 10:55:19.0317 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2010/12/30 10:55:19.0378 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\windows\system32\drivers\csc.sys
2010/12/30 10:55:19.0450 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\windows\system32\DRIVERS\ctxusbm.sys
2010/12/30 10:55:19.0496 DAMDrv (a05433f6218dcb8f0dec232de65f8b26) C:\windows\system32\DRIVERS\DAMDrv.sys
2010/12/30 10:55:19.0559 dc3d (91c1736e77cff029302728b431d0eedb) C:\windows\system32\DRIVERS\dc3d.sys
2010/12/30 10:55:19.0609 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
2010/12/30 10:55:19.0639 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2010/12/30 10:55:19.0680 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2010/12/30 10:55:19.0729 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2010/12/30 10:55:19.0778 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\windows\System32\drivers\dxgkrnl.sys
2010/12/30 10:55:19.0836 e1kexpress (034fa3a00fff4f68dd9f6d3793392274) C:\windows\system32\DRIVERS\e1k6232.sys
2010/12/30 10:55:19.0913 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2010/12/30 10:55:20.0032 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/12/30 10:55:20.0127 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\windows\system32\Drivers\ElbyCDIO.sys
2010/12/30 10:55:20.0168 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2010/12/30 10:55:20.0200 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/12/30 10:55:20.0231 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2010/12/30 10:55:20.0290 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2010/12/30 10:55:20.0333 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2010/12/30 10:55:20.0375 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2010/12/30 10:55:20.0415 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2010/12/30 10:55:20.0436 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2010/12/30 10:55:20.0477 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2010/12/30 10:55:20.0516 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2010/12/30 10:55:20.0554 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2010/12/30 10:55:20.0575 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2010/12/30 10:55:20.0615 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
2010/12/30 10:55:20.0651 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2010/12/30 10:55:20.0687 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/30 10:55:20.0745 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2010/12/30 10:55:20.0790 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2010/12/30 10:55:20.0828 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2010/12/30 10:55:20.0870 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys
2010/12/30 10:55:20.0899 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2010/12/30 10:55:20.0928 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2010/12/30 10:55:20.0969 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2010/12/30 10:55:21.0006 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2010/12/30 10:55:21.0071 hpdskflt (e1d82f0c8456abb03b7df5d623ca47d1) C:\windows\system32\DRIVERS\hpdskflt.sys
2010/12/30 10:55:21.0141 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
2010/12/30 10:55:21.0164 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2010/12/30 10:55:21.0215 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2010/12/30 10:55:21.0258 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2010/12/30 10:55:21.0304 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2010/12/30 10:55:21.0338 iaStor (01446278d4563b3013c92830ae6cbb26) C:\windows\system32\DRIVERS\iaStor.sys
2010/12/30 10:55:21.0375 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
2010/12/30 10:55:21.0524 IDSVix86 (33ca0e61eab15d439a1f592ddc020712) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101228.001\IDSvix86.sys
2010/12/30 10:55:21.0703 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
2010/12/30 10:55:21.0844 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2010/12/30 10:55:21.0911 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\windows\system32\DRIVERS\Impcd.sys
2010/12/30 10:55:21.0949 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2010/12/30 10:55:21.0987 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2010/12/30 10:55:22.0031 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2010/12/30 10:55:22.0077 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2010/12/30 10:55:22.0101 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2010/12/30 10:55:22.0168 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2010/12/30 10:55:22.0204 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2010/12/30 10:55:22.0249 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2010/12/30 10:55:22.0295 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2010/12/30 10:55:22.0320 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2010/12/30 10:55:22.0346 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2010/12/30 10:55:22.0384 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2010/12/30 10:55:22.0436 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2010/12/30 10:55:22.0496 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2010/12/30 10:55:22.0519 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2010/12/30 10:55:22.0547 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2010/12/30 10:55:22.0573 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2010/12/30 10:55:22.0621 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2010/12/30 10:55:22.0668 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2010/12/30 10:55:22.0695 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2010/12/30 10:55:22.0740 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2010/12/30 10:55:22.0776 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2010/12/30 10:55:22.0825 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2010/12/30 10:55:22.0855 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2010/12/30 10:55:22.0881 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2010/12/30 10:55:22.0902 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2010/12/30 10:55:22.0925 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2010/12/30 10:55:22.0965 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2010/12/30 10:55:23.0012 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\windows\system32\DRIVERS\mrxsmb.sys
2010/12/30 10:55:23.0063 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\windows\system32\DRIVERS\mrxsmb10.sys
2010/12/30 10:55:23.0107 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\windows\system32\DRIVERS\mrxsmb20.sys
2010/12/30 10:55:23.0145 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2010/12/30 10:55:23.0179 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2010/12/30 10:55:23.0208 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2010/12/30 10:55:23.0227 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2010/12/30 10:55:23.0243 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2010/12/30 10:55:23.0278 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2010/12/30 10:55:23.0321 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2010/12/30 10:55:23.0349 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2010/12/30 10:55:23.0372 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2010/12/30 10:55:23.0414 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2010/12/30 10:55:23.0448 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2010/12/30 10:55:23.0474 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2010/12/30 10:55:23.0501 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2010/12/30 10:55:23.0549 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2010/12/30 10:55:23.0695 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20101229.036\NAVENG.SYS
2010/12/30 10:55:23.0772 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20101229.036\NAVEX15.SYS
2010/12/30 10:55:23.0921 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2010/12/30 10:55:23.0994 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2010/12/30 10:55:24.0045 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2010/12/30 10:55:24.0090 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2010/12/30 10:55:24.0132 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2010/12/30 10:55:24.0168 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2010/12/30 10:55:24.0205 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2010/12/30 10:55:24.0250 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2010/12/30 10:55:24.0453 NETw5s32 (3577b851e59da59e6d65419a057c9914) C:\windows\system32\DRIVERS\NETw5s32.sys
2010/12/30 10:55:24.0632 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2010/12/30 10:55:24.0705 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2010/12/30 10:55:24.0729 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2010/12/30 10:55:24.0778 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
2010/12/30 10:55:24.0838 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2010/12/30 10:55:24.0898 NVHDA (79e97cdae5449a59a4798fc5b006c58f) C:\windows\system32\drivers\nvhda32v.sys
2010/12/30 10:55:25.0112 nvlddmkm (b4c5099e80c873d665b8aaaadf8494c2) C:\windows\system32\DRIVERS\nvlddmkm.sys
2010/12/30 10:55:25.0338 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
2010/12/30 10:55:25.0365 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
2010/12/30 10:55:25.0417 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2010/12/30 10:55:25.0453 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2010/12/30 10:55:25.0556 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2010/12/30 10:55:25.0578 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2010/12/30 10:55:25.0611 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2010/12/30 10:55:25.0641 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2010/12/30 10:55:25.0674 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2010/12/30 10:55:25.0706 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2010/12/30 10:55:25.0731 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2010/12/30 10:55:25.0775 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2010/12/30 10:55:25.0849 PersonalSecureDrive (b6faedf5356a5c0954487f7381c88cc3) C:\windows\System32\drivers\psd.sys
2010/12/30 10:55:25.0966 Point32 (60a044879c4fa76314494f5fddc43b93) C:\windows\system32\DRIVERS\point32.sys
2010/12/30 10:55:26.0019 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2010/12/30 10:55:26.0053 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2010/12/30 10:55:26.0100 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2010/12/30 10:55:26.0150 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2010/12/30 10:55:26.0206 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2010/12/30 10:55:26.0233 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2010/12/30 10:55:26.0260 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2010/12/30 10:55:26.0293 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2010/12/30 10:55:26.0318 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2010/12/30 10:55:26.0352 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2010/12/30 10:55:26.0387 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2010/12/30 10:55:26.0412 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2010/12/30 10:55:26.0450 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2010/12/30 10:55:26.0472 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2010/12/30 10:55:26.0512 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\windows\system32\drivers\rdpdr.sys
2010/12/30 10:55:26.0561 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2010/12/30 10:55:26.0583 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2010/12/30 10:55:26.0611 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2010/12/30 10:55:26.0645 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2010/12/30 10:55:26.0685 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
2010/12/30 10:55:26.0732 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\windows\system32\DRIVERS\rimmptsk.sys
2010/12/30 10:55:26.0764 rimspci (e891f07815af88075705ef6a248711f6) C:\windows\system32\DRIVERS\rimspe86.sys
2010/12/30 10:55:26.0788 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\windows\system32\DRIVERS\rimsptsk.sys
2010/12/30 10:55:26.0834 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\windows\system32\Drivers\RimUsb.sys
2010/12/30 10:55:26.0887 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\windows\system32\DRIVERS\RimSerial.sys
2010/12/30 10:55:26.0918 risdpcie (d853d35f792a3a44726a794bf9a0bbc3) C:\windows\system32\DRIVERS\risdpe86.sys
2010/12/30 10:55:26.0951 rismc32 (470fc46e2989f6606043c1c5365b15fd) C:\windows\system32\DRIVERS\rismc32.sys
2010/12/30 10:55:26.0990 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\windows\system32\DRIVERS\rixdptsk.sys
2010/12/30 10:55:27.0016 rixdpcie (6a60626412129c713cc30c81870a8095) C:\windows\system32\DRIVERS\rixdpe86.sys
2010/12/30 10:55:27.0061 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\windows\system32\Drivers\RootMdm.sys
2010/12/30 10:55:27.0117 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2010/12/30 10:55:27.0165 RsvLock (c44ca55601f0a19a505f10bfefb66cf5) C:\windows\system32\drivers\RsvLock.sys
2010/12/30 10:55:27.0205 s3cap (5423d8437051e89dd34749f242c98648) C:\windows\system32\DRIVERS\vms3cap.sys
2010/12/30 10:55:27.0238 SafeBoot (906c08952889cffe83df15d53da1137c) C:\windows\system32\drivers\SafeBoot.sys
2010/12/30 10:55:27.0238 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 906c08952889cffe83df15d53da1137c
2010/12/30 10:55:27.0242 SafeBoot - detected Locked file (1)
2010/12/30 10:55:27.0276 SbAlg (1ddc99d066d4b704a63287975dec9dd4) C:\windows\system32\drivers\SbAlg.sys
2010/12/30 10:55:27.0305 SbFsLock (120eda2066893d0246357d3551f2c6c1) C:\windows\system32\drivers\SbFsLock.sys
2010/12/30 10:55:27.0348 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2010/12/30 10:55:27.0382 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2010/12/30 10:55:27.0438 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\windows\system32\DRIVERS\sdbus.sys
2010/12/30 10:55:27.0486 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2010/12/30 10:55:27.0538 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2010/12/30 10:55:27.0559 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2010/12/30 10:55:27.0586 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2010/12/30 10:55:27.0617 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2010/12/30 10:55:27.0641 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2010/12/30 10:55:27.0665 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
2010/12/30 10:55:27.0707 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2010/12/30 10:55:27.0758 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2010/12/30 10:55:27.0798 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2010/12/30 10:55:27.0834 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2010/12/30 10:55:27.0882 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2010/12/30 10:55:27.0981 SNP2UVC (4d8a49526aa035b1a8ff3fe6807783f5) C:\windows\system32\DRIVERS\snp2uvc.sys
2010/12/30 10:55:28.0064 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2010/12/30 10:55:28.0154 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS
2010/12/30 10:55:28.0200 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS
2010/12/30 10:55:28.0249 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\windows\system32\DRIVERS\srv.sys
2010/12/30 10:55:28.0304 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\windows\system32\DRIVERS\srv2.sys
2010/12/30 10:55:28.0333 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\windows\system32\DRIVERS\srvnet.sys
2010/12/30 10:55:28.0385 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2010/12/30 10:55:28.0440 STHDA (b205de6202b6a019403cf6395d047ca8) C:\windows\system32\DRIVERS\stwrt.sys
2010/12/30 10:55:28.0481 StillCam (edb05bd63148796f23ea78506404a538) C:\windows\system32\DRIVERS\serscan.sys
2010/12/30 10:55:28.0523 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\windows\system32\DRIVERS\vmstorfl.sys
2010/12/30 10:55:28.0582 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\windows\system32\DRIVERS\storvsc.sys
2010/12/30 10:55:28.0611 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2010/12/30 10:55:28.0702 SymDS (56890bf9d9204b93042089d4b45ae671) C:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS
2010/12/30 10:55:28.0767 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS
2010/12/30 10:55:28.0847 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\windows\system32\Drivers\SYMEVENT.SYS
2010/12/30 10:55:28.0887 SymIM (b5eb73a7f72dafc6da693d1a802a057e) C:\windows\system32\DRIVERS\SymIMv.sys
2010/12/30 10:55:28.0919 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS
2010/12/30 10:55:28.0978 SYMTDIv (bf610335eda8d9026e45b4ac73d0de58) C:\windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS
2010/12/30 10:55:29.0052 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\windows\system32\DRIVERS\SynTP.sys
2010/12/30 10:55:29.0162 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys
2010/12/30 10:55:29.0228 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys
2010/12/30 10:55:29.0275 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2010/12/30 10:55:29.0309 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2010/12/30 10:55:29.0327 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2010/12/30 10:55:29.0379 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2010/12/30 10:55:29.0408 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2010/12/30 10:55:29.0451 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\windows\system32\drivers\tpm.sys
2010/12/30 10:55:29.0502 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2010/12/30 10:55:29.0547 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2010/12/30 10:55:29.0587 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2010/12/30 10:55:29.0623 udfs (2efee45a340e1590e37c2f2bac16d051) C:\windows\system32\DRIVERS\udfs.sys
2010/12/30 10:55:29.0688 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2010/12/30 10:55:29.0732 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2010/12/30 10:55:29.0775 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2010/12/30 10:55:29.0833 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\windows\system32\Drivers\usbaapl.sys
2010/12/30 10:55:29.0862 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2010/12/30 10:55:29.0894 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2010/12/30 10:55:29.0933 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
2010/12/30 10:55:29.0982 usbhub (0db84eda895894ba222e27acf597c806) C:\windows\system32\DRIVERS\usbhub.sys
2010/12/30 10:55:30.0011 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2010/12/30 10:55:30.0041 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2010/12/30 10:55:30.0066 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
2010/12/30 10:55:30.0096 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2010/12/30 10:55:30.0152 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
2010/12/30 10:55:30.0212 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\windows\system32\DRIVERS\VClone.sys
2010/12/30 10:55:30.0255 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2010/12/30 10:55:30.0312 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2010/12/30 10:55:30.0345 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2010/12/30 10:55:30.0392 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2010/12/30 10:55:30.0433 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2010/12/30 10:55:30.0468 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2010/12/30 10:55:30.0505 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2010/12/30 10:55:30.0547 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\windows\system32\DRIVERS\vmbus.sys
2010/12/30 10:55:30.0581 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\windows\system32\DRIVERS\VMBusHID.sys
2010/12/30 10:55:30.0608 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2010/12/30 10:55:30.0661 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2010/12/30 10:55:30.0704 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
2010/12/30 10:55:30.0739 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\windows\system32\DRIVERS\vpchbus.sys
2010/12/30 10:55:30.0771 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\windows\system32\DRIVERS\vpcnfltr.sys
2010/12/30 10:55:30.0800 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\windows\system32\DRIVERS\vpcusb.sys
2010/12/30 10:55:30.0835 vpcvmm (b21e23c100d6d5162b95cf6f05b4e035) C:\windows\system32\drivers\vpcvmm.sys
2010/12/30 10:55:30.0876 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2010/12/30 10:55:30.0904 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2010/12/30 10:55:30.0943 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2010/12/30 10:55:30.0986 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
2010/12/30 10:55:31.0038 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2010/12/30 10:55:31.0076 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2010/12/30 10:55:31.0093 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2010/12/30 10:55:31.0148 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2010/12/30 10:55:31.0178 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2010/12/30 10:55:31.0261 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2010/12/30 10:55:31.0292 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2010/12/30 10:55:31.0359 windrvNT (ce291805cb4cd561a5a569df4e28e41f) C:\windows\system32\windrvNT.sys
2010/12/30 10:55:31.0440 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUSB.sys
2010/12/30 10:55:31.0489 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2010/12/30 10:55:31.0527 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2010/12/30 10:55:31.0559 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2010/12/30 10:55:31.0593 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
2010/12/30 10:55:31.0654 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/30 10:55:31.0657 ================================================================================
2010/12/30 10:55:31.0657 Scan finished
2010/12/30 10:55:31.0657 ================================================================================
2010/12/30 10:55:31.0665 Detected object count: 2
2010/12/30 10:56:38.0699 Locked file(SafeBoot) - User select action: Skip
2010/12/30 10:56:38.0710 \HardDisk0 - will be cured after reboot
2010/12/30 10:56:38.0712 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/30 10:57:11.0088 Deinitialize success
 
