TechSpot

Help to remove Virus/Malware causing Redirection, Playing Sounds, Blue Screen Crash

By Obi3000
Dec 29, 2010
  1. Hello ,
    My laptop running windows 7 and windows security essentials was infected by a virus. My computer started showing the following symptoms:
    - Unidentified sounds played from the speakers on a loop. e.g. Music, Porn
    - Internet Explorer becoming unstable and freezing
    - Google search results and web pages been redirected
    - Computer frequently blue screening with error regarding DRIVER_IRQL_NOT_LESS_OR_EQUAL
    - Firewall reporting various intrusion attempts.

    I bought and installed Noton Antivirus. This detected and reported that Trojan.FakeAV was removed, However I have still getting the above issues.

    I have run through the 8 step process and included log files. Below are the logs from Malwarebytes and GMER. Will attached DDS logs in seperate post.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5415

    Windows 6.1.7600
    Internet Explorer 9.0.7930.16406

    29/12/2010 12:53:29
    mbam-log-2010-12-29 (12-53-29).txt

    Scan type: Quick scan
    Objects scanned: 164406
    Time elapsed: 4 minute(s), 20 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-29 13:44:51
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\iaStor0 ST932042 rev.0006
    Running: xzjjte4s.exe; Driver: C:\Users\Obinna\AppData\Local\Temp\ugriypog.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8864F108 ZwAlertResumeThread
    SSDT 886547C8 ZwAlertThread
    SSDT 887276F8 ZwAllocateVirtualMemory
    SSDT 8841CE60 ZwAlpcConnectPort
    SSDT 88674048 ZwAssignProcessToJobObject
    SSDT \??\C:\windows\system32\windrvNT.sys ZwCreateFile [0xA2C2C36A]
    SSDT 8872D7B0 ZwCreateMutant
    SSDT 88733B60 ZwCreateSymbolicLinkObject
    SSDT 88727360 ZwCreateThread
    SSDT 88733F30 ZwCreateThreadEx
    SSDT 8866A048 ZwDebugActiveProcess
    SSDT 88725EF8 ZwDuplicateObject
    SSDT 88729908 ZwFreeVirtualMemory
    SSDT 88657820 ZwImpersonateAnonymousToken
    SSDT 8864F4A8 ZwImpersonateThread
    SSDT 884D9840 ZwLoadDriver
    SSDT 887295E0 ZwMapViewOfSection
    SSDT 886564A8 ZwOpenEvent
    SSDT \??\C:\windows\system32\windrvNT.sys ZwOpenFile [0xA2C2CCD8]
    SSDT 88643008 ZwOpenProcess
    SSDT 88618110 ZwOpenProcessToken
    SSDT 88660048 ZwOpenSection
    SSDT 88643090 ZwOpenThread
    SSDT 88732670 ZwProtectVirtualMemory
    SSDT \??\C:\windows\system32\windrvNT.sys ZwQueryDirectoryFile [0xA2C2C842]
    SSDT \??\C:\windows\system32\windrvNT.sys ZwQueryInformationProcess [0xA2C291E0]
    SSDT 8864D0B0 ZwResumeThread
    SSDT 88641BC0 ZwSetContextThread
    SSDT \??\C:\windows\system32\windrvNT.sys ZwSetInformationFile [0xA2C2D142]
    SSDT 887292A8 ZwSetInformationProcess
    SSDT 88661500 ZwSetSystemInformation
    SSDT 8865C048 ZwSuspendProcess
    SSDT 886475C8 ZwSuspendThread
    SSDT 88610CB0 ZwTerminateProcess
    SSDT 886415B0 ZwTerminateThread
    SSDT 886429E8 ZwUnmapViewOfSection
    SSDT 88729B98 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83459599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8347DF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!RtlSidHashLookup + 224 83485734 8 Bytes [08, F1, 64, 88, C8, 47, 65, ...]
    .text ntkrnlpa.exe!RtlSidHashLookup + 23C 8348574C 4 Bytes [F8, 76, 72, 88]
    .text ntkrnlpa.exe!RtlSidHashLookup + 248 83485758 4 Bytes [60, CE, 41, 88]
    .text ntkrnlpa.exe!RtlSidHashLookup + 29C 834857AC 4 Bytes [48, 40, 67, 88]
    .text ntkrnlpa.exe!RtlSidHashLookup + 2F8 83485808 4 Bytes [6A, C3, C2, A2]
    .text ...
    ? C:\windows\System32\Drivers\SafeBoot.sys The process cannot access the file because it is being used by another process.
    PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A819C000 68 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 4FD5 A819C045 203 Bytes [8B, C6, F0, 0F, BA, 28, 00, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 50A1 A819C111 17 Bytes [87, 01, 6A, 00, 6A, 20, A3, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A819C123 629 Bytes [75, 19, A8, FE, 05, 34, 75, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 5329 A819C399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
    PAGE ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\windows\system32\svchost.exe[1196] ntdll.dll!NtProtectVirtualMemory 76E95380 5 Bytes JMP 0037000A
    .text C:\windows\system32\svchost.exe[1196] ntdll.dll!NtWriteVirtualMemory 76E95F00 5 Bytes JMP 0054000A
    .text C:\windows\system32\svchost.exe[1196] ntdll.dll!KiUserExceptionDispatcher 76E96448 5 Bytes JMP 0035000A
    .text C:\windows\system32\svchost.exe[1196] ole32.dll!CoCreateInstance 75F5590C 5 Bytes JMP 00D1000A
    .text C:\windows\Explorer.EXE[5772] ntdll.dll!NtProtectVirtualMemory 76E95380 5 Bytes JMP 0053000A
    .text C:\windows\Explorer.EXE[5772] ntdll.dll!NtWriteVirtualMemory 76E95F00 5 Bytes JMP 005F000A
    .text C:\windows\Explorer.EXE[5772] ntdll.dll!KiUserExceptionDispatcher 76E96448 5 Bytes JMP 0024000A

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74202494] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741E5624] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741E56E2] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [7420250F] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [741F8573] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741F4D27] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [741F50CE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [741F51A3] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [741F66D0] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741F82CA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [741F8819] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [741F907A] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [741FE21D] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\windows\Explorer.EXE[5772] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741F4C59] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskST9320423AS_____________________________0006HPM1#4&8a7e86f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713cef008
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713cef008@307c30deecd3 0xCF 0xF4 0xDA 0xEB ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713cef008@002557a72036 0xE8 0xF3 0x81 0xBE ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713cef008 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713cef008@307c30deecd3 0xCF 0xF4 0xDA 0xEB ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713cef008@002557a72036 0xE8 0xF3 0x81 0xBE ...

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sectors 625142192 (+255): rootkit-like behavior;

    ---- Files - GMER 1.0.15 ----

    File C:\sccfg.sys 20 bytes

    ---- EOF - GMER 1.0.15 ----
     
  2. Obi3000

    Obi3000 TS Rookie Topic Starter Posts: 37

    DDS Log

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by [MyUserID] at 13:48:25.25 on 29/12/2010
    Internet Explorer: 9.0.7930.16406
    Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3058.1372 [GMT 0:00]

    AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

    ============== Running Processes ===============

    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\nvvsvc.exe
    C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
    C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\STacSV.exe
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\nvvsvc.exe
    C:\windows\system32\Hpservice.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\aestsrv.exe
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\Windows Home Server\esClient.exe
    C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
    C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
    c:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
    C:\windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
    C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
    C:\windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
    C:\Program Files\PDF Complete\pdfsvc.exe
    C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
    C:\windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
    c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
    C:\Program Files\Windows Home Server\WHSConnector.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\wbem\wmiprvse.exe
    c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
    C:\windows\system32\conhost.exe
    c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
    C:\windows\system32\conhost.exe
    c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
    C:\windows\system32\conhost.exe
    C:\windows\system32\svchost.exe -k HPService
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\windows\system32\svchost.exe -k bthsvcs
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\taskhost.exe
    C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
    c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Windows\System32\WerFault.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Citrix\ICA Client\concentr.exe
    C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
    C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
    C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Windows Home Server\WHSTrayApp.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\ehome\ehmsas.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
    C:\windows\System32\svchost.exe -k secsvcs
    C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Norton Internet Security\Engine\17.8.0.5\hsplayer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hp\Digital Imaging\smart web printing\hpswp_clipbook.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\windows\system32\taskeng.exe
    C:\Windows\system32\PrintIsolationHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\Users\Obinna\Downloads\dds.scr
    C:\windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.bbc.co.uk/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: File Sanitizer for HP ProtectTools: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
    BHO: HP ProtectTools Security Manager Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\hewlett-packard\hp protecttools security manager\bin\DpOtsPluginIe8.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.8.0.5\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
    TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Google Update] "c:\users\obinna\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
    mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [HPPowerAssistant] c:\program files\hewlett-packard\hp power assistant\HPPA_Main.exe /hidden
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
    mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
    mRun: [IFXSPMGT] "c:\program files\hewlett-packard\embedded security software\ifxspmgt.exe" /NotifyLogon
    mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe
    mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    dRun: [JP595IR86O] c:\windows\temp\Gzo.exe
    dRun: [NtWqIVLZEWZU] c:\windows\temp\Gzy.exe
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10k_ActiveX.exe -update activex
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: SoftwareSASGeneration = 3 (0x3)
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
    IE: Google Sidewiki...
    IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: DeviceNP - DeviceNP.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
    LSA: Notification Packages = DPPassFilter scecli

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\obinna\appdata\roaming\mozilla\firefox\profiles\7lfrslg4.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\hewlett-packard\hp protecttools security manager\bin\firefoxext\components\dpffcli.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\coffplgn\components\coFFPlgn.dll
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\ipsffplgn\components\IPSFFPl.dll
    FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\obinna\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
    FF - Ext: DigitalPersona Extension: otis@digitalpersona.com - c:\program files\hewlett-packard\hp protecttools security manager\bin\FirefoxExt
    FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\IPSFFPlgn
    FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\coFFPlgn
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3

    ============= SERVICES / DRIVERS ===============

    R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2009-11-11 51800]
    R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2009-11-11 13256]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1108000.005\symds.sys [2010-12-16 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1108000.005\symefa.sys [2010-12-16 173104]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys [2010-12-16 501888]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\ipsdefs\20101228.001\IDSvix86.sys [2010-12-28 353912]
    R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2009-10-2 39712]
    R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2009-11-11 40088]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1108000.005\ironx86.sys [2010-12-16 116784]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1108000.005\symtdiv.sys [2010-12-16 339504]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_1fb74af29935fce6\AEstSrv.exe [2010-6-4 81920]
    R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2009-10-7 239464]
    R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2009-10-7 97128]
    R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\hewlett-packard\hp power assistant\HPPA_Service.exe [2009-12-16 102968]
    R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\2009 password filter for hp protecttools\PTChangeFilterService.exe [2009-11-18 36864]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2009-11-19 102968]
    R2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files\hewlett-packard\hp skyroom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2009-11-12 250936]
    R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2009-11-11 277096]
    R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2009-11-4 297984]
    R2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\hewlett-packard\hp mediasmart server\MSSConnectorService.exe [2009-10-5 20992]
    R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 26168]
    R2 MediaCollectorService;MediaCollectorService;c:\program files\hewlett-packard\hp mediasmart server\MediaCollectorClient.exe [2009-10-5 81920]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.8.0.5\ccsvchst.exe [2010-12-16 126392]
    R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2010-11-13 635416]
    R2 rgsender;Remote Graphics Sender Service;c:\program files\hewlett-packard\hp skyroom\remote graphics sender\rgsendersvc.exe [2010-6-4 379904]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-6-4 2320920]
    R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2009-10-7 376680]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-6-4 29472]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-6-4 228408]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-6-4 214696]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-16 102448]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-11-13 132480]
    R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-9-9 6758912]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-9-9 68200]
    R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2010-6-4 49152]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-20 135664]
    S2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-6-4 48640]
    S2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-6-4 47616]
    S2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-6-4 38912]
    S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-2-18 1664304]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2009-10-21 32312]
    S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-11-9 362040]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-19 1343400]