Good job :)

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
MBRCheck Log

Hi Broni,
completed steps as instructed. MBRCheck Log below:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP EliteBook 8440p
Logical Drives Mask: 0x0000004c

Kernel Drivers (total 301):
0x83449000 \SystemRoot\system32\ntkrnlpa.exe
0x83412000 \SystemRoot\system32\halmacpi.dll
0x80BC8000 \SystemRoot\system32\kdcom.dll
0x83A19000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83A91000 \SystemRoot\system32\PSHED.dll
0x83AA2000 \SystemRoot\system32\BOOTVID.dll
0x83AAA000 \SystemRoot\system32\CLFS.SYS
0x83AEC000 \SystemRoot\system32\CI.dll
0x8C210000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8C281000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8C28F000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8C2D7000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8C2E0000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8C2E8000 \SystemRoot\system32\DRIVERS\pci.sys
0x8C312000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8C31D000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x8C32C000 \SystemRoot\system32\DRIVERS\mpio.sys
0x8C350000 \SystemRoot\System32\drivers\partmgr.sys
0x8C361000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8C369000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8C374000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8C384000 \SystemRoot\System32\drivers\volmgrx.sys
0x8C3CF000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8C3D6000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8C3E4000 \SystemRoot\system32\DRIVERS\aliide.sys
0x8C3EB000 \SystemRoot\system32\DRIVERS\amdide.sys
0x8C3F2000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x83B97000 \SystemRoot\System32\drivers\mountmgr.sys
0x83BAD000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x83BCD000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x8C430000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C455000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8C45C000 \SystemRoot\system32\DRIVERS\viaide.sys
0x8C464000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x8C618000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8C6F2000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8C6FB000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8C71E000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x8C736000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C77D000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8C787000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x8C53F000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x8C79A000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x8C5A9000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x8C7E6000 \SystemRoot\system32\DRIVERS\djsvs.sys
0x8C5CF000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8C600000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x8C823000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x8C860000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8C869000 \SystemRoot\system32\DRIVERS\arc.sys
0x8C87F000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x8C897000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x8C90A000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x8C91A000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x8C934000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x8C944000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x8C95E000 \SystemRoot\system32\DRIVERS\megasas.sys
0x8C969000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x8C800000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x8C400000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x8CA2E000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x8CC15000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x8CC6A000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x8CC77000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x8CC8D000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x8CCB2000 \SystemRoot\System32\Drivers\SbAlg.sys
0x8CCBD000 \SystemRoot\system32\drivers\fltmgr.sys
0x8CCF1000 \SystemRoot\system32\drivers\NIS\1108000.005\SYMDS.SYS
0x8CD47000 \SystemRoot\system32\drivers\fileinfo.sys
0x8CD58000 \SystemRoot\System32\Drivers\SbFsLock.sys
0x8CD5A000 \SystemRoot\system32\drivers\NIS\1108000.005\SYMEFA.SYS
0x8CE33000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8CF62000 \SystemRoot\System32\Drivers\msrpc.sys
0x8CF8D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8CFA0000 \SystemRoot\System32\Drivers\cng.sys
0x8CE00000 \SystemRoot\System32\drivers\pcw.sys
0x8CE0E000 \SystemRoot\system32\DRIVERS\storvsc.sys
0x8CE19000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8D039000 \SystemRoot\system32\drivers\ndis.sys
0x8D0F0000 \SystemRoot\system32\drivers\NETIO.SYS
0x8D12E000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8D229000 \SystemRoot\System32\drivers\tcpip.sys
0x8D372000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8D3A3000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8D3AC000 \SystemRoot\system32\DRIVERS\wd.sys
0x8D3B4000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8D3F3000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x8D200000 \SystemRoot\System32\Drivers\spldr.sys
0x8D208000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x8D153000 \SystemRoot\System32\Drivers\SafeBoot.sys
0x8D16C000 \SystemRoot\System32\drivers\rdyboost.sys
0x8D199000 \SystemRoot\System32\Drivers\mup.sys
0x8D220000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8D1A9000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x8D1B2000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8D1E4000 \SystemRoot\system32\DRIVERS\disk.sys
0x91724000 \SystemRoot\System32\drivers\psd.sys
0x9172D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x9174C000 \SystemRoot\System32\Drivers\Null.SYS
0x91753000 \SystemRoot\System32\Drivers\Beep.SYS
0x9175A000 \SystemRoot\System32\drivers\vga.sys
0x91766000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91787000 \SystemRoot\System32\drivers\watchdog.sys
0x91794000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9179C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x917A4000 \SystemRoot\system32\drivers\rdprefmp.sys
0x917AC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x917B7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x917C5000 \SystemRoot\system32\DRIVERS\tdx.sys
0x917DC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CD87000 \SystemRoot\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS
0x91600000 \??\C:\windows\system32\Drivers\SYMEVENT.SYS
0x92E13000 \SystemRoot\system32\drivers\afd.sys
0x92E6D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x92E9F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x92EA6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x92EC5000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x92ED6000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x92EE6000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x92EF3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x92F01000 \SystemRoot\system32\DRIVERS\serial.sys
0x92F1B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92F2E000 \SystemRoot\system32\drivers\vpcvmm.sys
0x92F75000 \SystemRoot\system32\DRIVERS\termdd.sys
0x92F85000 \SystemRoot\system32\drivers\NIS\1108000.005\Ironx86.SYS
0x92FA4000 \SystemRoot\system32\drivers\NIS\1108000.005\SRTSPX.SYS
0x92FAE000 \SystemRoot\System32\Drivers\RsvLock.SYS
0x92FB7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92E00000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91625000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x94005000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101228.001\IDSvix86.sys
0x94060000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x94065000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x940C3000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x940E0000 \SystemRoot\System32\drivers\discache.sys
0x940EC000 \SystemRoot\System32\Drivers\dfsc.sys
0x94104000 \SystemRoot\system32\DRIVERS\ctxusbm.sys
0x94118000 \SystemRoot\system32\drivers\csc.sys
0x9417C000 \SystemRoot\system32\drivers\NIS\1108000.005\ccHPx86.sys
0x917E7000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x94A2B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
0x94AD7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x94AF8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x95C3E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x965BC000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x94B0A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x965BE000 \SystemRoot\System32\drivers\dxgmms1.sys
0x95C00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x95C1F000 \SystemRoot\system32\DRIVERS\HECI.sys
0x95C2A000 \SystemRoot\system32\DRIVERS\serenum.sys
0x94BC1000 \SystemRoot\system32\DRIVERS\e1k6232.sys
0x94A00000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8CBAD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9BA14000 \SystemRoot\system32\DRIVERS\NETw5s32.sys
0x9C090000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x9C09A000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x9C0C6000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x9C0DF000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x9C0F0000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x9C11E000 \SystemRoot\system32\drivers\tpm.sys
0x9C12A000 \SystemRoot\system32\DRIVERS\parport.sys
0x9C142000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9C15A000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x9C163000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9C221000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x9C35E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9C360000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9C36D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x9C373000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x9C394000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x9C39F000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x9C3A8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x9C3AC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x9C3B9000 \SystemRoot\system32\DRIVERS\serscan.sys
0x9C3C1000 \SystemRoot\System32\Drivers\RootMdm.sys
0x9C3C9000 \SystemRoot\system32\drivers\modem.sys
0x9C3D6000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x9C3E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9C200000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9C170000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9C192000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9C1AA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9C1C1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9C20B000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x9C212000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x9C1D8000 \SystemRoot\system32\DRIVERS\VClone.sys
0x9C21C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9CA11000 \SystemRoot\system32\DRIVERS\ks.sys
0x9CA45000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9CA53000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x9CA6B000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x9CA78000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x9CAAE000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9CAF2000 \SystemRoot\system32\DRIVERS\rismc32.sys
0x9CAFE000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0x9CB09000 \SystemRoot\System32\DRIVERS\scfilter.sys
0x9CB15000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9CB26000 \SystemRoot\system32\drivers\nvhda32v.sys
0x9CB3A000 \SystemRoot\system32\drivers\portcls.sys
0x9CB69000 \SystemRoot\system32\drivers\drmk.sys
0x9CB82000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x8200C000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x82710000 \SystemRoot\System32\win32k.sys
0x82128000 \SystemRoot\System32\drivers\Dxapi.sys
0x82132000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8213D000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8214F000 \SystemRoot\System32\Drivers\bthport.sys
0x821B3000 \SystemRoot\System32\Drivers\crashdmp.sys
0x82970000 \SystemRoot\System32\TSDDD.dll
0x9162F000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x821C0000 \SystemRoot\System32\Drivers\dump_SbHiber.sys
0x821C1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x821D2000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x82980000 \SystemRoot\System32\ATMFD.DLL
0x821DB000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x9CBEE000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x9C1E3000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x9BA00000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x9061C000 \SystemRoot\system32\DRIVERS\btwavdt.sys
0x9068F000 \SystemRoot\system32\drivers\btwaudio.sys
0x90710000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x9071B000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x9071E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x90731000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90738000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9074F000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x90759000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90764000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x90770000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9077B000 \SystemRoot\system32\DRIVERS\point32.sys
0x90784000 \SystemRoot\system32\drivers\luafv.sys
0x9079F000 \SystemRoot\system32\drivers\WudfPf.sys
0x82600000 \SystemRoot\System32\cdd.dll
0x9923B000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x993E9000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x993F7000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x99200000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x907B9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x99210000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x99220000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x90600000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0xA1A02000 \SystemRoot\system32\drivers\HTTP.sys
0xA1A87000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA1AA0000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA1AB2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA1AD5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA1B10000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA1B2B000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xA1B32000 \SystemRoot\system32\drivers\peauth.sys
0xA1BDA000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8D00D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA1BE4000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA1BF1000 \??\C:\windows\system32\windrvNT.sys
0xA521C000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA526B000 \SystemRoot\System32\DRIVERS\srv.sys
0xA52BC000 \SystemRoot\System32\Drivers\NIS\1108000.005\SRTSP.SYS
0xA6C35000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20101229.036\NAVEX15.SYS
0xA6D80000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20101229.036\NAVENG.SYS
0xA6C08000 \SystemRoot\system32\drivers\mrxdav.sys
0xA6C29000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA6DAC000 \SystemRoot\system32\DRIVERS\umpass.sys
0x77D20000 \Windows\System32\ntdll.dll
0x481D0000 \Windows\System32\smss.exe
0x77F60000 \Windows\System32\apisetschema.dll
0x003E0000 \Windows\System32\autochk.exe
0x77F10000 \Windows\System32\ws2_32.dll
0x77C50000 \Windows\System32\msctf.dll
0x77EC0000 \Windows\System32\gdi32.dll
0x77EB0000 \Windows\System32\psapi.dll
0x77B30000 \Windows\System32\wininet.dll
0x77AB0000 \Windows\System32\comdlg32.dll
0x76E60000 \Windows\System32\shell32.dll
0x76D50000 \Windows\System32\urlmon.dll
0x76CB0000 \Windows\System32\usp10.dll
0x76BE0000 \Windows\System32\user32.dll
0x76B30000 \Windows\System32\msvcrt.dll
0x77E60000 \Windows\System32\Wldap32.dll
0x769D0000 \Windows\System32\ole32.dll
0x769C0000 \Windows\System32\lpk.dll
0x76990000 \Windows\System32\imagehlp.dll
0x76900000 \Windows\System32\oleaut32.dll
0x76870000 \Windows\System32\clbcatq.dll
0x767D0000 \Windows\System32\advapi32.dll
0x76630000 \Windows\System32\setupapi.dll
0x76620000 \Windows\System32\normaliz.dll
0x765C0000 \Windows\System32\difxapi.dll
0x765B0000 \Windows\System32\nsi.dll
0x76590000 \Windows\System32\imm32.dll
0x764E0000 \Windows\System32\rpcrt4.dll
0x76400000 \Windows\System32\kernel32.dll
0x763A0000 \Windows\System32\shlwapi.dll
0x76380000 \Windows\System32\sechost.dll
0x76180000 \Windows\System32\iertutil.dll
0x76060000 \Windows\System32\crypt32.dll
0x76040000 \Windows\System32\devobj.dll
0x76010000 \Windows\System32\xmllite.dll
0x75FE0000 \Windows\System32\cfgmgr32.dll
0x75F50000 \Windows\System32\comctl32.dll
0x75F00000 \Windows\System32\KernelBase.dll
0x75ED0000 \Windows\System32\wintrust.dll
0x75EC0000 \Windows\System32\msasn1.dll

Processes (total 132):
0 System Idle Process
4 System
324 C:\Windows\System32\smss.exe
548 csrss.exe
620 C:\Windows\System32\wininit.exe
628 csrss.exe
668 C:\Windows\System32\services.exe
688 C:\Windows\System32\lsass.exe
696 C:\Windows\System32\lsm.exe
808 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\nvvsvc.exe
912 C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
948 C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
996 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\stacsv.exe
1360 C:\Windows\System32\winlogon.exe
1424 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\hpservice.exe
1632 C:\Windows\System32\svchost.exe
1808 C:\Windows\System32\nvvsvc.exe
1888 C:\Windows\System32\spoolsv.exe
1944 C:\Windows\System32\svchost.exe
1984 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
256 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\AEstSrv.exe
1512 C:\Program Files\LSI SoftModem\agrsmsvc.exe
1620 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1840 C:\Program Files\Bonjour\mDNSResponder.exe
660 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
2200 C:\Program Files\Windows Home Server\esClient.exe
2236 C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
2328 C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
2388 C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
2408 C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
2452 C:\Windows\System32\svchost.exe
2472 C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
2532 C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
2608 C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
2664 C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
2752 C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
2796 C:\Program Files\PDF Complete\pdfsvc.exe
2960 C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
3100 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3136 C:\Windows\System32\svchost.exe
3220 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3304 C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
3384 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3484 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
3548 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3576 C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
3600 C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
3616 C:\Program Files\Windows Home Server\WHSConnector.exe
3092 WmiPrvSE.exe
1752 WmiPrvSE.exe
3236 C:\Windows\System32\svchost.exe
4108 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
4156 C:\Windows\System32\svchost.exe
4208 C:\Windows\System32\svchost.exe
5016 C:\Windows\System32\taskhost.exe
5084 C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
5204 C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
5212 C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
5388 C:\Windows\System32\dwm.exe
5440 C:\Windows\explorer.exe
5688 C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
5728 C:\Windows\System32\conhost.exe
5780 C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
5848 C:\Windows\System32\conhost.exe
5944 C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
5952 C:\Windows\System32\conhost.exe
6056 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
6064 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
6112 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
6132 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4184 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
4704 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
4356 C:\Program Files\IDT\WDM\sttray.exe
4796 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5508 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
5520 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
5316 C:\Program Files\iTunes\iTunesHelper.exe
4980 C:\Program Files\Citrix\ICA Client\concentr.exe
5852 C:\Program Files\Citrix\ICA Client\wfcrun32.exe
1576 C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
1572 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
5972 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
5080 C:\Windows\ehome\ehmsas.exe
5340 C:\Program Files\Microsoft IntelliType Pro\itype.exe
3772 C:\Windows\System32\SearchIndexer.exe
6324 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
6392 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
6464 C:\Program Files\Windows Home Server\WHSTrayApp.exe
6720 C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
6840 C:\Program Files\iPod\bin\iPodService.exe
6880 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
7020 C:\Program Files\Windows Media Player\wmpnetwk.exe
7656 C:\Program Files\Windows Live\Contacts\wlcomm.exe
7768 C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe
7848 C:\Program Files\Hp\Digital Imaging\bin\hpqbam08.exe
7908 C:\Program Files\Hp\Digital Imaging\bin\hpqgpc01.exe
8120 C:\Program Files\Mozilla Firefox\firefox.exe
7616 C:\Program Files\Hp\Digital Imaging\smart web printing\hpswp_clipbook.exe
4380 C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
2148 C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
6240 C:\Program Files\Mozilla Firefox\plugin-container.exe
7408 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1228 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
2660 C:\Windows\System32\svchost.exe
2176 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
4912 C:\Windows\System32\wuauclt.exe
5276 C:\Windows\System32\notepad.exe
3244 C:\Users\Obinna\AppData\Local\Google\Chrome\Application\chrome.exe
7524 C:\Users\Obinna\AppData\Local\Google\Chrome\Application\chrome.exe
5580 C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
5136 C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
9352 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2008 C:\Windows\System32\svchost.exe
4044 C:\Windows\System32\taskeng.exe
9960 C:\Windows\System32\audiodg.exe
8884 C:\Program Files\Internet Explorer\iexplore.exe
8844 C:\Program Files\Internet Explorer\iexplore.exe
3368 C:\Program Files\Internet Explorer\iexplore.exe
8112 C:\Windows\System32\SearchProtocolHost.exe
10060 C:\Windows\System32\SearchFilterHost.exe
9608 dllhost.exe
7316 dllhost.exe
4852 C:\Users\Obinna\Desktop\MBRCheck.exe
7672 C:\Windows\System32\conhost.exe
9132 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`12d00000 (NTFS)