    =============== Created Last 30 ================

    2010-12-29 12:46:56 -------- d-----w- c:\users\obinna\appdata\roaming\Malwarebytes
    2010-12-29 12:46:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-29 12:46:47 -------- d-----w- c:\progra~2\Malwarebytes
    2010-12-29 12:46:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-29 12:46:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-29 11:50:46 -------- d-----w- c:\users\obinna\appdata\local\Symantec
    2010-12-29 11:05:59 388096 ----a-r- c:\users\obinna\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2010-12-29 11:05:59 -------- d-----w- c:\program files\Trend Micro
    2010-12-20 21:23:30 -------- d-----w- c:\users\obinna\appdata\local\CrashDumps
    2010-12-20 09:43:23 -------- d-----w- c:\users\obinna\appdata\roaming\Tific
    2010-12-17 11:30:29 15256 ----a-w- c:\users\obinna\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
    2010-12-17 09:26:07 -------- d-----w- c:\windows\en
    2010-12-17 09:23:39 -------- d-----w- c:\program files\MSN Toolbar
    2010-12-17 09:23:28 -------- d-----w- c:\program files\Bing Bar Installer
    2010-12-17 09:23:25 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2010-12-17 09:23:25 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2010-12-17 09:23:25 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2010-12-17 09:23:08 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2010-12-17 09:22:09 469256 ----a-w- c:\program files\common files\windows live\.cache\e070167e1cb9dcb07\InstallManager_WLE_WLE.exe
    2010-12-17 09:22:04 94040 ----a-w- c:\program files\common files\windows live\.cache\ddc170ff1cb9dcb06\DSETUP.dll
    2010-12-17 09:22:04 525656 ----a-w- c:\program files\common files\windows live\.cache\ddc170ff1cb9dcb06\DXSETUP.exe
    2010-12-17 09:22:04 1691480 ----a-w- c:\program files\common files\windows live\.cache\ddc170ff1cb9dcb06\dsetup32.dll
    2010-12-17 09:22:02 94040 ----a-w- c:\program files\common files\windows live\.cache\dd3388d21cb9dcb05\DSETUP.dll
    2010-12-17 09:22:02 525656 ----a-w- c:\program files\common files\windows live\.cache\dd3388d21cb9dcb05\DXSETUP.exe
    2010-12-17 09:22:02 1691480 ----a-w- c:\program files\common files\windows live\.cache\dd3388d21cb9dcb05\dsetup32.dll
    2010-12-17 09:21:48 -------- d-----w- c:\users\obinna\appdata\local\Windows Live
    2010-12-16 17:46:55 -------- d-----w- c:\progra~2\Research In Motion
    2010-12-16 09:53:31 501888 ----a-w- c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys
    2010-12-16 09:53:31 43696 ----a-w- c:\windows\system32\drivers\nis\1108000.005\srtspx.sys
    2010-12-16 09:53:31 339504 ----a-w- c:\windows\system32\drivers\nis\1108000.005\symtdiv.sys
    2010-12-16 09:53:31 328752 ----a-r- c:\windows\system32\drivers\nis\1108000.005\symds.sys
    2010-12-16 09:53:31 325680 ----a-w- c:\windows\system32\drivers\nis\1108000.005\srtsp.sys
    2010-12-16 09:53:31 173104 ----a-w- c:\windows\system32\drivers\nis\1108000.005\symefa.sys
    2010-12-16 09:53:31 116784 ----a-w- c:\windows\system32\drivers\nis\1108000.005\ironx86.sys
    2010-12-16 09:53:10 -------- d-----w- c:\windows\system32\drivers\nis\1108000.005
    2010-12-16 09:33:48 44080 ----a-r- c:\windows\system32\drivers\SymIMV.sys
    2010-12-16 01:48:04 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-12-16 01:48:04 -------- d-----w- c:\program files\Symantec
    2010-12-16 01:48:04 -------- d-----w- c:\program files\common files\Symantec Shared
    2010-12-16 01:47:48 -------- d-----w- c:\windows\system32\drivers\NIS
    2010-12-16 01:47:47 -------- d-----w- c:\program files\Norton Internet Security
    2010-12-16 01:47:35 -------- d-----w- c:\program files\NortonInstaller
    2010-12-16 01:47:35 -------- d-----w- c:\progra~2\NortonInstaller
    2010-12-16 01:40:35 -------- d-----w- c:\progra~2\Norton
    2010-12-12 17:46:11 -------- d-----w- c:\program files\Conduit
    2010-12-12 17:46:08 -------- d-----w- c:\program files\ConduitEngine
    2010-12-12 17:46:06 -------- d-----w- c:\program files\uTorrentBar
    2010-12-12 17:46:04 -------- d-----w- C:\extensions
    2010-12-03 17:15:25 -------- d-----w- c:\program files\Microsoft IntelliType Pro
    2010-12-03 14:10:13 -------- d-----w- c:\program files\Microsoft IntelliPoint
    2010-12-03 14:02:58 -------- d-----w- C:\Windows Home Server Drivers for Restore
    2010-11-29 14:57:03 -------- d-----w- c:\progra~2\Rosetta Stone
    2010-11-29 14:52:11 -------- d-----w- c:\program files\Rosetta Stone
    2010-11-29 14:51:57 -------- d-----w- c:\progra~2\RosettaStoneLtdBackup
    2010-11-29 14:48:20 -------- d-----w- c:\program files\common files\Macrovision Shared
    2010-11-29 14:44:11 -------- d-----w- c:\program files\Elaborate Bytes

    ==================== Find3M ====================

    2010-11-13 09:05:14 368912 ----a-w- c:\windows\system32\VBAR332.DLL
    2010-11-13 09:05:14 252176 ----a-w- c:\windows\system32\MSRD2X35.DLL
    2010-11-13 09:05:14 24848 ----a-w- c:\windows\system32\MSJTER35.DLL
    2010-11-13 09:05:14 123664 ----a-w- c:\windows\system32\MSJINT35.DLL
    2010-11-13 09:05:14 1045776 ----a-w- c:\windows\system32\MSJET35.DLL
    2010-11-10 22:36:37 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
    2010-11-10 22:36:37 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
    2010-11-10 22:36:36 214312 ----a-w- c:\windows\system32\SynCtrl.dll
    2010-11-10 22:36:36 173352 ----a-w- c:\windows\system32\SynCOM.dll
    2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7600 Disk: ST932042 rev.0006 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: >>UNKNOWN [0x83416000]<< >>UNKNOWN [0x83E30000]<< >>UNKNOWN [0x8D103000]<< >>UNKNOWN [0x8D0C8000]<< >>UNKNOWN [0x83826000]<< >>UNKNOWN [0x83C9A000]<< >>UNKNOWN [0x88270555]<<
    _asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
    1 ntkrnlpa!IofCallDriver[0x83452458] -> \Device\Harddisk0\DR0[0x8824E030]
    \Driver\Disk[0x8824BA18] -> IRP_MJ_CREATE -> 0x83E3439F
    3 [0x83E3459E] -> ntkrnlpa!IofCallDriver[0x83452458] -> [0x8824DAC8]
    \Driver\hpdskflt[0x882026E0] -> IRP_MJ_CREATE -> 0x8D0C9FB0
    5 [0x8D0CA090] -> ntkrnlpa!IofCallDriver[0x83452458] -> [0x8775E958]
    \Driver\ACPI[0x8693ED50] -> IRP_MJ_CREATE -> 0x83CA34AA
    7 [0x83CA33B2] -> ntkrnlpa!IofCallDriver[0x83452458] -> \IAAStorageDevice-1[0x87782028]
    \Driver\iaStor[0x8824D9E0] -> IRP_MJ_CREATE -> 0x88270555
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskST9320423AS_____________________________0006HPM1#4&8a7e86f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    sectors 625142446 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

    ============= FINISH: 13:49:01.00 ===============
     
  3. Obi3000

    Obi3000 TS Rookie Topic Starter Posts: 37

    DDS Attach Log

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 15/07/2010 20:35:59
    System Uptime: 29/12/2010 13:20:00 (0 hours ago)

    Motherboard: Hewlett-Packard | | 172B
    Processor: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz | CPU 1 | 2667/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 281 GiB total, 233.533 GiB free.
    D: is CDROM ()
    G: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID:
    Description: Photosmart C4380 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer:
    Name: Photosmart C4380 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:

    Class GUID:
    Description: Photosmart C4380 series
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer:
    Name: Photosmart C4380 series
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:

    Class GUID:
    Description: Photosmart C4380 series
    Device ID: ROOT\MULTIFUNCTION\0002
    Manufacturer:
    Name: Photosmart C4380 series
    PNP Device ID: ROOT\MULTIFUNCTION\0002
    Service:

    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000F\8&5CCACCA&0&002557A72036_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000F\8&5CCACCA&0&002557A72036_C00000000
    Service:

    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart C4380 series
    Device ID: ROOT\MULTIFUNCTION\0003
    Manufacturer: HP
    Name: Photosmart C4380 series
    PNP Device ID: ROOT\MULTIFUNCTION\0003
    Service:

    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000F\8&5CCACCA&0&307C30DEECD3_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000F\8&5CCACCA&0&307C30DEECD3_C00000000
    Service:

    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Photosmart C4380 series
    Device ID: ROOT\IMAGE\0002
    Manufacturer: HP
    Name: Photosmart C4380 series
    PNP Device ID: ROOT\IMAGE\0002
    Service: StillCam

    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000F\8&5CCACCA&0&002557A72036_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000F\8&5CCACCA&0&002557A72036_C00000000
    Service:

    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000F\8&5CCACCA&0&307C30DEECD3_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000F\8&5CCACCA&0&307C30DEECD3_C00000000
    Service:

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.1
    AIO_Scan
    Any Video Converter 3.0.7
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ashampoo Burning Studio 6 FREE
    µTorrent
    Bing Bar
    Bing Bar Platform
    BlackBerry Desktop Software 6.0.1
    Bonjour
    BufferChm
    C4380
    C4380_Help
    Citrix online plug-in - web
    Citrix online plug-in (DV)
    Citrix online plug-in (HDX)
    Citrix online plug-in (USB)
    Citrix online plug-in (Web)
    Conduit Engine
    Copy
    CutePDF Writer 2.7
    D3DX10
    Definition update for Microsoft Office 2010 (KB982726)
    Destinations
    Device Access Manager for HP ProtectTools
    DeviceDiscovery
    DocProc
    Drive Encryption for HP ProtectTools
    Embedded Security for HP ProtectTools
    Fax
    Feedback Tool
    File Sanitizer For HP ProtectTools
    Folder Lock
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService2
    HiJackThis
    HP 3D DriveGuard
    HP Business Card Reader
    HP Common Access Service Library
    HP Customer Experience Enhancements
    HP Customer Participation Program 13.0
    HP Data Vault 3.0 Update 1
    HP ESU for Microsoft Windows 7
    HP Imaging Device Functions 13.0
    HP Integrated Module with Bluetooth wireless technology
    HP Photosmart All-In-One Driver Software 13.0 Rel. 2
    HP Photosmart Essential 3.5
    HP Power Assistant
    HP Power Data
    HP Product Detection
    HP ProtectTools Security Manager
    HP Quick Launch Buttons
    HP QuickLook
    HP QuickWeb
    HP Setup
    HP SkyRoom
    HP Smart Web Printing 4.51
    HP SoftPaq Download Manager
    HP Software Setup
    HP Solution Center 13.0
    HP Support Assistant
    HP Update
    HP User Guides 0160
    HP Wallpaper
    HP Web Camera
    HP Webcam
    HP Webcam Driver
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPPhotoGadget
    HPPhotoSmartDiscLabel_PaperLabel
    HPPhotoSmartDiscLabel_PrintOnDisc
    HPPhotoSmartDiscLabelContent1
    hpphotosmartdisclabelplugin
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    IDT Audio
    Intel(R) Management Engine Components
    Intel(R) Network Connections Drivers
    Intel(R) Turbo Boost Technology Driver
    Intel® Matrix Storage Manager
    iTunes
    Junk Mail filter update
    LSI HDA Modem
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 8.0
    Microsoft IntelliType Pro 8.0
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Mozilla Firefox (3.6.13)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Network
    Norton Internet Security
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    OCR Software by I.R.I.S. 13.0
    PDF Complete Special Edition
    Pre-Boot Security for HP ProtectTools
    Privacy Manager for HP ProtectTools
    PS_AIO_02_ProductContext
    PS_AIO_02_Software
    PS_AIO_02_Software_Min
    QLBCASL
    QuickTime
    Remote Graphics Receiver
    Remote Graphics Sender
    RICOH Media Driver
    Rosetta Stone Version 3
    Scan
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Word 2010 (KB2345000)
    Shop for HP Supplies
    Skype Toolbars
    Skype™ 4.2
    SmartWebPrinting
    SolutionCenter
    Status
    Synaptics Pointing Device Driver
    Toolbox
    TrayApp
    UnloadSupport
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft OneNote 2010 (KB2288640)
    Update for Microsoft Outlook Social Connector (KB2289116)
    uTorrentBar Toolbar
    Validity Fingerprint Driver
    VirtualCloneDrive
    VLC media player 1.1.4
    WebReg
    Windows 7 Default Setting
    Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
    Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
    Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    Windows Home Server Connector
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    WinSCP 4.2.9

    ==== Event Viewer Messages From Past Week ========

    29/12/2010 13:20:30, Error: Service Control Manager [7000] - The rixdpcie service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    29/12/2010 13:20:30, Error: Service Control Manager [7000] - The risdpcie service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    29/12/2010 13:20:30, Error: Service Control Manager [7000] - The rimsptsk service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    29/12/2010 13:20:30, Error: Service Control Manager [7000] - The rimspci service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    29/12/2010 13:20:30, Error: Service Control Manager [7000] - The Ricoh xD-Picture Card Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    29/12/2010 13:20:21, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x7ffd96e8, 0x00000002, 0x00000001, 0x83f56ac7). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122910-18298-01.
    29/12/2010 12:55:03, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
    29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/12/2010 12:55:03, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    29/12/2010 12:55:03, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/12/2010 12:55:03, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/12/2010 12:55:03, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    29/12/2010 12:55:03, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    29/12/2010 12:53:56, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
    29/12/2010 12:38:50, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    29/12/2010 12:29:51, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x001904fb, 0x8d10a7a4, 0x8d10a380, 0x828ae11d). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122910-22011-01.
    29/12/2010 12:26:18, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    29/12/2010 12:25:24, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    29/12/2010 12:25:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    29/12/2010 12:25:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    29/12/2010 12:25:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    29/12/2010 12:25:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    29/12/2010 12:25:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    29/12/2010 12:25:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    29/12/2010 12:24:20, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x00000002, 0x00000001, 0x8b84de85). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122910-21668-01.
    29/12/2010 12:24:18, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP CSC ctxusbm DfsC discache eeCtrl ElbyCDIO IDSVix86 NetBIOS NetBT nsiproxy Psched rdbss RsvLock spldr SRTSPX SymIM SymIRON SYMTDIv tdx vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf
    29/12/2010 12:24:15, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    29/12/2010 12:24:15, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    29/12/2010 12:24:15, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    29/12/2010 12:24:15, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    29/12/2010 12:24:15, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    29/12/2010 12:24:15, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    29/12/2010 12:24:15, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    29/12/2010 12:24:15, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    29/12/2010 12:24:15, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    29/12/2010 12:24:15, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    29/12/2010 12:22:32, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP ctxusbm discache eeCtrl ElbyCDIO IDSVix86 RsvLock spldr SRTSPX SymIRON SYMTDIv vpcvmm Wanarpv6
    29/12/2010 12:22:32, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    29/12/2010 12:22:21, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x000000a1, 0x00000002, 0x00000001, 0x83f35ac7). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122910-21309-01.
    29/12/2010 12:14:48, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x000002f1, 0x00000002, 0x00000001, 0x83f29ac7). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122910-21216-01.
    29/12/2010 12:11:47, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x00000002, 0x00000001, 0x8c45bdb8). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122910-21184-01.
    29/12/2010 11:44:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    29/12/2010 11:44:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    29/12/2010 11:43:50, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    29/12/2010 11:43:21, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000003, 0x00000002, 0x00000001, 0x83472861). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122910-26691-01.
    29/12/2010 11:36:35, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000000, 0x00000002, 0x00000001, 0x83f62e85). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122910-29094-01.
    29/12/2010 10:41:12, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    29/12/2010 10:41:12, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
    29/12/2010 10:41:12, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
    29/12/2010 10:40:12, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    29/12/2010 00:17:03, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
    29/12/2010 00:15:03, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
    29/12/2010 00:15:03, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    29/12/2010 00:15:03, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    29/12/2010 00:15:03, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    29/12/2010 00:15:03, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    29/12/2010 00:15:03, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    29/12/2010 00:15:03, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/12/2010 00:15:03, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    29/12/2010 00:15:03, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    29/12/2010 00:15:03, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    29/12/2010 00:15:03, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    29/12/2010 00:15:03, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    29/12/2010 00:15:03, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    29/12/2010 00:15:03, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    27/12/2010 20:49:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
    27/12/2010 09:53:56, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x835042f1, 0x8ed9ba60, 0x8ed9b640). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 122710-22869-01.

    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  5. Obi3000

    Obi3000 TS Rookie Topic Starter Posts: 37

    TDSSKiller Log

    Hi Broni :)
    Thanks so much for your swift reply. I followed the steps as you instructed and was asked to reboot my computer. See below for the logs.