PhysicalDrive0 Model Number: ST9320423AS, Rev: 0006HPM1

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
 
ComboFix Log

ComboFix log below. No issues when running this :)

ComboFix 10-12-29.04 - Obinna 30/12/2010 18:03:00.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3058.1539 [GMT 0:00]
Running from: c:\users\Obinna\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-30 )))))))))))))))))))))))))))))))
.

2010-12-30 18:09 . 2010-12-30 18:11 -------- d-----w- c:\users\Obinna\AppData\Local\temp
2010-12-30 18:09 . 2010-12-30 18:09 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-12-30 18:09 . 2010-12-30 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-30 17:56 . 2010-11-16 12:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F7463E7-7497-49E5-B65E-84E0EB3A39A7}\mpengine.dll
2010-12-29 12:46 . 2010-12-29 12:46 -------- d-----w- c:\users\Obinna\AppData\Roaming\Malwarebytes
2010-12-29 12:46 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-29 12:46 . 2010-12-29 12:46 -------- d-----w- c:\programdata\Malwarebytes
2010-12-29 12:46 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-29 12:46 . 2010-12-29 12:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-29 11:50 . 2010-12-29 11:50 -------- d-----w- c:\users\Obinna\AppData\Local\Symantec
2010-12-29 11:05 . 2010-12-29 11:05 388096 ----a-r- c:\users\Obinna\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-29 11:05 . 2010-12-29 11:05 -------- d-----w- c:\program files\Trend Micro
2010-12-20 21:23 . 2010-12-20 21:23 -------- d-----w- c:\users\Obinna\AppData\Local\CrashDumps
2010-12-20 10:12 . 2010-12-20 21:22 -------- d-----w- c:\program files\Windows Live Safety Center
2010-12-20 09:43 . 2010-12-20 09:43 -------- d-----w- c:\users\Obinna\AppData\Roaming\Tific
2010-12-17 09:26 . 2010-12-17 09:26 -------- d-----w- c:\windows\en
2010-12-17 09:23 . 2010-12-17 09:23 -------- d-----w- c:\program files\MSN Toolbar
2010-12-17 09:23 . 2010-12-17 09:23 -------- d-----w- c:\program files\Bing Bar Installer
2010-12-17 09:23 . 2009-09-04 17:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-12-17 09:23 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-12-17 09:23 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-17 09:23 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-17 09:22 . 2010-12-17 09:22 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\e070167e1cb9dcb07\InstallManager_WLE_WLE.exe
2010-12-17 09:22 . 2010-12-17 09:22 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\ddc170ff1cb9dcb06\DSETUP.dll
2010-12-17 09:22 . 2010-12-17 09:22 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\ddc170ff1cb9dcb06\DXSETUP.exe
2010-12-17 09:22 . 2010-12-17 09:22 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\ddc170ff1cb9dcb06\dsetup32.dll
2010-12-17 09:22 . 2010-12-17 09:22 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\dd3388d21cb9dcb05\DXSETUP.exe
2010-12-17 09:22 . 2010-12-17 09:22 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\dd3388d21cb9dcb05\DSETUP.dll
2010-12-17 09:22 . 2010-12-17 09:22 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\dd3388d21cb9dcb05\dsetup32.dll
2010-12-17 09:21 . 2010-12-30 11:53 -------- d-----w- c:\users\Obinna\AppData\Local\Windows Live
2010-12-16 17:46 . 2010-12-16 17:46 -------- d-----w- c:\programdata\Research In Motion
2010-12-16 09:33 . 2010-05-06 04:01 44080 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-12-16 01:48 . 2010-12-16 01:50 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-12-16 01:48 . 2010-12-16 01:48 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-16 01:48 . 2010-12-16 01:48 -------- d-----w- c:\program files\Symantec
2010-12-16 01:47 . 2010-12-16 17:14 -------- d-----w- c:\windows\system32\drivers\NIS
2010-12-16 01:47 . 2010-12-16 01:47 -------- d-----w- c:\program files\Norton Internet Security
2010-12-16 01:47 . 2010-12-16 01:47 -------- d-----w- c:\program files\NortonInstaller
2010-12-16 01:40 . 2010-12-16 01:48 -------- d-----w- c:\programdata\Norton
2010-12-14 21:33 . 2010-12-14 21:33 -------- d-----w- c:\users\Obinna\AppData\Local\Mozilla
2010-12-12 17:46 . 2010-12-12 17:46 -------- d-----w- c:\program files\Conduit
2010-12-12 17:46 . 2010-12-12 17:46 -------- d-----w- c:\program files\uTorrentBar
2010-12-12 17:46 . 2010-12-12 17:46 -------- d-----w- C:\extensions
2010-12-03 17:15 . 2010-12-03 17:15 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-12-03 14:10 . 2010-12-03 14:10 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-12-03 14:02 . 2010-12-15 01:15 -------- d-----w- C:\Windows Home Server Drivers for Restore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-13 09:37 . 2010-11-13 09:37 132480 ----a-w- c:\windows\system32\drivers\Impcd.sys
2010-11-13 09:05 . 2010-11-13 09:05 368912 ----a-w- c:\windows\system32\VBAR332.DLL
2010-11-13 09:05 . 2010-11-13 09:05 252176 ----a-w- c:\windows\system32\MSRD2X35.DLL
2010-11-13 09:05 . 2010-11-13 09:05 24848 ----a-w- c:\windows\system32\MSJTER35.DLL
2010-11-13 09:05 . 2010-11-13 09:05 123664 ----a-w- c:\windows\system32\MSJINT35.DLL
2010-11-13 09:05 . 2010-11-13 09:05 1045776 ----a-w- c:\windows\system32\MSJET35.DLL
2010-11-10 22:36 . 2010-11-10 22:36 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-11-10 22:36 . 2010-11-10 22:36 1303728 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-11-10 22:36 . 2010-11-10 22:36 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-11-10 22:36 . 2010-11-10 22:36 214312 ----a-w- c:\windows\system32\SynCtrl.dll
2010-11-10 22:36 . 2010-11-10 22:36 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-10-19 10:41 . 2010-07-18 16:23 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 15:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-11-29 15:26 3908192 ----a-w- c:\program files\uTorrentBar\tbuTor.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"Google Update"="c:\users\Obinna\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-27 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" [2009-11-19 363064]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-11-18 495708]
"nwiz"="nwiz.exe" [2010-02-17 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-18 13830760]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2009-12-16 1690680]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-10-23 563736]
"IFXSPMGT"="c:\program files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2009-10-02 1107232]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-11-04 11264000]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2010-7-23 604008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-11-09 11:51 75320 ----a-w- c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-27 03:49 136176 ----atw- c:\users\Obinna\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-07-20 21:31 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-20 135664]
R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-10-29 47616]
R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-09-28 38912]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 1664304]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2009-10-21 32312]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-11-09 362040]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-19 1343400]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS [2010-02-04 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys [2010-02-26 501888]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101228.001\IDSvix86.sys [2010-12-01 353912]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2009-10-02 39712]
S1 RsvLock;RsvLock; [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS [2010-05-06 339504]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\aestsrv.exe [2009-03-03 81920]
S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2009-10-07 239464]
S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2009-10-07 97128]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2009-12-16 102968]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-11-19 102968]
S2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2009-11-12 250936]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-11-11 277096]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-11-04 297984]
S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-10-23 635416]
S2 rgsender;Remote Graphics Sender Service;c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2009-11-19 379904]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2009-10-07 376680]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-11-06 214696]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-15 102448]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-11-13 132480]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-09-09 6758912]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-09 68200]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-20 23:37]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-20 23:37]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1094772569-1696026563-3835395496-1000Core.job
- c:\users\Obinna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 03:49]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1094772569-1696026563-3835395496-1000UA.job
- c:\users\Obinna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 03:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Obinna\AppData\Roaming\Mozilla\Firefox\Profiles\7lfrslg4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: DigitalPersona Extension: otis@digitalpersona.com - c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4740)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\STacSV.exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
c:\windows\system32\nvvsvc.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\taskhost.exe
c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\windows\eHome\EhTray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-12-30 18:14:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-30 18:14

Pre-Run: 249,898,729,472 bytes free
Post-Run: 249,762,906,112 bytes free

- - End Of File - - 875717C9C2B2D5659433CE1DBB4ADE49
 
Combofix log looks pretty clean....just some leftovers....

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
Driver::
RsvLock
SbFsLock
SbAlg
SafeBoot


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix with CFScript

Hi,
Followed the steps you mentioned and it didn't go as well this this .. This is what happened.
- I created the CFScript file as instructed, turned off Antivrus and dragged the file over comboFix to open.
- ComboFix started and displayed a message saying a new version of combofix is available.. should it update. I clicked Yes for this.
- Combofix updated successfully and restarted its run. All seemed to be going smoothly so I left this the PC for a while.
- When I got back, the screen was on the windows boot menu with windows unable to boot and asking for a windows CD to be inserted to repair ..
- I don't have this so was unable to get back into windows even when I tried Safe mode.
- Eventually I selected the option "last known good configuration" from the safe mode boot menu and windows started up as per normal.
- ComboFix started and completed its log writing.