    2010/12/30 10:54:26.0955 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
    2010/12/30 10:54:26.0955 ================================================================================
    2010/12/30 10:54:26.0956 SystemInfo:
    2010/12/30 10:54:26.0956
    2010/12/30 10:54:26.0956 OS Version: 6.1.7600 ServicePack: 0.0
    2010/12/30 10:54:26.0956 Product type: Workstation
    2010/12/30 10:54:26.0956 ComputerName: HP-NOTEBOOK
    2010/12/30 10:54:26.0962 UserName: Obinna
    2010/12/30 10:54:26.0962 Windows directory: C:\windows
    2010/12/30 10:54:26.0962 System windows directory: C:\windows
    2010/12/30 10:54:26.0962 Processor architecture: Intel x86
    2010/12/30 10:54:26.0962 Number of processors: 4
    2010/12/30 10:54:26.0962 Page size: 0x1000
    2010/12/30 10:54:26.0962 Boot type: Normal boot
    2010/12/30 10:54:26.0962 ================================================================================
    2010/12/30 10:54:27.0473 Initialize success
    2010/12/30 10:55:16.0178 ================================================================================
    2010/12/30 10:55:16.0178 Scan started
    2010/12/30 10:55:16.0178 Mode: Manual;
    2010/12/30 10:55:16.0178 ================================================================================
    2010/12/30 10:55:16.0468 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
    2010/12/30 10:55:16.0521 Accelerometer (4df5e6215a102a192b2b6dbb61f2fba5) C:\windows\system32\DRIVERS\Accelerometer.sys
    2010/12/30 10:55:16.0564 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
    2010/12/30 10:55:16.0609 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
    2010/12/30 10:55:16.0661 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
    2010/12/30 10:55:16.0708 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
    2010/12/30 10:55:16.0782 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
    2010/12/30 10:55:16.0869 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
    2010/12/30 10:55:16.0933 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\windows\system32\DRIVERS\AGRSM.sys
    2010/12/30 10:55:16.0989 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
    2010/12/30 10:55:17.0052 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
    2010/12/30 10:55:17.0108 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
    2010/12/30 10:55:17.0145 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
    2010/12/30 10:55:17.0189 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
    2010/12/30 10:55:17.0230 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
    2010/12/30 10:55:17.0262 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
    2010/12/30 10:55:17.0293 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
    2010/12/30 10:55:17.0331 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
    2010/12/30 10:55:17.0354 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
    2010/12/30 10:55:17.0382 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
    2010/12/30 10:55:17.0439 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
    2010/12/30 10:55:17.0471 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
    2010/12/30 10:55:17.0529 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
    2010/12/30 10:55:17.0579 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
    2010/12/30 10:55:17.0653 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
    2010/12/30 10:55:17.0721 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
    2010/12/30 10:55:17.0783 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
    2010/12/30 10:55:17.0946 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
    2010/12/30 10:55:18.0008 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
    2010/12/30 10:55:18.0066 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
    2010/12/30 10:55:18.0094 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
    2010/12/30 10:55:18.0138 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
    2010/12/30 10:55:18.0193 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
    2010/12/30 10:55:18.0221 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
    2010/12/30 10:55:18.0288 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
    2010/12/30 10:55:18.0321 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
    2010/12/30 10:55:18.0375 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys
    2010/12/30 10:55:18.0418 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
    2010/12/30 10:55:18.0445 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
    2010/12/30 10:55:18.0501 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys
    2010/12/30 10:55:18.0537 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys
    2010/12/30 10:55:18.0593 btwaudio (ce5833c144ca6623bcbde93b188aa850) C:\windows\system32\drivers\btwaudio.sys
    2010/12/30 10:55:18.0637 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\windows\system32\DRIVERS\btwavdt.sys
    2010/12/30 10:55:18.0687 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
    2010/12/30 10:55:18.0726 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\windows\system32\DRIVERS\btwrchid.sys
    2010/12/30 10:55:18.0809 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys
    2010/12/30 10:55:18.0865 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
    2010/12/30 10:55:18.0972 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
    2010/12/30 10:55:19.0024 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
    2010/12/30 10:55:19.0072 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
    2010/12/30 10:55:19.0123 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
    2010/12/30 10:55:19.0150 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
    2010/12/30 10:55:19.0184 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
    2010/12/30 10:55:19.0235 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
    2010/12/30 10:55:19.0275 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
    2010/12/30 10:55:19.0317 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
    2010/12/30 10:55:19.0378 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\windows\system32\drivers\csc.sys
    2010/12/30 10:55:19.0450 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\windows\system32\DRIVERS\ctxusbm.sys
    2010/12/30 10:55:19.0496 DAMDrv (a05433f6218dcb8f0dec232de65f8b26) C:\windows\system32\DRIVERS\DAMDrv.sys
    2010/12/30 10:55:19.0559 dc3d (91c1736e77cff029302728b431d0eedb) C:\windows\system32\DRIVERS\dc3d.sys
    2010/12/30 10:55:19.0609 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
    2010/12/30 10:55:19.0639 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
    2010/12/30 10:55:19.0680 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
    2010/12/30 10:55:19.0729 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
    2010/12/30 10:55:19.0778 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\windows\System32\drivers\dxgkrnl.sys
    2010/12/30 10:55:19.0836 e1kexpress (034fa3a00fff4f68dd9f6d3793392274) C:\windows\system32\DRIVERS\e1k6232.sys
    2010/12/30 10:55:19.0913 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
    2010/12/30 10:55:20.0032 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    2010/12/30 10:55:20.0127 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\windows\system32\Drivers\ElbyCDIO.sys
    2010/12/30 10:55:20.0168 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
    2010/12/30 10:55:20.0200 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2010/12/30 10:55:20.0231 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
    2010/12/30 10:55:20.0290 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
    2010/12/30 10:55:20.0333 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
    2010/12/30 10:55:20.0375 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
    2010/12/30 10:55:20.0415 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
    2010/12/30 10:55:20.0436 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
    2010/12/30 10:55:20.0477 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
    2010/12/30 10:55:20.0516 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
    2010/12/30 10:55:20.0554 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
    2010/12/30 10:55:20.0575 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
    2010/12/30 10:55:20.0615 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
    2010/12/30 10:55:20.0651 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
    2010/12/30 10:55:20.0687 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    2010/12/30 10:55:20.0745 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
    2010/12/30 10:55:20.0790 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
    2010/12/30 10:55:20.0828 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
    2010/12/30 10:55:20.0870 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys
    2010/12/30 10:55:20.0899 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
    2010/12/30 10:55:20.0928 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
    2010/12/30 10:55:20.0969 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
    2010/12/30 10:55:21.0006 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
    2010/12/30 10:55:21.0071 hpdskflt (e1d82f0c8456abb03b7df5d623ca47d1) C:\windows\system32\DRIVERS\hpdskflt.sys
    2010/12/30 10:55:21.0141 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
    2010/12/30 10:55:21.0164 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
    2010/12/30 10:55:21.0215 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
    2010/12/30 10:55:21.0258 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
    2010/12/30 10:55:21.0304 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
    2010/12/30 10:55:21.0338 iaStor (01446278d4563b3013c92830ae6cbb26) C:\windows\system32\DRIVERS\iaStor.sys
    2010/12/30 10:55:21.0375 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
    2010/12/30 10:55:21.0524 IDSVix86 (33ca0e61eab15d439a1f592ddc020712) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101228.001\IDSvix86.sys
    2010/12/30 10:55:21.0703 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
    2010/12/30 10:55:21.0844 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
    2010/12/30 10:55:21.0911 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\windows\system32\DRIVERS\Impcd.sys
    2010/12/30 10:55:21.0949 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
    2010/12/30 10:55:21.0987 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
    2010/12/30 10:55:22.0031 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
    2010/12/30 10:55:22.0077 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
    2010/12/30 10:55:22.0101 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
    2010/12/30 10:55:22.0168 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
    2010/12/30 10:55:22.0204 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
    2010/12/30 10:55:22.0249 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
    2010/12/30 10:55:22.0295 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
    2010/12/30 10:55:22.0320 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
    2010/12/30 10:55:22.0346 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
    2010/12/30 10:55:22.0384 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
    2010/12/30 10:55:22.0436 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
    2010/12/30 10:55:22.0496 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
    2010/12/30 10:55:22.0519 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
    2010/12/30 10:55:22.0547 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
    2010/12/30 10:55:22.0573 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
    2010/12/30 10:55:22.0621 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
    2010/12/30 10:55:22.0668 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
    2010/12/30 10:55:22.0695 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
    2010/12/30 10:55:22.0740 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
    2010/12/30 10:55:22.0776 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
    2010/12/30 10:55:22.0825 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
    2010/12/30 10:55:22.0855 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
    2010/12/30 10:55:22.0881 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
    2010/12/30 10:55:22.0902 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
    2010/12/30 10:55:22.0925 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
    2010/12/30 10:55:22.0965 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
    2010/12/30 10:55:23.0012 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\windows\system32\DRIVERS\mrxsmb.sys
    2010/12/30 10:55:23.0063 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\windows\system32\DRIVERS\mrxsmb10.sys
    2010/12/30 10:55:23.0107 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\windows\system32\DRIVERS\mrxsmb20.sys
    2010/12/30 10:55:23.0145 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
    2010/12/30 10:55:23.0179 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
    2010/12/30 10:55:23.0208 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
    2010/12/30 10:55:23.0227 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
    2010/12/30 10:55:23.0243 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
    2010/12/30 10:55:23.0278 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
    2010/12/30 10:55:23.0321 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
    2010/12/30 10:55:23.0349 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
    2010/12/30 10:55:23.0372 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
    2010/12/30 10:55:23.0414 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
    2010/12/30 10:55:23.0448 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
    2010/12/30 10:55:23.0474 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
    2010/12/30 10:55:23.0501 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
    2010/12/30 10:55:23.0549 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
    2010/12/30 10:55:23.0695 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20101229.036\NAVENG.SYS
    2010/12/30 10:55:23.0772 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20101229.036\NAVEX15.SYS
    2010/12/30 10:55:23.0921 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
    2010/12/30 10:55:23.0994 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
    2010/12/30 10:55:24.0045 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
    2010/12/30 10:55:24.0090 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
    2010/12/30 10:55:24.0132 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
    2010/12/30 10:55:24.0168 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
    2010/12/30 10:55:24.0205 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
    2010/12/30 10:55:24.0250 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
    2010/12/30 10:55:24.0453 NETw5s32 (3577b851e59da59e6d65419a057c9914) C:\windows\system32\DRIVERS\NETw5s32.sys
    2010/12/30 10:55:24.0632 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
    2010/12/30 10:55:24.0705 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
    2010/12/30 10:55:24.0729 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
    2010/12/30 10:55:24.0778 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
    2010/12/30 10:55:24.0838 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
    2010/12/30 10:55:24.0898 NVHDA (79e97cdae5449a59a4798fc5b006c58f) C:\windows\system32\drivers\nvhda32v.sys
    2010/12/30 10:55:25.0112 nvlddmkm (b4c5099e80c873d665b8aaaadf8494c2) C:\windows\system32\DRIVERS\nvlddmkm.sys
    2010/12/30 10:55:25.0338 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
    2010/12/30 10:55:25.0365 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
    2010/12/30 10:55:25.0417 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
    2010/12/30 10:55:25.0453 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
    2010/12/30 10:55:25.0556 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
    2010/12/30 10:55:25.0578 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
    2010/12/30 10:55:25.0611 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
    2010/12/30 10:55:25.0641 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
    2010/12/30 10:55:25.0674 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
    2010/12/30 10:55:25.0706 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
    2010/12/30 10:55:25.0731 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
    2010/12/30 10:55:25.0775 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
    2010/12/30 10:55:25.0849 PersonalSecureDrive (b6faedf5356a5c0954487f7381c88cc3) C:\windows\System32\drivers\psd.sys
    2010/12/30 10:55:25.0966 Point32 (60a044879c4fa76314494f5fddc43b93) C:\windows\system32\DRIVERS\point32.sys
    2010/12/30 10:55:26.0019 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
    2010/12/30 10:55:26.0053 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
    2010/12/30 10:55:26.0100 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
    2010/12/30 10:55:26.0150 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
    2010/12/30 10:55:26.0206 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
    2010/12/30 10:55:26.0233 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
    2010/12/30 10:55:26.0260 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
    2010/12/30 10:55:26.0293 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
    2010/12/30 10:55:26.0318 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
    2010/12/30 10:55:26.0352 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
    2010/12/30 10:55:26.0387 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
    2010/12/30 10:55:26.0412 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
    2010/12/30 10:55:26.0450 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
    2010/12/30 10:55:26.0472 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
    2010/12/30 10:55:26.0512 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\windows\system32\drivers\rdpdr.sys
    2010/12/30 10:55:26.0561 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
    2010/12/30 10:55:26.0583 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
    2010/12/30 10:55:26.0611 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
    2010/12/30 10:55:26.0645 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
    2010/12/30 10:55:26.0685 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
    2010/12/30 10:55:26.0732 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\windows\system32\DRIVERS\rimmptsk.sys
    2010/12/30 10:55:26.0764 rimspci (e891f07815af88075705ef6a248711f6) C:\windows\system32\DRIVERS\rimspe86.sys
    2010/12/30 10:55:26.0788 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\windows\system32\DRIVERS\rimsptsk.sys
    2010/12/30 10:55:26.0834 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\windows\system32\Drivers\RimUsb.sys
    2010/12/30 10:55:26.0887 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\windows\system32\DRIVERS\RimSerial.sys
    2010/12/30 10:55:26.0918 risdpcie (d853d35f792a3a44726a794bf9a0bbc3) C:\windows\system32\DRIVERS\risdpe86.sys
    2010/12/30 10:55:26.0951 rismc32 (470fc46e2989f6606043c1c5365b15fd) C:\windows\system32\DRIVERS\rismc32.sys
    2010/12/30 10:55:26.0990 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\windows\system32\DRIVERS\rixdptsk.sys
    2010/12/30 10:55:27.0016 rixdpcie (6a60626412129c713cc30c81870a8095) C:\windows\system32\DRIVERS\rixdpe86.sys
    2010/12/30 10:55:27.0061 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\windows\system32\Drivers\RootMdm.sys
    2010/12/30 10:55:27.0117 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
    2010/12/30 10:55:27.0165 RsvLock (c44ca55601f0a19a505f10bfefb66cf5) C:\windows\system32\drivers\RsvLock.sys
    2010/12/30 10:55:27.0205 s3cap (5423d8437051e89dd34749f242c98648) C:\windows\system32\DRIVERS\vms3cap.sys
    2010/12/30 10:55:27.0238 SafeBoot (906c08952889cffe83df15d53da1137c) C:\windows\system32\drivers\SafeBoot.sys
    2010/12/30 10:55:27.0238 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 906c08952889cffe83df15d53da1137c
    2010/12/30 10:55:27.0242 SafeBoot - detected Locked file (1)
    2010/12/30 10:55:27.0276 SbAlg (1ddc99d066d4b704a63287975dec9dd4) C:\windows\system32\drivers\SbAlg.sys
    2010/12/30 10:55:27.0305 SbFsLock (120eda2066893d0246357d3551f2c6c1) C:\windows\system32\drivers\SbFsLock.sys
    2010/12/30 10:55:27.0348 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
    2010/12/30 10:55:27.0382 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
    2010/12/30 10:55:27.0438 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\windows\system32\DRIVERS\sdbus.sys
    2010/12/30 10:55:27.0486 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
    2010/12/30 10:55:27.0538 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
    2010/12/30 10:55:27.0559 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
    2010/12/30 10:55:27.0586 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
    2010/12/30 10:55:27.0617 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
    2010/12/30 10:55:27.0641 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
    2010/12/30 10:55:27.0665 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
    2010/12/30 10:55:27.0707 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
    2010/12/30 10:55:27.0758 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
    2010/12/30 10:55:27.0798 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
    2010/12/30 10:55:27.0834 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
    2010/12/30 10:55:27.0882 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
    2010/12/30 10:55:27.0981 SNP2UVC (4d8a49526aa035b1a8ff3fe6807783f5) C:\windows\system32\DRIVERS\snp2uvc.sys
    2010/12/30 10:55:28.0064 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
    2010/12/30 10:55:28.0154 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS
    2010/12/30 10:55:28.0200 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS
    2010/12/30 10:55:28.0249 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\windows\system32\DRIVERS\srv.sys
    2010/12/30 10:55:28.0304 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\windows\system32\DRIVERS\srv2.sys
    2010/12/30 10:55:28.0333 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\windows\system32\DRIVERS\srvnet.sys
    2010/12/30 10:55:28.0385 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
    2010/12/30 10:55:28.0440 STHDA (b205de6202b6a019403cf6395d047ca8) C:\windows\system32\DRIVERS\stwrt.sys
    2010/12/30 10:55:28.0481 StillCam (edb05bd63148796f23ea78506404a538) C:\windows\system32\DRIVERS\serscan.sys
    2010/12/30 10:55:28.0523 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\windows\system32\DRIVERS\vmstorfl.sys
    2010/12/30 10:55:28.0582 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\windows\system32\DRIVERS\storvsc.sys
    2010/12/30 10:55:28.0611 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
    2010/12/30 10:55:28.0702 SymDS (56890bf9d9204b93042089d4b45ae671) C:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS
    2010/12/30 10:55:28.0767 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS
    2010/12/30 10:55:28.0847 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\windows\system32\Drivers\SYMEVENT.SYS
    2010/12/30 10:55:28.0887 SymIM (b5eb73a7f72dafc6da693d1a802a057e) C:\windows\system32\DRIVERS\SymIMv.sys
    2010/12/30 10:55:28.0919 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS
    2010/12/30 10:55:28.0978 SYMTDIv (bf610335eda8d9026e45b4ac73d0de58) C:\windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS
    2010/12/30 10:55:29.0052 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\windows\system32\DRIVERS\SynTP.sys
    2010/12/30 10:55:29.0162 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys
    2010/12/30 10:55:29.0228 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys
    2010/12/30 10:55:29.0275 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
    2010/12/30 10:55:29.0309 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
    2010/12/30 10:55:29.0327 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
    2010/12/30 10:55:29.0379 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
    2010/12/30 10:55:29.0408 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
    2010/12/30 10:55:29.0451 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\windows\system32\drivers\tpm.sys
    2010/12/30 10:55:29.0502 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
    2010/12/30 10:55:29.0547 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
    2010/12/30 10:55:29.0587 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
    2010/12/30 10:55:29.0623 udfs (2efee45a340e1590e37c2f2bac16d051) C:\windows\system32\DRIVERS\udfs.sys
    2010/12/30 10:55:29.0688 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
    2010/12/30 10:55:29.0732 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
    2010/12/30 10:55:29.0775 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
    2010/12/30 10:55:29.0833 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\windows\system32\Drivers\usbaapl.sys
    2010/12/30 10:55:29.0862 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
    2010/12/30 10:55:29.0894 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
    2010/12/30 10:55:29.0933 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
    2010/12/30 10:55:29.0982 usbhub (0db84eda895894ba222e27acf597c806) C:\windows\system32\DRIVERS\usbhub.sys
    2010/12/30 10:55:30.0011 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
    2010/12/30 10:55:30.0041 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
    2010/12/30 10:55:30.0066 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
    2010/12/30 10:55:30.0096 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
    2010/12/30 10:55:30.0152 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
    2010/12/30 10:55:30.0212 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\windows\system32\DRIVERS\VClone.sys
    2010/12/30 10:55:30.0255 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
    2010/12/30 10:55:30.0312 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
    2010/12/30 10:55:30.0345 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
    2010/12/30 10:55:30.0392 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
    2010/12/30 10:55:30.0433 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
    2010/12/30 10:55:30.0468 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
    2010/12/30 10:55:30.0505 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
    2010/12/30 10:55:30.0547 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\windows\system32\DRIVERS\vmbus.sys
    2010/12/30 10:55:30.0581 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\windows\system32\DRIVERS\VMBusHID.sys
    2010/12/30 10:55:30.0608 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
    2010/12/30 10:55:30.0661 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
    2010/12/30 10:55:30.0704 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
    2010/12/30 10:55:30.0739 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\windows\system32\DRIVERS\vpchbus.sys
    2010/12/30 10:55:30.0771 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\windows\system32\DRIVERS\vpcnfltr.sys
    2010/12/30 10:55:30.0800 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\windows\system32\DRIVERS\vpcusb.sys
    2010/12/30 10:55:30.0835 vpcvmm (b21e23c100d6d5162b95cf6f05b4e035) C:\windows\system32\drivers\vpcvmm.sys
    2010/12/30 10:55:30.0876 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
    2010/12/30 10:55:30.0904 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
    2010/12/30 10:55:30.0943 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
    2010/12/30 10:55:30.0986 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
    2010/12/30 10:55:31.0038 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
    2010/12/30 10:55:31.0076 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
    2010/12/30 10:55:31.0093 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
    2010/12/30 10:55:31.0148 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
    2010/12/30 10:55:31.0178 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
    2010/12/30 10:55:31.0261 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
    2010/12/30 10:55:31.0292 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
    2010/12/30 10:55:31.0359 windrvNT (ce291805cb4cd561a5a569df4e28e41f) C:\windows\system32\windrvNT.sys
    2010/12/30 10:55:31.0440 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUSB.sys
    2010/12/30 10:55:31.0489 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
    2010/12/30 10:55:31.0527 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
    2010/12/30 10:55:31.0559 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
    2010/12/30 10:55:31.0593 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
    2010/12/30 10:55:31.0654 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2010/12/30 10:55:31.0657 ================================================================================
    2010/12/30 10:55:31.0657 Scan finished
    2010/12/30 10:55:31.0657 ================================================================================
    2010/12/30 10:55:31.0665 Detected object count: 2
    2010/12/30 10:56:38.0699 Locked file(SafeBoot) - User select action: Skip
    2010/12/30 10:56:38.0710 \HardDisk0 - will be cured after reboot
    2010/12/30 10:56:38.0712 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2010/12/30 10:57:11.0088 Deinitialize success
     