I have attached log below. Let me know what you think and if its safe to restart my computer again.. :)

ComboFix 10-12-30.01 - Obinna 30/12/2010 20:51:59.2.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3058.1780 [GMT 0:00]
Running from: c:\users\Obinna\Desktop\ComboFix.exe
Command switches used :: c:\users\Obinna\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RSVLOCK
-------\Legacy_SBALG
-------\Legacy_SBFSLOCK
-------\Service_RsvLock
-------\Service_SafeBoot
-------\Service_SbAlg
-------\Service_SbFsLock


((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-30 )))))))))))))))))))))))))))))))
.

2010-12-30 20:58 . 2010-12-30 20:58 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-12-30 20:58 . 2010-12-30 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-30 18:09 . 2010-12-30 22:17 -------- d-----w- c:\users\Obinna\AppData\Local\temp
2010-12-30 17:56 . 2010-11-16 12:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F7463E7-7497-49E5-B65E-84E0EB3A39A7}\mpengine.dll
2010-12-29 12:46 . 2010-12-29 12:46 -------- d-----w- c:\users\Obinna\AppData\Roaming\Malwarebytes
2010-12-29 12:46 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-29 12:46 . 2010-12-29 12:46 -------- d-----w- c:\programdata\Malwarebytes
2010-12-29 12:46 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-29 12:46 . 2010-12-29 12:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-29 11:50 . 2010-12-29 11:50 -------- d-----w- c:\users\Obinna\AppData\Local\Symantec
2010-12-29 11:05 . 2010-12-29 11:05 388096 ----a-r- c:\users\Obinna\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-29 11:05 . 2010-12-29 11:05 -------- d-----w- c:\program files\Trend Micro
2010-12-20 21:23 . 2010-12-20 21:23 -------- d-----w- c:\users\Obinna\AppData\Local\CrashDumps
2010-12-20 10:12 . 2010-12-20 21:22 -------- d-----w- c:\program files\Windows Live Safety Center
2010-12-20 09:43 . 2010-12-20 09:43 -------- d-----w- c:\users\Obinna\AppData\Roaming\Tific
2010-12-17 09:26 . 2010-12-17 09:26 -------- d-----w- c:\windows\en
2010-12-17 09:23 . 2010-12-17 09:23 -------- d-----w- c:\program files\MSN Toolbar
2010-12-17 09:23 . 2010-12-17 09:23 -------- d-----w- c:\program files\Bing Bar Installer
2010-12-17 09:23 . 2009-09-04 17:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-12-17 09:23 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-12-17 09:23 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-17 09:23 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-17 09:22 . 2010-12-17 09:22 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\e070167e1cb9dcb07\InstallManager_WLE_WLE.exe
2010-12-17 09:22 . 2010-12-17 09:22 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\ddc170ff1cb9dcb06\DSETUP.dll
2010-12-17 09:22 . 2010-12-17 09:22 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\ddc170ff1cb9dcb06\DXSETUP.exe
2010-12-17 09:22 . 2010-12-17 09:22 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\ddc170ff1cb9dcb06\dsetup32.dll
2010-12-17 09:22 . 2010-12-17 09:22 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\dd3388d21cb9dcb05\DXSETUP.exe
2010-12-17 09:22 . 2010-12-17 09:22 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\dd3388d21cb9dcb05\DSETUP.dll
2010-12-17 09:22 . 2010-12-17 09:22 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\dd3388d21cb9dcb05\dsetup32.dll
2010-12-17 09:21 . 2010-12-30 11:53 -------- d-----w- c:\users\Obinna\AppData\Local\Windows Live
2010-12-16 17:46 . 2010-12-16 17:46 -------- d-----w- c:\programdata\Research In Motion
2010-12-16 09:33 . 2010-05-06 04:01 44080 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-12-16 01:48 . 2010-12-16 01:50 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-12-16 01:48 . 2010-12-16 01:48 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-16 01:48 . 2010-12-16 01:48 -------- d-----w- c:\program files\Symantec
2010-12-16 01:47 . 2010-12-16 17:14 -------- d-----w- c:\windows\system32\drivers\NIS
2010-12-16 01:47 . 2010-12-16 01:47 -------- d-----w- c:\program files\Norton Internet Security
2010-12-16 01:47 . 2010-12-16 01:47 -------- d-----w- c:\program files\NortonInstaller
2010-12-16 01:40 . 2010-12-16 01:48 -------- d-----w- c:\programdata\Norton
2010-12-14 21:33 . 2010-12-14 21:33 -------- d-----w- c:\users\Obinna\AppData\Local\Mozilla
2010-12-12 17:46 . 2010-12-12 17:46 -------- d-----w- c:\program files\Conduit
2010-12-12 17:46 . 2010-12-12 17:46 -------- d-----w- c:\program files\uTorrentBar
2010-12-12 17:46 . 2010-12-12 17:46 -------- d-----w- C:\extensions
2010-12-03 17:15 . 2010-12-03 17:15 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-12-03 14:10 . 2010-12-03 14:10 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-12-03 14:02 . 2010-12-15 01:15 -------- d-----w- C:\Windows Home Server Drivers for Restore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-13 09:37 . 2010-11-13 09:37 132480 ----a-w- c:\windows\system32\drivers\Impcd.sys
2010-11-13 09:05 . 2010-11-13 09:05 368912 ----a-w- c:\windows\system32\VBAR332.DLL
2010-11-13 09:05 . 2010-11-13 09:05 252176 ----a-w- c:\windows\system32\MSRD2X35.DLL
2010-11-13 09:05 . 2010-11-13 09:05 24848 ----a-w- c:\windows\system32\MSJTER35.DLL
2010-11-13 09:05 . 2010-11-13 09:05 123664 ----a-w- c:\windows\system32\MSJINT35.DLL
2010-11-13 09:05 . 2010-11-13 09:05 1045776 ----a-w- c:\windows\system32\MSJET35.DLL
2010-11-10 22:36 . 2010-11-10 22:36 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-11-10 22:36 . 2010-11-10 22:36 1303728 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-11-10 22:36 . 2010-11-10 22:36 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-11-10 22:36 . 2010-11-10 22:36 214312 ----a-w- c:\windows\system32\SynCtrl.dll
2010-11-10 22:36 . 2010-11-10 22:36 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-10-19 10:41 . 2010-07-18 16:23 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 15:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-11-29 15:26 3908192 ----a-w- c:\program files\uTorrentBar\tbuTor.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"Google Update"="c:\users\Obinna\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-27 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" [2009-11-19 363064]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-11-18 495708]
"nwiz"="nwiz.exe" [2010-02-17 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-18 13830760]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2009-12-16 1690680]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-10-23 563736]
"IFXSPMGT"="c:\program files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2009-10-02 1107232]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-11-04 11264000]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2010-7-23 604008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-11-09 11:51 75320 ----a-w- c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-27 03:49 136176 ----atw- c:\users\Obinna\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-07-20 21:31 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-20 135664]
R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-10-29 47616]
R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-09-28 38912]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2009-10-21 32312]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-11-09 362040]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys [2010-02-26 501888]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101228.001\IDSvix86.sys [2010-12-01 353912]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2009-10-02 39712]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\aestsrv.exe [2009-03-03 81920]
S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2009-10-07 239464]
S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2009-10-07 97128]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2009-12-16 102968]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-11-19 102968]
S2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2009-11-12 250936]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-11-11 277096]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-11-04 297984]
S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-10-23 635416]
S2 rgsender;Remote Graphics Sender Service;c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2009-11-19 379904]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-11-06 214696]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-15 102448]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-11-13 132480]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-09-09 6758912]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-09 68200]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-20 23:37]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-20 23:37]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1094772569-1696026563-3835395496-1000Core.job
- c:\users\Obinna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 03:49]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1094772569-1696026563-3835395496-1000UA.job
- c:\users\Obinna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 03:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Obinna\AppData\Roaming\Mozilla\Firefox\Profiles\7lfrslg4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: DigitalPersona Extension: otis@digitalpersona.com - c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5680)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\STacSV.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
c:\program files\Windows Home Server\WHSConnector.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
c:\windows\system32\taskhost.exe
c:\windows\eHome\EhTray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-12-30 22:20:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-30 22:20
ComboFix2.txt 2010-12-30 18:14

Pre-Run: 249,848,442,880 bytes free
Post-Run: 249,748,267,008 bytes free

- - End Of File - - C1E945977973201FB5C28BE8D03CCCE2
 
You did fine :)

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Computer looks good . I haven't experienced any of the problems I had before I started this process :)
Not able to get OTL . Getting connection timeouts when i click on the link. Is there an alternative download link ?
Thanks
 
OTL OTL.txt part 1

Great ! Thanks.. Part 1 of OTL.txt log below

OTL logfile created on: 12/30/2010 11:18:01 PM - Run 1
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\Obinna\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.79 Gb Total Space | 232.70 Gb Free Space | 82.87% Space Free | Partition Type: NTFS