  6. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Good job :)

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. Obi3000

    Obi3000 TS Rookie Topic Starter Posts: 37

    MBRCheck Log

    Hi Broni,
    completed steps as instructed. MBRCheck Log below:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Professional
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: Hewlett-Packard
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: HP EliteBook 8440p
    Logical Drives Mask: 0x0000004c

    Kernel Drivers (total 301):
    0x83449000 \SystemRoot\system32\ntkrnlpa.exe
    0x83412000 \SystemRoot\system32\halmacpi.dll
    0x80BC8000 \SystemRoot\system32\kdcom.dll
    0x83A19000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x83A91000 \SystemRoot\system32\PSHED.dll
    0x83AA2000 \SystemRoot\system32\BOOTVID.dll
    0x83AAA000 \SystemRoot\system32\CLFS.SYS
    0x83AEC000 \SystemRoot\system32\CI.dll
    0x8C210000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8C281000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8C28F000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x8C2D7000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x8C2E0000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x8C2E8000 \SystemRoot\system32\DRIVERS\pci.sys
    0x8C312000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x8C31D000 \SystemRoot\system32\DRIVERS\isapnp.sys
    0x8C32C000 \SystemRoot\system32\DRIVERS\mpio.sys
    0x8C350000 \SystemRoot\System32\drivers\partmgr.sys
    0x8C361000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x8C369000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x8C374000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x8C384000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8C3CF000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x8C3D6000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x8C3E4000 \SystemRoot\system32\DRIVERS\aliide.sys
    0x8C3EB000 \SystemRoot\system32\DRIVERS\amdide.sys
    0x8C3F2000 \SystemRoot\system32\DRIVERS\cmdide.sys
    0x83B97000 \SystemRoot\System32\drivers\mountmgr.sys
    0x83BAD000 \SystemRoot\system32\DRIVERS\msdsm.sys
    0x83BCD000 \SystemRoot\system32\DRIVERS\nvraid.sys
    0x8C430000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x8C455000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x8C45C000 \SystemRoot\system32\DRIVERS\viaide.sys
    0x8C464000 \SystemRoot\system32\DRIVERS\iaStorV.sys
    0x8C618000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x8C6F2000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x8C6FB000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x8C71E000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
    0x8C736000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8C77D000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x8C787000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
    0x8C53F000 \SystemRoot\system32\DRIVERS\adp94xx.sys
    0x8C79A000 \SystemRoot\system32\DRIVERS\adpahci.sys
    0x8C5A9000 \SystemRoot\system32\DRIVERS\adpu320.sys
    0x8C7E6000 \SystemRoot\system32\DRIVERS\djsvs.sys
    0x8C5CF000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    0x8C600000 \SystemRoot\system32\DRIVERS\amdsata.sys
    0x8C823000 \SystemRoot\system32\DRIVERS\amdsbs.sys
    0x8C860000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x8C869000 \SystemRoot\system32\DRIVERS\arc.sys
    0x8C87F000 \SystemRoot\system32\DRIVERS\arcsas.sys
    0x8C897000 \SystemRoot\system32\DRIVERS\elxstor.sys
    0x8C90A000 \SystemRoot\system32\DRIVERS\iirsp.sys
    0x8C91A000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
    0x8C934000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
    0x8C944000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
    0x8C95E000 \SystemRoot\system32\DRIVERS\megasas.sys
    0x8C969000 \SystemRoot\system32\DRIVERS\MegaSR.sys
    0x8C800000 \SystemRoot\system32\DRIVERS\nfrd960.sys
    0x8C400000 \SystemRoot\system32\DRIVERS\nvstor.sys
    0x8CA2E000 \SystemRoot\system32\DRIVERS\ql2300.sys
    0x8CC15000 \SystemRoot\system32\DRIVERS\ql40xx.sys
    0x8CC6A000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
    0x8CC77000 \SystemRoot\system32\DRIVERS\sisraid4.sys
    0x8CC8D000 \SystemRoot\system32\DRIVERS\vsmraid.sys
    0x8CCB2000 \SystemRoot\System32\Drivers\SbAlg.sys
    0x8CCBD000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8CCF1000 \SystemRoot\system32\drivers\NIS\1108000.005\SYMDS.SYS
    0x8CD47000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8CD58000 \SystemRoot\System32\Drivers\SbFsLock.sys
    0x8CD5A000 \SystemRoot\system32\drivers\NIS\1108000.005\SYMEFA.SYS
    0x8CE33000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8CF62000 \SystemRoot\System32\Drivers\msrpc.sys
    0x8CF8D000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8CFA0000 \SystemRoot\System32\Drivers\cng.sys
    0x8CE00000 \SystemRoot\System32\drivers\pcw.sys
    0x8CE0E000 \SystemRoot\system32\DRIVERS\storvsc.sys
    0x8CE19000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x8D039000 \SystemRoot\system32\drivers\ndis.sys
    0x8D0F0000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8D12E000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x8D229000 \SystemRoot\System32\drivers\tcpip.sys
    0x8D372000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8D3A3000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x8D3AC000 \SystemRoot\system32\DRIVERS\wd.sys
    0x8D3B4000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x8D3F3000 \SystemRoot\system32\DRIVERS\stexstor.sys
    0x8D200000 \SystemRoot\System32\Drivers\spldr.sys
    0x8D208000 \SystemRoot\system32\DRIVERS\sbp2port.sys
    0x8D153000 \SystemRoot\System32\Drivers\SafeBoot.sys
    0x8D16C000 \SystemRoot\System32\drivers\rdyboost.sys
    0x8D199000 \SystemRoot\System32\Drivers\mup.sys
    0x8D220000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x8D1A9000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
    0x8D1B2000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x8D1E4000 \SystemRoot\system32\DRIVERS\disk.sys
    0x91724000 \SystemRoot\System32\drivers\psd.sys
    0x9172D000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x9174C000 \SystemRoot\System32\Drivers\Null.SYS
    0x91753000 \SystemRoot\System32\Drivers\Beep.SYS
    0x9175A000 \SystemRoot\System32\drivers\vga.sys
    0x91766000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x91787000 \SystemRoot\System32\drivers\watchdog.sys
    0x91794000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x9179C000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x917A4000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x917AC000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x917B7000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x917C5000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x917DC000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8CD87000 \SystemRoot\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS
    0x91600000 \??\C:\windows\system32\Drivers\SYMEVENT.SYS
    0x92E13000 \SystemRoot\system32\drivers\afd.sys
    0x92E6D000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x92E9F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x92EA6000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x92EC5000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x92ED6000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
    0x92EE6000 \SystemRoot\system32\DRIVERS\SymIMv.sys
    0x92EF3000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x92F01000 \SystemRoot\system32\DRIVERS\serial.sys
    0x92F1B000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x92F2E000 \SystemRoot\system32\drivers\vpcvmm.sys
    0x92F75000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x92F85000 \SystemRoot\system32\drivers\NIS\1108000.005\Ironx86.SYS
    0x92FA4000 \SystemRoot\system32\drivers\NIS\1108000.005\SRTSPX.SYS
    0x92FAE000 \SystemRoot\System32\Drivers\RsvLock.SYS
    0x92FB7000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x92E00000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x91625000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x94005000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101228.001\IDSvix86.sys
    0x94060000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
    0x94065000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0x940C3000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x940E0000 \SystemRoot\System32\drivers\discache.sys
    0x940EC000 \SystemRoot\System32\Drivers\dfsc.sys
    0x94104000 \SystemRoot\system32\DRIVERS\ctxusbm.sys
    0x94118000 \SystemRoot\system32\drivers\csc.sys
    0x9417C000 \SystemRoot\system32\drivers\NIS\1108000.005\ccHPx86.sys
    0x917E7000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x94A2B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
    0x94AD7000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x94AF8000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x95C3E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x965BC000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x94B0A000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x965BE000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x95C00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x95C1F000 \SystemRoot\system32\DRIVERS\HECI.sys
    0x95C2A000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x94BC1000 \SystemRoot\system32\DRIVERS\e1k6232.sys
    0x94A00000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8CBAD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x9BA14000 \SystemRoot\system32\DRIVERS\NETw5s32.sys
    0x9C090000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x9C09A000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x9C0C6000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x9C0DF000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0x9C0F0000 \SystemRoot\system32\DRIVERS\pcmcia.sys
    0x9C11E000 \SystemRoot\system32\drivers\tpm.sys
    0x9C12A000 \SystemRoot\system32\DRIVERS\parport.sys
    0x9C142000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x9C15A000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
    0x9C163000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x9C221000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x9C35E000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x9C360000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x9C36D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x9C373000 \SystemRoot\system32\DRIVERS\Impcd.sys
    0x9C394000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
    0x9C39F000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x9C3A8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x9C3AC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x9C3B9000 \SystemRoot\system32\DRIVERS\serscan.sys
    0x9C3C1000 \SystemRoot\System32\Drivers\RootMdm.sys
    0x9C3C9000 \SystemRoot\system32\drivers\modem.sys
    0x9C3D6000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x9C3E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x9C200000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x9C170000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x9C192000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x9C1AA000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x9C1C1000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x9C20B000 \SystemRoot\system32\DRIVERS\RimSerial.sys
    0x9C212000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x9C1D8000 \SystemRoot\system32\DRIVERS\VClone.sys
    0x9C21C000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x9CA11000 \SystemRoot\system32\DRIVERS\ks.sys
    0x9CA45000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x9CA53000 \SystemRoot\system32\DRIVERS\vpcusb.sys
    0x9CA6B000 \SystemRoot\system32\DRIVERS\usbrpm.sys
    0x9CA78000 \SystemRoot\system32\DRIVERS\vpchbus.sys
    0x9CAAE000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x9CAF2000 \SystemRoot\system32\DRIVERS\rismc32.sys
    0x9CAFE000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
    0x9CB09000 \SystemRoot\System32\DRIVERS\scfilter.sys
    0x9CB15000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x9CB26000 \SystemRoot\system32\drivers\nvhda32v.sys
    0x9CB3A000 \SystemRoot\system32\drivers\portcls.sys
    0x9CB69000 \SystemRoot\system32\drivers\drmk.sys
    0x9CB82000 \SystemRoot\system32\DRIVERS\stwrt.sys
    0x8200C000 \SystemRoot\system32\DRIVERS\AGRSM.sys
    0x82710000 \SystemRoot\System32\win32k.sys
    0x82128000 \SystemRoot\System32\drivers\Dxapi.sys
    0x82132000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x8213D000 \SystemRoot\System32\Drivers\BTHUSB.sys
    0x8214F000 \SystemRoot\System32\Drivers\bthport.sys
    0x821B3000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x82970000 \SystemRoot\System32\TSDDD.dll
    0x9162F000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x821C0000 \SystemRoot\System32\Drivers\dump_SbHiber.sys
    0x821C1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x821D2000 \SystemRoot\system32\DRIVERS\WinUSB.sys
    0x82980000 \SystemRoot\System32\ATMFD.DLL
    0x821DB000 \SystemRoot\system32\DRIVERS\rfcomm.sys
    0x9CBEE000 \SystemRoot\system32\DRIVERS\BthEnum.sys
    0x9C1E3000 \SystemRoot\system32\DRIVERS\bthpan.sys
    0x9BA00000 \SystemRoot\system32\DRIVERS\bthmodem.sys
    0x9061C000 \SystemRoot\system32\DRIVERS\btwavdt.sys
    0x9068F000 \SystemRoot\system32\drivers\btwaudio.sys
    0x90710000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
    0x9071B000 \SystemRoot\system32\DRIVERS\btwrchid.sys
    0x9071E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x90731000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x90738000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x9074F000 \SystemRoot\system32\DRIVERS\dc3d.sys
    0x90759000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x90764000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x90770000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x9077B000 \SystemRoot\system32\DRIVERS\point32.sys
    0x90784000 \SystemRoot\system32\drivers\luafv.sys
    0x9079F000 \SystemRoot\system32\drivers\WudfPf.sys
    0x82600000 \SystemRoot\System32\cdd.dll
    0x9923B000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
    0x993E9000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0x993F7000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
    0x99200000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x907B9000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x99210000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x99220000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x90600000 \SystemRoot\system32\DRIVERS\vwifimp.sys
    0xA1A02000 \SystemRoot\system32\drivers\HTTP.sys
    0xA1A87000 \SystemRoot\system32\DRIVERS\bowser.sys
    0xA1AA0000 \SystemRoot\System32\drivers\mpsdrv.sys
    0xA1AB2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA1AD5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xA1B10000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xA1B2B000 \SystemRoot\system32\DRIVERS\parvdm.sys
    0xA1B32000 \SystemRoot\system32\drivers\peauth.sys
    0xA1BDA000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x8D00D000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xA1BE4000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA1BF1000 \??\C:\windows\system32\windrvNT.sys
    0xA521C000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA526B000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA52BC000 \SystemRoot\System32\Drivers\NIS\1108000.005\SRTSP.SYS
    0xA6C35000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20101229.036\NAVEX15.SYS
    0xA6D80000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20101229.036\NAVENG.SYS
    0xA6C08000 \SystemRoot\system32\drivers\mrxdav.sys
    0xA6C29000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0xA6DAC000 \SystemRoot\system32\DRIVERS\umpass.sys
    0x77D20000 \Windows\System32\ntdll.dll
    0x481D0000 \Windows\System32\smss.exe
    0x77F60000 \Windows\System32\apisetschema.dll
    0x003E0000 \Windows\System32\autochk.exe
    0x77F10000 \Windows\System32\ws2_32.dll
    0x77C50000 \Windows\System32\msctf.dll
    0x77EC0000 \Windows\System32\gdi32.dll
    0x77EB0000 \Windows\System32\psapi.dll
    0x77B30000 \Windows\System32\wininet.dll
    0x77AB0000 \Windows\System32\comdlg32.dll
    0x76E60000 \Windows\System32\shell32.dll
    0x76D50000 \Windows\System32\urlmon.dll
    0x76CB0000 \Windows\System32\usp10.dll
    0x76BE0000 \Windows\System32\user32.dll
    0x76B30000 \Windows\System32\msvcrt.dll
    0x77E60000 \Windows\System32\Wldap32.dll
    0x769D0000 \Windows\System32\ole32.dll
    0x769C0000 \Windows\System32\lpk.dll
    0x76990000 \Windows\System32\imagehlp.dll
    0x76900000 \Windows\System32\oleaut32.dll
    0x76870000 \Windows\System32\clbcatq.dll
    0x767D0000 \Windows\System32\advapi32.dll
    0x76630000 \Windows\System32\setupapi.dll
    0x76620000 \Windows\System32\normaliz.dll
    0x765C0000 \Windows\System32\difxapi.dll
    0x765B0000 \Windows\System32\nsi.dll
    0x76590000 \Windows\System32\imm32.dll
    0x764E0000 \Windows\System32\rpcrt4.dll
    0x76400000 \Windows\System32\kernel32.dll
    0x763A0000 \Windows\System32\shlwapi.dll
    0x76380000 \Windows\System32\sechost.dll
    0x76180000 \Windows\System32\iertutil.dll
    0x76060000 \Windows\System32\crypt32.dll
    0x76040000 \Windows\System32\devobj.dll
    0x76010000 \Windows\System32\xmllite.dll
    0x75FE0000 \Windows\System32\cfgmgr32.dll
    0x75F50000 \Windows\System32\comctl32.dll
    0x75F00000 \Windows\System32\KernelBase.dll
    0x75ED0000 \Windows\System32\wintrust.dll
    0x75EC0000 \Windows\System32\msasn1.dll