Computer Name: HP-NOTEBOOK | User Name: Obinna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/30 23:14:54 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Obinna\Desktop\OTL.exe
PRC - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
PRC - [2009/12/16 13:48:12 | 000,102,968 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
PRC - [2009/11/24 18:57:20 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
PRC - [2009/11/20 21:10:06 | 000,124,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
PRC - [2009/11/20 20:39:16 | 000,081,920 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
PRC - [2009/11/20 20:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
PRC - [2009/11/20 20:38:56 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
PRC - [2009/11/19 22:11:24 | 000,102,968 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
PRC - [2009/11/19 18:01:10 | 003,788,800 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
PRC - [2009/11/19 16:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
PRC - [2009/11/19 16:32:12 | 000,442,368 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
PRC - [2009/11/18 15:17:36 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2009/11/18 12:19:46 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\stacsv.exe
PRC - [2009/11/12 15:32:00 | 000,250,936 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2009/11/11 08:42:40 | 000,277,096 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009/11/04 21:46:40 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 21:46:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/11/04 08:29:18 | 000,297,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/23 11:52:36 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009/10/07 12:49:26 | 000,239,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
PRC - [2009/10/07 12:48:44 | 000,376,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSConnector.exe
PRC - [2009/10/07 12:48:44 | 000,097,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\esClient.exe
PRC - [2009/10/05 09:59:08 | 000,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
PRC - [2009/10/05 09:59:08 | 000,020,992 | ---- | M] (HP) -- C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
PRC - [2009/10/02 21:53:24 | 001,107,232 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
PRC - [2009/10/02 21:47:44 | 000,214,304 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
PRC - [2009/10/02 21:13:10 | 000,988,448 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
PRC - [2009/09/04 19:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/08/25 16:57:52 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/08/03 20:32:22 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 01:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/03/03 10:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\AEstSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/12/30 23:14:54 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Obinna\Desktop\OTL.exe
MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 01:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 01:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 01:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 01:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 01:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 01:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 01:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 01:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 01:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 01:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - File not found [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Sky -- (Hp.Skyroom.Windows.Service)
SRV - [2010/11/29 14:52:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/08/16 06:15:05 | 000,804,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/19 21:34:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2010/02/18 13:26:46 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2009/12/16 13:48:12 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV - [2009/11/24 18:57:20 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV - [2009/11/19 22:11:24 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2009/11/19 16:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe -- (rgsender)
SRV - [2009/11/18 15:17:36 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009/11/18 12:19:46 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\stacsv.exe -- (STacSV)
SRV - [2009/11/12 15:32:00 | 000,250,936 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2009/11/11 08:42:40 | 000,277,096 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2009/11/09 11:52:18 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2009/11/04 21:46:40 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/04 21:46:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/11/04 08:29:18 | 000,297,984 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2009/10/23 11:52:36 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/10/07 12:49:26 | 000,239,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
SRV - [2009/10/07 12:48:44 | 000,376,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)
SRV - [2009/10/07 12:48:44 | 000,097,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\esClient.exe -- (esClient)
SRV - [2009/10/05 09:59:08 | 000,081,920 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe -- (MediaCollectorService)
SRV - [2009/10/05 09:59:08 | 000,020,992 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe -- (HPMSSConnectorSvc)
SRV - [2009/10/02 21:53:24 | 001,107,232 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe -- (IFXSpMgtSrv)
SRV - [2009/10/02 21:47:44 | 000,214,304 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2009/10/02 21:13:10 | 000,988,448 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe -- (IFXTCS)
SRV - [2009/09/04 19:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/08/25 16:57:52 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/08/03 20:32:22 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/07/14 01:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 01:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 01:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 01:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 01:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 01:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 01:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 01:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 01:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 01:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 01:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 01:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 01:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/03/03 10:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Obinna\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/12/29 11:55:59 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20101230.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/29 11:55:59 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20101230.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/12/16 01:48:04 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/12/15 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/12/15 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/12/01 01:03:34 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101228.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/11/23 03:34:08 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/11/13 09:37:11 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/11/10 22:36:37 | 001,303,728 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2010/09/09 21:42:33 | 006,758,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2010/09/09 21:39:52 | 009,956,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/09/09 21:39:52 | 000,068,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/07/07 18:18:56 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/06/04 20:24:31 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\vpchbus.sys -- (vpcbus)
DRV - [2010/06/04 20:24:31 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/06/04 20:24:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/05/06 04:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/05/06 04:01:44 | 000,044,080 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2010/04/29 05:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/22 03:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/22 02:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/22 02:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 00:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/04 01:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/12/17 22:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/12/11 07:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/12/01 17:49:51 | 000,295,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009/11/18 12:19:46 | 000,420,864 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/11/11 08:43:00 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2009/11/11 08:42:52 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Unknown | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2009/11/11 08:42:50 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2009/11/11 08:42:48 | 000,110,520 | ---- | M] () [Kernel | Unknown | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009/11/06 00:35:22 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel(R)
DRV - [2009/10/29 00:55:00 | 000,047,616 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\risdpe86.sys -- (risdpcie)
DRV - [2009/10/26 21:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rimspe86.sys -- (rimspci)
DRV - [2009/10/21 13:37:52 | 000,032,312 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2009/10/02 21:47:10 | 000,039,712 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\windows\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2009/09/28 21:47:00 | 000,038,912 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rixdpe86.sys -- (rixdpcie)
DRV - [2009/09/18 02:04:28 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/09/17 20:54:50 | 000,018,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2009/09/17 20:54:42 | 000,029,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/09/17 20:54:40 | 000,108,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2009/09/17 20:54:36 | 000,086,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2009/09/17 20:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/09/08 17:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/08/09 21:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/08/07 12:17:26 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/08/03 20:32:22 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/20 22:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
DRV - [2009/07/14 01:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 01:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 01:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 01:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 01:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 01:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 01:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 01:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 01:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 01:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 01:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 01:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 01:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 01:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 01:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 01:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 01:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 01:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 01:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 01:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 01:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 01:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 01:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 01:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 01:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 01:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 01:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 01:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 01:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 01:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 01:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 01:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 01:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 01:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 01:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 01:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 01:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 01:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 00:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 00:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 00:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 23:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 23:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 23:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 23:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 23:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 23:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/07/13 23:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 23:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 23:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 23:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 23:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 23:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 23:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 23:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 23:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 22:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 22:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 22:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 22:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 22:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 22:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 22:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 22:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 22:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/08 20:48:38 | 000,025,656 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2009/07/08 20:48:22 | 000,033,848 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV - [2009/06/25 23:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\windows\system32\DRIVERS\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 23:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 23:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rimsptsk.sys -- (rimsptsk)
DRV - [2009/06/10 21:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/04/29 14:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2004/05/10 21:42:38 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\windrvNT.sys -- (windrvNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM/2
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/"
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4189
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/09 22:29:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010/11/13 10:00:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn\ [2010/12/16 09:53:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn\ [2010/12/16 01:48:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/14 21:33:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/18 11:37:27 | 000,000,000 | ---D | M]

[2010/12/14 21:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Obinna\AppData\Roaming\Mozilla\Extensions
[2010/12/14 21:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Obinna\AppData\Roaming\Mozilla\Firefox\Profiles\7lfrslg4.default\extensions
[2010/12/14 21:33:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/13 10:00:16 | 000,000,000 | ---D | M] (DigitalPersona Extension) -- C:\PROGRAM FILES\HEWLETT-PACKARD\HP PROTECTTOOLS SECURITY MANAGER\BIN\FIREFOXEXT
[2010/09/09 22:29:04 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/12/16 01:48:27 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\COFFPLGN
[2010/12/16 09:53:09 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPLGN
[2010/12/03 17:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/03 17:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 17:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/03 17:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
 
OTL OTL.txt part 2

Part 2 of OTL.txt

O1 HOSTS File: ([2010/12/30 22:17:12 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IFXSPMGT] C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)


========== Files/Folders - Created Within 30 Days ==========

[2010/12/30 23:15:29 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Obinna\Desktop\OTL.exe
[2010/12/30 22:17:14 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/12/30 20:50:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2010/12/30 18:09:16 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Local\temp
[2010/12/30 18:02:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2010/12/30 18:02:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2010/12/30 18:02:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2010/12/30 18:02:01 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2010/12/30 18:01:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/30 10:54:12 | 000,000,000 | ---D | C] -- C:\Users\Obinna\Desktop\tdsskiller
[2010/12/30 01:42:44 | 000,000,000 | ---D | C] -- C:\Users\Obinna\Documents\Outlook Files
[2010/12/29 12:46:56 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Roaming\Malwarebytes
[2010/12/29 12:46:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/12/29 12:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/29 12:46:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/12/29 12:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/29 11:50:46 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Local\Symantec
[2010/12/29 11:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/20 21:23:30 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Local\CrashDumps
[2010/12/20 10:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/12/20 09:43:23 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Roaming\Tific
[2010/12/17 09:26:07 | 000,000,000 | ---D | C] -- C:\windows\en
[2010/12/17 09:23:39 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/12/17 09:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/12/17 09:21:48 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Local\Windows Live
[2010/12/16 17:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2010/12/16 09:53:31 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1108000.005\cchpx86.sys
[2010/12/16 09:53:31 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1108000.005\symtdiv.sys
[2010/12/16 09:53:31 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1108000.005\symds.sys
[2010/12/16 09:53:31 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1108000.005\srtsp.sys
[2010/12/16 09:53:31 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1108000.005\symefa.sys
[2010/12/16 09:53:31 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1108000.005\ironx86.sys
[2010/12/16 09:53:31 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1108000.005\srtspx.sys
[2010/12/16 09:53:10 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS\1108000.005
[2010/12/16 09:33:48 | 000,044,080 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SymIMV.sys
[2010/12/16 01:48:04 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2010/12/16 01:48:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/12/16 01:48:04 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/12/16 01:47:48 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS
[2010/12/16 01:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2010/12/16 01:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/12/16 01:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/12/16 01:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/12/14 21:33:20 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Roaming\Mozilla
[2010/12/14 21:33:20 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Local\Mozilla
[2010/12/14 21:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/12/14 21:15:32 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2010/12/12 17:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/12/12 17:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2010/12/12 17:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentBar
[2010/12/12 17:46:04 | 000,000,000 | ---D | C] -- C:\extensions
[2010/12/03 17:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2010/12/03 14:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2010/12/03 14:02:58 | 000,000,000 | ---D | C] -- C:\Windows Home Server Drivers for Restore
[2010/06/04 21:14:18 | 000,256,560 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2010/06/04 21:14:18 | 000,213,040 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2010/12/30 23:18:00 | 000,000,910 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1094772569-1696026563-3835395496-1000UA.job
[2010/12/30 23:14:54 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Obinna\Desktop\OTL.exe
[2010/12/30 22:54:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/30 22:24:15 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/30 22:24:15 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/30 22:17:12 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2010/12/30 22:17:00 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/30 22:16:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/12/30 22:16:04 | 2404,757,504 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/30 20:50:03 | 004,011,777 | R--- | M] () -- C:\Users\Obinna\Desktop\ComboFix.exe
[2010/12/30 18:29:24 | 001,081,416 | ---- | M] () -- C:\windows\System32\drivers\NIS\1108000.005\Cat.DB
[2010/12/30 17:47:37 | 000,080,384 | ---- | M] () -- C:\Users\Obinna\Desktop\MBRCheck.exe
[2010/12/30 01:16:50 | 000,009,286 | ---- | M] () -- C:\Users\Public\Documents\DDS.zip
[2010/12/30 01:12:13 | 000,005,396 | ---- | M] () -- C:\Users\Public\Documents\DDS_Attach.zip
[2010/12/30 00:18:00 | 000,000,858 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1094772569-1696026563-3835395496-1000Core.job
[2010/12/29 14:56:01 | 632,877,875 | ---- | M] () -- C:\windows\MEMORY.DMP
[2010/12/29 12:46:48 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/29 11:05:59 | 000,002,969 | ---- | M] () -- C:\Users\Obinna\Desktop\HiJackThis.lnk
[2010/12/26 19:04:47 | 000,012,159 | ---- | M] () -- C:\Users\Obinna\Desktop\IrwPrintShoppingList.pdf
[2010/12/26 16:26:00 | 000,621,772 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/12/26 16:26:00 | 000,108,912 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/12/19 00:15:24 | 000,002,283 | ---- | M] () -- C:\Users\Obinna\Desktop\Google Chrome.lnk
[2010/12/18 11:37:27 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/12/17 11:45:56 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2010/12/16 17:47:39 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2010/12/16 17:13:35 | 000,002,414 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/12/16 01:48:04 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2010/12/16 01:48:04 | 000,007,443 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2010/12/16 01:48:04 | 000,000,805 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2010/12/16 01:40:35 | 000,001,259 | ---- | M] () -- C:\Users\Obinna\Desktop\Norton Installation Files.lnk
[2010/12/14 21:33:17 | 000,001,913 | ---- | M] () -- C:\Users\Obinna\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/14 21:33:17 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/12/13 11:56:11 | 000,211,299 | ---- | M] () -- C:\Users\Public\Documents\DarfieldRoad_CouncilTaxPayment.pdf
[2010/12/04 23:27:50 | 000,001,996 | -H-- | M] () -- C:\Users\Obinna\Documents\Default.rdp
[2010/12/03 20:40:54 | 000,410,560 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/12/03 14:10:21 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2010/12/03 14:09:03 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf

========== Files Created - No Company Name ==========

[2010/12/30 18:02:07 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2010/12/30 18:02:07 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2010/12/30 18:02:07 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2010/12/30 18:02:07 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2010/12/30 18:02:07 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2010/12/30 17:58:06 | 004,011,777 | R--- | C] () -- C:\Users\Obinna\Desktop\ComboFix.exe
[2010/12/30 17:50:54 | 000,080,384 | ---- | C] () -- C:\Users\Obinna\Desktop\MBRCheck.exe
[2010/12/30 01:16:50 | 000,009,286 | ---- | C] () -- C:\Users\Public\Documents\DDS.zip
[2010/12/30 01:12:13 | 000,005,396 | ---- | C] () -- C:\Users\Public\Documents\DDS_Attach.zip
[2010/12/29 12:46:48 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/29 11:02:08 | 000,002,969 | ---- | C] () -- C:\Users\Obinna\Desktop\HiJackThis.lnk
[2010/12/26 19:04:47 | 000,012,159 | ---- | C] () -- C:\Users\Obinna\Desktop\IrwPrintShoppingList.pdf
[2010/12/26 11:35:02 | 2404,757,504 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/19 00:15:24 | 000,002,283 | ---- | C] () -- C:\Users\Obinna\Desktop\Google Chrome.lnk
[2010/12/19 00:13:15 | 000,000,910 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1094772569-1696026563-3835395496-1000UA.job
[2010/12/19 00:13:15 | 000,000,858 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1094772569-1696026563-3835395496-1000Core.job
[2010/12/17 11:45:56 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2010/12/16 17:12:53 | 001,081,416 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\Cat.DB
[2010/12/16 09:53:31 | 000,007,873 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\symefa.cat
[2010/12/16 09:53:31 | 000,007,787 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\symnetv.cat
[2010/12/16 09:53:31 | 000,007,442 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\srtspx.cat
[2010/12/16 09:53:31 | 000,007,438 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\srtsp.cat
[2010/12/16 09:53:31 | 000,007,438 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\iron.cat
[2010/12/16 09:53:31 | 000,007,425 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\symds.cat
[2010/12/16 09:53:31 | 000,007,396 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\cchpx86.cat
[2010/12/16 09:53:31 | 000,007,368 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\symnet.cat
[2010/12/16 09:53:31 | 000,003,373 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\symefa.inf
[2010/12/16 09:53:31 | 000,002,793 | R--- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\symds.inf
[2010/12/16 09:53:31 | 000,001,754 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\cchpx86.inf
[2010/12/16 09:53:31 | 000,001,473 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\symnetv.inf
[2010/12/16 09:53:31 | 000,001,445 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\symnet.inf
[2010/12/16 09:53:31 | 000,001,388 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\srtspx.inf
[2010/12/16 09:53:31 | 000,001,382 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\srtsp.inf
[2010/12/16 09:53:31 | 000,000,741 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\iron.inf
[2010/12/16 09:53:10 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\isolate.ini
[2010/12/16 01:48:04 | 000,007,443 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2010/12/16 01:48:04 | 000,000,805 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2010/12/16 01:48:02 | 000,002,414 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/12/16 01:40:35 | 000,001,259 | ---- | C] () -- C:\Users\Obinna\Desktop\Norton Installation Files.lnk
[2010/12/14 21:33:17 | 000,001,913 | ---- | C] () -- C:\Users\Obinna\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/14 21:33:17 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/12/14 21:15:31 | 632,877,875 | ---- | C] () -- C:\windows\MEMORY.DMP
[2010/12/13 11:56:10 | 000,211,299 | ---- | C] () -- C:\Users\Public\Documents\DarfieldRoad_CouncilTaxPayment.pdf
[2010/12/03 14:10:21 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2010/12/03 14:09:03 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2010/11/19 21:51:48 | 000,000,600 | ---- | C] () -- C:\Users\Obinna\AppData\Roaming\winscp.rnd
[2010/10/28 22:29:32 | 000,004,608 | ---- | C] () -- C:\Users\Obinna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/17 21:04:43 | 000,000,924 | ---- | C] () -- C:\Users\Obinna\AppData\Roaming\Rim.Desktop.Exception.log
[2010/08/17 20:59:49 | 000,001,948 | ---- | C] () -- C:\Users\Obinna\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/08/03 22:07:23 | 000,011,372 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/07/30 00:47:28 | 000,087,552 | ---- | C] () -- C:\windows\System32\cpwmon2k.dll
[2010/07/21 19:55:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/15 20:18:50 | 000,110,592 | ---- | C] () -- C:\windows\System32\suppdll.dll
[2010/07/15 20:18:50 | 000,035,363 | ---- | C] () -- C:\windows\System32\windrvNT.sys
[2010/07/15 19:41:52 | 000,000,000 | ---- | C] () -- C:\Users\Obinna\AppData\Local\QSwitch.txt
[2010/07/15 19:41:52 | 000,000,000 | ---- | C] () -- C:\Users\Obinna\AppData\Local\DSwitch.txt
[2010/07/15 19:41:52 | 000,000,000 | ---- | C] () -- C:\Users\Obinna\AppData\Local\AtStart.txt
[2010/06/04 21:14:18 | 001,765,168 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2010/06/04 21:14:18 | 000,034,480 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2010/06/04 21:14:18 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010/06/04 20:57:43 | 001,731,176 | ---- | C] () -- C:\windows\System32\nvwdmcpl.dll
[2010/06/04 20:57:43 | 001,612,392 | ---- | C] () -- C:\windows\System32\nView.dll
[2010/06/04 20:57:43 | 001,108,584 | ---- | C] () -- C:\windows\System32\nvwimg.dll
[2010/06/04 20:57:43 | 000,473,704 | ---- | C] () -- C:\windows\System32\nvShell.dll
[2010/06/04 20:04:18 | 000,000,188 | ---- | C] () -- C:\windows\System32\HPWA.ini
[2010/06/04 19:58:49 | 000,000,178 | ---- | C] () -- C:\windows\System32\HPPA.ini
[2010/02/19 08:43:00 | 000,000,256 | ---- | C] () -- C:\windows\System32\vcsAPIShared.dll.hpsign
[2009/11/24 18:57:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPSCEL.dll.hpsign
[2009/11/24 18:57:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApi.dll.hpsign
[2009/11/24 18:57:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPClback.dll.hpsign
[2009/11/24 13:55:38 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApiUI.dll.hpsign
[2009/11/24 13:55:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign
[2009/11/24 13:55:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign
[2009/11/11 08:42:48 | 000,110,520 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2009/11/09 11:52:36 | 000,329,272 | ---- | C] () -- C:\windows\System32\flcdlmsg.dll
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2010/09/21 21:14:45 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\AnvSoft
[2010/09/20 21:32:23 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\Ashampoo
[2010/07/23 22:12:10 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\Blackberry Desktop
[2010/11/13 10:13:48 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\DigitalPersona
[2010/10/28 19:23:50 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\ICAClient
[2010/11/13 10:03:35 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\Infineon
[2010/08/17 21:04:49 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\Research In Motion
[2010/12/20 09:43:23 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\Tific
[2010/12/16 01:41:56 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\uTorrent
[2010/07/20 22:50:17 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\Windows Home Server
[2010/12/30 10:49:09 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/14 01:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/12/30 22:20:13 | 000,024,193 | ---- | M] () -- C:\ComboFix.txt
[2010/12/30 22:16:04 | 2404,757,504 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/07 15:19:10 | 327,118,024 | ---- | M] () -- C:\HP_Printer_software_PS_AIO_02_USW_Full_Win_WW_130_140.exe
[2010/12/30 22:16:12 | 3206,344,704 | -HS- | M] () -- C:\pagefile.sys
[2010/11/13 10:01:08 | 000,002,389 | ---- | M] () -- C:\pdfco.log
[2010/12/30 10:57:11 | 000,077,632 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_30.12.2010_10.54.26_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 04:52:25 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 04:52:25 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 04:52:25 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 04:52:25 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:31:19 | 000,000,065 | -H-- | M] () -- C:\windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/03/15 14:32:10 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2009/07/14 01:15:26 | 000,280,064 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzppw71.dll
[2009/07/14 01:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009/07/14 01:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/23 00:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 04:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/15 20:31:18 | 000,000,221 | -HS- | M] () -- C:\Users\Obinna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/12/30 20:50:03 | 004,011,777 | R--- | M] () -- C:\Users\Obinna\Desktop\ComboFix.exe
[2010/12/30 17:47:37 | 000,080,384 | ---- | M] () -- C:\Users\Obinna\Desktop\MBRCheck.exe
[2010/12/30 23:14:54 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Obinna\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2009/08/10 22:31:00 | 000,013,022 | ---- | M] () -- C:\Windows\snp2uvc.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 21:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/06/04 21:06:48 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/06/04 21:06:48 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/06/04 21:06:48 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/06/04 21:06:48 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/06/04 21:06:48 | 000,786,432 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2010/06/04 21:06:48 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/11/13 10:00:25 | 000,000,402 | -HS- | M] () -- C:\Users\Obinna\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/11/10 23:00:07 | 000,011,372 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:DE406C3E

< End of report >
 
OTL Extras.txt

OTL Extras logfile created on: 12/30/2010 11:18:01 PM - Run 1
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\Obinna\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.79 Gb Total Space | 232.70 Gb Free Space | 82.87% Space Free | Partition Type: NTFS