    Processes (total 132):
    0 System Idle Process
    4 System
    324 C:\Windows\System32\smss.exe
    548 csrss.exe
    620 C:\Windows\System32\wininit.exe
    628 csrss.exe
    668 C:\Windows\System32\services.exe
    688 C:\Windows\System32\lsass.exe
    696 C:\Windows\System32\lsm.exe
    808 C:\Windows\System32\svchost.exe
    880 C:\Windows\System32\nvvsvc.exe
    912 C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
    948 C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    996 C:\Windows\System32\svchost.exe
    1052 C:\Windows\System32\svchost.exe
    1084 C:\Windows\System32\svchost.exe
    1124 C:\Windows\System32\svchost.exe
    1164 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\stacsv.exe
    1360 C:\Windows\System32\winlogon.exe
    1424 C:\Windows\System32\svchost.exe
    1476 C:\Windows\System32\hpservice.exe
    1632 C:\Windows\System32\svchost.exe
    1808 C:\Windows\System32\nvvsvc.exe
    1888 C:\Windows\System32\spoolsv.exe
    1944 C:\Windows\System32\svchost.exe
    1984 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
    256 C:\Windows\System32\svchost.exe
    1120 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\AEstSrv.exe
    1512 C:\Program Files\LSI SoftModem\agrsmsvc.exe
    1620 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1840 C:\Program Files\Bonjour\mDNSResponder.exe
    660 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    2200 C:\Program Files\Windows Home Server\esClient.exe
    2236 C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
    2328 C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
    2388 C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    2408 C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
    2452 C:\Windows\System32\svchost.exe
    2472 C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
    2532 C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
    2608 C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    2664 C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
    2752 C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
    2796 C:\Program Files\PDF Complete\pdfsvc.exe
    2960 C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
    3100 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    3136 C:\Windows\System32\svchost.exe
    3220 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    3304 C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
    3384 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    3484 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    3548 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    3576 C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
    3600 C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
    3616 C:\Program Files\Windows Home Server\WHSConnector.exe
    3092 WmiPrvSE.exe
    1752 WmiPrvSE.exe
    3236 C:\Windows\System32\svchost.exe
    4108 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    4156 C:\Windows\System32\svchost.exe
    4208 C:\Windows\System32\svchost.exe
    5016 C:\Windows\System32\taskhost.exe
    5084 C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
    5204 C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
    5212 C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
    5388 C:\Windows\System32\dwm.exe
    5440 C:\Windows\explorer.exe
    5688 C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
    5728 C:\Windows\System32\conhost.exe
    5780 C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
    5848 C:\Windows\System32\conhost.exe
    5944 C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
    5952 C:\Windows\System32\conhost.exe
    6056 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    6064 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    6112 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
    6132 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    4184 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    4704 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
    4356 C:\Program Files\IDT\WDM\sttray.exe
    4796 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    5508 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    5520 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
    5316 C:\Program Files\iTunes\iTunesHelper.exe
    4980 C:\Program Files\Citrix\ICA Client\concentr.exe
    5852 C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    1576 C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
    1572 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    5972 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    5080 C:\Windows\ehome\ehmsas.exe
    5340 C:\Program Files\Microsoft IntelliType Pro\itype.exe
    3772 C:\Windows\System32\SearchIndexer.exe
    6324 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    6392 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    6464 C:\Program Files\Windows Home Server\WHSTrayApp.exe
    6720 C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
    6840 C:\Program Files\iPod\bin\iPodService.exe
    6880 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    7020 C:\Program Files\Windows Media Player\wmpnetwk.exe
    7656 C:\Program Files\Windows Live\Contacts\wlcomm.exe
    7768 C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe
    7848 C:\Program Files\Hp\Digital Imaging\bin\hpqbam08.exe
    7908 C:\Program Files\Hp\Digital Imaging\bin\hpqgpc01.exe
    8120 C:\Program Files\Mozilla Firefox\firefox.exe
    7616 C:\Program Files\Hp\Digital Imaging\smart web printing\hpswp_clipbook.exe
    4380 C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    2148 C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    6240 C:\Program Files\Mozilla Firefox\plugin-container.exe
    7408 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    1228 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
    2660 C:\Windows\System32\svchost.exe
    2176 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    4912 C:\Windows\System32\wuauclt.exe
    5276 C:\Windows\System32\notepad.exe
    3244 C:\Users\Obinna\AppData\Local\Google\Chrome\Application\chrome.exe
    7524 C:\Users\Obinna\AppData\Local\Google\Chrome\Application\chrome.exe
    5580 C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
    5136 C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    9352 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    2008 C:\Windows\System32\svchost.exe
    4044 C:\Windows\System32\taskeng.exe
    9960 C:\Windows\System32\audiodg.exe
    8884 C:\Program Files\Internet Explorer\iexplore.exe
    8844 C:\Program Files\Internet Explorer\iexplore.exe
    3368 C:\Program Files\Internet Explorer\iexplore.exe
    8112 C:\Windows\System32\SearchProtocolHost.exe
    10060 C:\Windows\System32\SearchFilterHost.exe
    9608 dllhost.exe
    7316 dllhost.exe
    4852 C:\Users\Obinna\Desktop\MBRCheck.exe
    7672 C:\Windows\System32\conhost.exe
    9132 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`12d00000 (NTFS)

    PhysicalDrive0 Model Number: ST9320423AS, Rev: 0006HPM1

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!
     
  8. Obi3000

    Obi3000 TS Rookie Topic Starter Posts: 37

    ComboFix Log

    ComboFix log below. No issues when running this :)

    ComboFix 10-12-29.04 - Obinna 30/12/2010 18:03:00.1.4 - x86
    Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3058.1539 [GMT 0:00]
    Running from: c:\users\Obinna\Desktop\ComboFix.exe
    AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Thumbs.db

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-30 )))))))))))))))))))))))))))))))
    .

    2010-12-30 18:09 . 2010-12-30 18:11 -------- d-----w- c:\users\Obinna\AppData\Local\temp
    2010-12-30 18:09 . 2010-12-30 18:09 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2010-12-30 18:09 . 2010-12-30 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-30 17:56 . 2010-11-16 12:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F7463E7-7497-49E5-B65E-84E0EB3A39A7}\mpengine.dll
    2010-12-29 12:46 . 2010-12-29 12:46 -------- d-----w- c:\users\Obinna\AppData\Roaming\Malwarebytes
    2010-12-29 12:46 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-29 12:46 . 2010-12-29 12:46 -------- d-----w- c:\programdata\Malwarebytes
    2010-12-29 12:46 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-29 12:46 . 2010-12-29 12:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-29 11:50 . 2010-12-29 11:50 -------- d-----w- c:\users\Obinna\AppData\Local\Symantec
    2010-12-29 11:05 . 2010-12-29 11:05 388096 ----a-r- c:\users\Obinna\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-12-29 11:05 . 2010-12-29 11:05 -------- d-----w- c:\program files\Trend Micro
    2010-12-20 21:23 . 2010-12-20 21:23 -------- d-----w- c:\users\Obinna\AppData\Local\CrashDumps
    2010-12-20 10:12 . 2010-12-20 21:22 -------- d-----w- c:\program files\Windows Live Safety Center
    2010-12-20 09:43 . 2010-12-20 09:43 -------- d-----w- c:\users\Obinna\AppData\Roaming\Tific
    2010-12-17 09:26 . 2010-12-17 09:26 -------- d-----w- c:\windows\en
    2010-12-17 09:23 . 2010-12-17 09:23 -------- d-----w- c:\program files\MSN Toolbar
    2010-12-17 09:23 . 2010-12-17 09:23 -------- d-----w- c:\program files\Bing Bar Installer
    2010-12-17 09:23 . 2009-09-04 17:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2010-12-17 09:23 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2010-12-17 09:23 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2010-12-17 09:23 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2010-12-17 09:22 . 2010-12-17 09:22 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\e070167e1cb9dcb07\InstallManager_WLE_WLE.exe
    2010-12-17 09:22 . 2010-12-17 09:22 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\ddc170ff1cb9dcb06\DSETUP.dll
    2010-12-17 09:22 . 2010-12-17 09:22 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\ddc170ff1cb9dcb06\DXSETUP.exe
    2010-12-17 09:22 . 2010-12-17 09:22 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\ddc170ff1cb9dcb06\dsetup32.dll
    2010-12-17 09:22 . 2010-12-17 09:22 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\dd3388d21cb9dcb05\DXSETUP.exe
    2010-12-17 09:22 . 2010-12-17 09:22 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\dd3388d21cb9dcb05\DSETUP.dll
    2010-12-17 09:22 . 2010-12-17 09:22 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\dd3388d21cb9dcb05\dsetup32.dll
    2010-12-17 09:21 . 2010-12-30 11:53 -------- d-----w- c:\users\Obinna\AppData\Local\Windows Live
    2010-12-16 17:46 . 2010-12-16 17:46 -------- d-----w- c:\programdata\Research In Motion
    2010-12-16 09:33 . 2010-05-06 04:01 44080 ----a-r- c:\windows\system32\drivers\SymIMV.sys
    2010-12-16 01:48 . 2010-12-16 01:50 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-12-16 01:48 . 2010-12-16 01:48 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-12-16 01:48 . 2010-12-16 01:48 -------- d-----w- c:\program files\Symantec
    2010-12-16 01:47 . 2010-12-16 17:14 -------- d-----w- c:\windows\system32\drivers\NIS
    2010-12-16 01:47 . 2010-12-16 01:47 -------- d-----w- c:\program files\Norton Internet Security
    2010-12-16 01:47 . 2010-12-16 01:47 -------- d-----w- c:\program files\NortonInstaller
    2010-12-16 01:40 . 2010-12-16 01:48 -------- d-----w- c:\programdata\Norton
    2010-12-14 21:33 . 2010-12-14 21:33 -------- d-----w- c:\users\Obinna\AppData\Local\Mozilla
    2010-12-12 17:46 . 2010-12-12 17:46 -------- d-----w- c:\program files\Conduit
    2010-12-12 17:46 . 2010-12-12 17:46 -------- d-----w- c:\program files\uTorrentBar
    2010-12-12 17:46 . 2010-12-12 17:46 -------- d-----w- C:\extensions
    2010-12-03 17:15 . 2010-12-03 17:15 -------- d-----w- c:\program files\Microsoft IntelliType Pro
    2010-12-03 14:10 . 2010-12-03 14:10 -------- d-----w- c:\program files\Microsoft IntelliPoint
    2010-12-03 14:02 . 2010-12-15 01:15 -------- d-----w- C:\Windows Home Server Drivers for Restore