Computer Name: HP-NOTEBOOK | User Name: Obinna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Obinna\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17DA6412-EC90-42D1-A9A4-661416750025}" = HP SkyRoom
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server Connector
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2A08C71B-CC60-42EA-8DA2-FE5486E3B20B}" = Remote Graphics Sender
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4DC71B23-A996-42D3-8E4B-092BB3CDB71C}" = Embedded Security for HP ProtectTools
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EE201CD-5A61-4749-9EEC-28CE86E9EE90}" = Remote Graphics Receiver
"{518C838E-A21C-40BE-B844-648040C2491D}" = HP Wireless Assistant
"{544FFB43-6682-4E15-AD12-BE0F04CC21E5}" = HP User Guides 0160
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{58215966-9BA6-485D-B8DA-4AE31150B92E}" = HP Common Access Service Library
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67C090D6-109A-47D7-8DED-4160C4D96F32}" = HP 3D DriveGuard
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78365FC6-09CA-4AC3-BC01-70FB46596047}" = Validity Fingerprint Driver
"{7861911B-4270-498A-8F7A-FCF0570F484B}" = HP QuickWeb
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{871732B3-1EE5-4C54-8462-8BFF516880B7}" = HP ESU for Microsoft Windows 7
"{883FDE02-EBF8-4D59-87FB-5FF410A35A6C}" = Remote Graphics Sender
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{964D0D1C-1D28-4802-8EE8-345CC8D2633B}" = HP Data Vault 3.0 Update 1
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{98BCAD50-58AE-4EDD-9BBA-388B221E750B}" = Privacy Manager for HP ProtectTools
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{a1f89c34-f061-447d-ac10-b5f1896a5923}" = C4380_Help
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext
"{BAEE9CD5-A680-43A2-A5FA-6F700C5AD45A}" = HP QuickLook
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{C83002C4-450F-40B1-B7FC-29A04CE69646}" = HP ProtectTools Security Manager
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4CFC5F3-481C-40AA-9944-E7E4E732136C}" = Microsoft IntelliType Pro 8.0
"{D6782B98-BDC0-45F4-A046-9D26C475CBF8}" = Drive Encryption for HP ProtectTools
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB8FCBE8-B9AE-455D-B9FE-55BB06F165CF}" = C4380
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E366F338-BF6E-4165-BDDB-3DCCB3388F9F}" = HP Power Data
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EEB023B5-8EBE-4BEB-90C8-BDA16ABEDBB4}" = HP Power Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{FD8234FF-A70D-4632-B146-F41AB37C0B24}" = HP Business Card Reader
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 3.0.7
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"conduitEngine" = Conduit Engine
"CutePDF Writer Installation" = CutePDF Writer 2.7
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"HPProtectTools" = HP ProtectTools Security Manager
"InstallShield_{17DA6412-EC90-42D1-A9A4-661416750025}" = HP SkyRoom
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PDF Complete" = PDF Complete Special Edition
"PROSet" = Intel(R) Network Connections Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.9

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Folder Lock" = Folder Lock
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/30/2010 10:17:17 AM | Computer Name = HP-Notebook | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\hewlett-packard\hp
skyroom\remote graphics receiver\hprpusb\64-bit\DPInst.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/30/2010 11:18:30 AM | Computer Name = HP-Notebook | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Research
In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/30/2010 11:18:34 AM | Computer Name = HP-Notebook | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Dependent Assembly
Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/30/2010 11:18:38 AM | Computer Name = HP-Notebook | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\hewlett-packard\hp
skyroom\remote graphics receiver\hprpusb\64-bit\DPInst.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/30/2010 11:24:19 AM | Computer Name = HP-Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/30/2010 11:24:19 AM | Computer Name = HP-Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1092

Error - 12/30/2010 11:24:19 AM | Computer Name = HP-Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1092

Error - 12/30/2010 1:43:47 PM | Computer Name = HP-Notebook | Source = MSSConnectorService | ID = 0
Description = The remote name could not be resolved: 'hp-storage' at System.Net.HttpWebRequest.GetResponse()

at MSSConnectorService.MSSLongPoller.Poll()

Error - 12/30/2010 3:05:05 PM | Computer Name = HP-Notebook | Source = MSSConnectorService | ID = 0
Description = The remote name could not be resolved: 'hp-storage' at System.Net.HttpWebRequest.GetResponse()

at MSSConnectorService.MSSLongPoller.Poll()

Error - 12/30/2010 4:43:03 PM | Computer Name = HP-Notebook | Source = MSSConnectorService | ID = 0
Description = The remote name could not be resolved: 'hp-storage' at System.Net.HttpWebRequest.GetResponse()

at MSSConnectorService.MSSLongPoller.Poll()

[ Hewlett-Packard Events ]
Error - 7/23/2010 4:43:42 PM | Computer Name = HP-Notebook | Source = Hewlett-Packard | ID = 0
Description = en-GB Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/23/2010 4:43:43 PM | Computer Name = HP-Notebook | Source = Hewlett-Packard | ID = 0
Description = en-GB Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 8/7/2010 9:28:34 AM | Computer Name = HP-Notebook | Source = Hewlett-Packard | ID = 0
Description =

Error - 8/22/2010 4:37:24 PM | Computer Name = HP-Notebook | Source = Hewlett-Packard | ID = 0
Description = en-GB Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainTuneUpProgress.bgScan_RunWorkerCompleted(Object sender,
RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)

at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 11/10/2010 6:32:04 PM | Computer Name = HP-Notebook | Source = Hewlett-Packard | ID = 0
Description = en-GB Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 11/10/2010 6:32:04 PM | Computer Name = HP-Notebook | Source = Hewlett-Packard | ID = 0
Description = en-GB Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 11/13/2010 5:19:25 AM | Computer Name = HP-Notebook | Source = Hewlett-Packard | ID = 0
Description = en-GB Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

[ HP Power Assistant Events ]
Error - 12/30/2010 6:52:12 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)

Error - 12/30/2010 6:53:12 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)

Error - 12/30/2010 6:54:12 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)

Error - 12/30/2010 6:55:12 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)

Error - 12/30/2010 6:55:42 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/30/2010 6:55:45 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/30/2010 6:56:12 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)

Error - 12/30/2010 6:57:12 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)

Error - 12/30/2010 3:58:59 PM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
Description = System.InvalidOperationException There is an error in the XML document.

at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String
encodingStyle, XmlDeserializationEvents events) at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
xmlReader) at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput& pmcData) at
HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)

Error - 12/30/2010 3:58:59 PM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
Description = System.FormatException The string '2059-58-58T58:58:58' is not a valid
AllXsd value. at System.Xml.Schema.XsdDateTime..ctor(String text, XsdDateTimeFlags
kinds) at System.Xml.XmlConvert.ToDateTime(String s, XmlDateTimeSerializationMode
dateTimeOption) at System.Xml.Serialization.XmlCustomFormatter.ToDateTime(String
value) at System.Xml.Serialization.XmlSerializationReader.ToDateTime(String value)

at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read96_GetPMCDataOutputOutputData(Boolean
isNullable, Boolean checkType) at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read97_GetPMCDataOutputOutput(Boolean
isNullable, Boolean checkType) at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read98_GetPMCDataOutput(Boolean
isNullable, Boolean checkType) at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read227_GetPMCDataOutput()

[ HP Wireless Assistant Events ]
Error - 12/18/2010 5:00:17 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/18/2010 5:00:32 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/18/2010 5:00:33 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/18/2010 5:00:38 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/18/2010 5:00:55 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/18/2010 5:00:58 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/18/2010 5:01:05 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/18/2010 5:01:07 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/18/2010 5:01:08 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/18/2010 5:01:19 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

[ System Events ]
Error - 12/30/2010 4:48:58 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/30/2010 4:50:26 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/30/2010 4:51:23 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 12/30/2010 6:16:28 PM | Computer Name = HP-Notebook | Source = EventLog | ID = 6008
Description = The previous system shutdown at 20:58:30 on ?30/?12/?2010 was unexpected.

Error - 12/30/2010 6:16:30 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7000
Description = The rimspci service failed to start due to the following error: %%1058

Error - 12/30/2010 6:16:30 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7000
Description = The rimsptsk service failed to start due to the following error: %%1058

Error - 12/30/2010 6:16:30 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7000
Description = The risdpcie service failed to start due to the following error: %%1058

Error - 12/30/2010 6:16:30 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7000
Description = The Ricoh xD-Picture Card Driver service failed to start due to the
following error: %%1058

Error - 12/30/2010 6:16:30 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7000
Description = The rixdpcie service failed to start due to the following error: %%1058

Error - 12/30/2010 7:15:05 PM | Computer Name = HP-Notebook | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.


< End of report >
 
You didn't say...
How is computer doing?

=======================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:DE406C3E
    
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Hi Broni,
Unfortunately I am still having problems getting my computer to start after. Last Known Good configuration no longer works. I have tried using the windows 7 start up repair disc but this comes back with the message "Startup repair cannot repair this computer automatically"
I think my only option now is to do a system restore from a backup I made prior to starting the virus removal process. Should I go ahead with this ? If this works, what should be the next steps.
Thanks for your help
 
Hi Broni,
When I boot up the PC. It loads the "Windows Error Recovery" screen. The message is
Windows failed to start. A recent hardware or software change might be the cause. If windows files have been damaged or configured incorrectly, startup repair can help diagnose and fix the problem. If power was interrupted during startup, choose Start windows normally

I am presented with 2 options . 1) Launch Startup Repair and 2)Start Windows Normally

When I select 1) A screen titled "Windows Boot Manager" is displayed with the following :
Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:
1 Insert Your windows installation disc and restart your computer
2 choose your languge settings and then click Next
3 Click " repair your computer

status : 0xc000000e
Info : The boot selection failed because a required device is inaccessible

When I follow these steps by booting a windows repair CD, Windows attempts to perform a Startup repair but this fails with the message " Startup repair cannot repair your computer automatically"
problem details states:
Problem Event Name: StartupRepairOffline
problem signature 01: 6.1.7600.16385
problem signature 02: 6.1.7600.16385
problem signature 03: unknown
problem signature 04: 21200818
problem signature 05: ExternalMedia
problem signature 06: 5
problem signature 07: NoRootCause

If I exit this and choose 2) "start windows normally", the starting windows screen is displayed then there is a blue screen flash (too quick to make out the message) and I am returned back to the windows error recovery screen.
 
I can see a lot of people on Google with very same problem.

At what exact point of our cleaning process did it happen?
 
Hi
The problem started immediately after the 2nd Combofix run with CFScript (see my response in thread #10) . Combfix run completed and computer rebooted with the startup error.
I have been scanning google and trying various solutions but so far no luck.. System restore to previous backup is looking like the next step at the mo..
 
I'm little bit confused...
After Combofix, you're still able to run OTL scan, so....
 
Yep. I got the start-up problem after the second combofix run. I was then able to get passed it by using last known good configuration... I then ran OTL as instructed.. But when I shut down my PC for the night and came back the next day , I got the same startup issues only this time it wouldn't let me boot when I select Last known good configuration..
Hope that clears it up..
 
Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
See, if it'll boot.
 
Status
Not open for further replies.
Back