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-13 09:37 . 2010-11-13 09:37 132480 ----a-w- c:\windows\system32\drivers\Impcd.sys
    2010-11-13 09:05 . 2010-11-13 09:05 368912 ----a-w- c:\windows\system32\VBAR332.DLL
    2010-11-13 09:05 . 2010-11-13 09:05 252176 ----a-w- c:\windows\system32\MSRD2X35.DLL
    2010-11-13 09:05 . 2010-11-13 09:05 24848 ----a-w- c:\windows\system32\MSJTER35.DLL
    2010-11-13 09:05 . 2010-11-13 09:05 123664 ----a-w- c:\windows\system32\MSJINT35.DLL
    2010-11-13 09:05 . 2010-11-13 09:05 1045776 ----a-w- c:\windows\system32\MSJET35.DLL
    2010-11-10 22:36 . 2010-11-10 22:36 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
    2010-11-10 22:36 . 2010-11-10 22:36 1303728 ----a-w- c:\windows\system32\drivers\SynTP.sys
    2010-11-10 22:36 . 2010-11-10 22:36 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
    2010-11-10 22:36 . 2010-11-10 22:36 214312 ----a-w- c:\windows\system32\SynCtrl.dll
    2010-11-10 22:36 . 2010-11-10 22:36 173352 ----a-w- c:\windows\system32\SynCOM.dll
    2010-10-19 10:41 . 2010-07-18 16:23 222080 ------w- c:\windows\system32\MpSigStub.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]

    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-11-29 15:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2010-11-29 15:26 3908192 ----a-w- c:\program files\uTorrentBar\tbuTor.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]

    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
    "Google Update"="c:\users\Obinna\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-27 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" [2009-11-19 363064]
    "IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-11-18 495708]
    "nwiz"="nwiz.exe" [2010-02-17 1657448]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-18 13830760]
    "HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2009-12-16 1690680]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
    "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-10-23 563736]
    "IFXSPMGT"="c:\program files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2009-10-02 1107232]
    "File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-11-04 11264000]
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]
    HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2010-7-23 604008]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
    2009-11-09 11:51 75320 ----a-w- c:\windows\System32\DeviceNP.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-10-27 03:49 136176 ----atw- c:\users\Obinna\AppData\Local\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2010-07-20 21:31 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-20 135664]
    R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
    R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-10-29 47616]
    R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-09-28 38912]
    R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 1664304]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2009-10-21 32312]
    R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-11-09 362040]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-19 1343400]
    S0 SafeBoot;SafeBoot; [x]
    S0 SbAlg;SbAlg; [x]
    S0 SbFsLock;SbFsLock; [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS [2010-02-04 328752]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS [2010-04-22 173104]
    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys [2010-02-26 501888]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101228.001\IDSvix86.sys [2010-12-01 353912]
    S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2009-10-02 39712]
    S1 RsvLock;RsvLock; [x]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS [2010-04-29 116784]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS [2010-05-06 339504]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\aestsrv.exe [2009-03-03 81920]
    S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2009-10-07 239464]
    S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2009-10-07 97128]
    S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2009-12-16 102968]
    S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
    S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-11-19 102968]
    S2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2009-11-12 250936]
    S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-11-11 277096]
    S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-11-04 297984]
    S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
    S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920]
    S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]
    S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-10-23 635416]
    S2 rgsender;Remote Graphics Sender Service;c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2009-11-19 379904]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
    S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2009-10-07 376680]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-11-06 214696]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-15 102448]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-11-13 132480]
    S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-09-09 6758912]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-09 68200]
    S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-20 23:37]

    2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-20 23:37]

    2010-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1094772569-1696026563-3835395496-1000Core.job
    - c:\users\Obinna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 03:49]

    2010-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1094772569-1696026563-3835395496-1000UA.job
    - c:\users\Obinna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 03:49]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bbc.co.uk/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki...
    IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\users\Obinna\AppData\Roaming\Mozilla\Firefox\Profiles\7lfrslg4.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - Ext: DigitalPersona Extension: otis@digitalpersona.com - c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
    FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn
    FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
    AddRemove-LSI Soft Modem - c:\windows\agrsmdel



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
    --

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
    "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(4740)
    c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
    c:\program files\WinSCP\DragExt.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\STacSV.exe
    c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\LSI SoftModem\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
    c:\program files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
    c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
    c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
    c:\windows\system32\conhost.exe
    c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
    c:\windows\system32\conhost.exe
    c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
    c:\windows\system32\conhost.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
    c:\windows\system32\conhost.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    c:\windows\system32\sppsvc.exe
    c:\windows\eHome\EhTray.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-30 18:14:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-30 18:14

    Pre-Run: 249,898,729,472 bytes free
    Post-Run: 249,762,906,112 bytes free

    - - End Of File - - 875717C9C2B2D5659433CE1DBB4ADE49
     
  9. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Combofix log looks pretty clean....just some leftovers....

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Driver::
    RsvLock
    SbFsLock
    SbAlg
    SafeBoot
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  10. Obi3000

    Obi3000 TS Rookie Topic Starter Posts: 37

    ComboFix with CFScript

    Hi,
    Followed the steps you mentioned and it didn't go as well this this .. This is what happened.
    - I created the CFScript file as instructed, turned off Antivrus and dragged the file over comboFix to open.
    - ComboFix started and displayed a message saying a new version of combofix is available.. should it update. I clicked Yes for this.
    - Combofix updated successfully and restarted its run. All seemed to be going smoothly so I left this the PC for a while.
    - When I got back, the screen was on the windows boot menu with windows unable to boot and asking for a windows CD to be inserted to repair ..
    - I don't have this so was unable to get back into windows even when I tried Safe mode.
    - Eventually I selected the option "last known good configuration" from the safe mode boot menu and windows started up as per normal.
    - ComboFix started and completed its log writing.

    I have attached log below. Let me know what you think and if its safe to restart my computer again.. :)

    ComboFix 10-12-30.01 - Obinna 30/12/2010 20:51:59.2.4 - x86
    Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3058.1780 [GMT 0:00]
    Running from: c:\users\Obinna\Desktop\ComboFix.exe
    Command switches used :: c:\users\Obinna\Desktop\CFScript.txt
    AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_RSVLOCK
    -------\Legacy_SBALG
    -------\Legacy_SBFSLOCK
    -------\Service_RsvLock
    -------\Service_SafeBoot
    -------\Service_SbAlg
    -------\Service_SbFsLock


    ((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-30 )))))))))))))))))))))))))))))))
    .

    2010-12-30 20:58 . 2010-12-30 20:58 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2010-12-30 20:58 . 2010-12-30 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-30 18:09 . 2010-12-30 22:17 -------- d-----w- c:\users\Obinna\AppData\Local\temp
    2010-12-30 17:56 . 2010-11-16 12:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F7463E7-7497-49E5-B65E-84E0EB3A39A7}\mpengine.dll
    2010-12-29 12:46 . 2010-12-29 12:46 -------- d-----w- c:\users\Obinna\AppData\Roaming\Malwarebytes
    2010-12-29 12:46 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-29 12:46 . 2010-12-29 12:46 -------- d-----w- c:\programdata\Malwarebytes
    2010-12-29 12:46 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-29 12:46 . 2010-12-29 12:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-29 11:50 . 2010-12-29 11:50 -------- d-----w- c:\users\Obinna\AppData\Local\Symantec
    2010-12-29 11:05 . 2010-12-29 11:05 388096 ----a-r- c:\users\Obinna\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-12-29 11:05 . 2010-12-29 11:05 -------- d-----w- c:\program files\Trend Micro
    2010-12-20 21:23 . 2010-12-20 21:23 -------- d-----w- c:\users\Obinna\AppData\Local\CrashDumps
    2010-12-20 10:12 . 2010-12-20 21:22 -------- d-----w- c:\program files\Windows Live Safety Center
    2010-12-20 09:43 . 2010-12-20 09:43 -------- d-----w- c:\users\Obinna\AppData\Roaming\Tific
    2010-12-17 09:26 . 2010-12-17 09:26 -------- d-----w- c:\windows\en
    2010-12-17 09:23 . 2010-12-17 09:23 -------- d-----w- c:\program files\MSN Toolbar
    2010-12-17 09:23 . 2010-12-17 09:23 -------- d-----w- c:\program files\Bing Bar Installer
    2010-12-17 09:23 . 2009-09-04 17:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2010-12-17 09:23 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2010-12-17 09:23 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2010-12-17 09:23 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2010-12-17 09:22 . 2010-12-17 09:22 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\e070167e1cb9dcb07\InstallManager_WLE_WLE.exe
    2010-12-17 09:22 . 2010-12-17 09:22 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\ddc170ff1cb9dcb06\DSETUP.dll
    2010-12-17 09:22 . 2010-12-17 09:22 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\ddc170ff1cb9dcb06\DXSETUP.exe
    2010-12-17 09:22 . 2010-12-17 09:22 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\ddc170ff1cb9dcb06\dsetup32.dll
    2010-12-17 09:22 . 2010-12-17 09:22 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\dd3388d21cb9dcb05\DXSETUP.exe
    2010-12-17 09:22 . 2010-12-17 09:22 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\dd3388d21cb9dcb05\DSETUP.dll
    2010-12-17 09:22 . 2010-12-17 09:22 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\dd3388d21cb9dcb05\dsetup32.dll
    2010-12-17 09:21 . 2010-12-30 11:53 -------- d-----w- c:\users\Obinna\AppData\Local\Windows Live
    2010-12-16 17:46 . 2010-12-16 17:46 -------- d-----w- c:\programdata\Research In Motion
    2010-12-16 09:33 . 2010-05-06 04:01 44080 ----a-r- c:\windows\system32\drivers\SymIMV.sys
    2010-12-16 01:48 . 2010-12-16 01:50 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-12-16 01:48 . 2010-12-16 01:48 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-12-16 01:48 . 2010-12-16 01:48 -------- d-----w- c:\program files\Symantec
    2010-12-16 01:47 . 2010-12-16 17:14 -------- d-----w- c:\windows\system32\drivers\NIS
    2010-12-16 01:47 . 2010-12-16 01:47 -------- d-----w- c:\program files\Norton Internet Security
    2010-12-16 01:47 . 2010-12-16 01:47 -------- d-----w- c:\program files\NortonInstaller
    2010-12-16 01:40 . 2010-12-16 01:48 -------- d-----w- c:\programdata\Norton
    2010-12-14 21:33 . 2010-12-14 21:33 -------- d-----w- c:\users\Obinna\AppData\Local\Mozilla
    2010-12-12 17:46 . 2010-12-12 17:46 -------- d-----w- c:\program files\Conduit
    2010-12-12 17:46 . 2010-12-12 17:46 -------- d-----w- c:\program files\uTorrentBar
    2010-12-12 17:46 . 2010-12-12 17:46 -------- d-----w- C:\extensions
    2010-12-03 17:15 . 2010-12-03 17:15 -------- d-----w- c:\program files\Microsoft IntelliType Pro
    2010-12-03 14:10 . 2010-12-03 14:10 -------- d-----w- c:\program files\Microsoft IntelliPoint
    2010-12-03 14:02 . 2010-12-15 01:15 -------- d-----w- C:\Windows Home Server Drivers for Restore

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-13 09:37 . 2010-11-13 09:37 132480 ----a-w- c:\windows\system32\drivers\Impcd.sys
    2010-11-13 09:05 . 2010-11-13 09:05 368912 ----a-w- c:\windows\system32\VBAR332.DLL
    2010-11-13 09:05 . 2010-11-13 09:05 252176 ----a-w- c:\windows\system32\MSRD2X35.DLL
    2010-11-13 09:05 . 2010-11-13 09:05 24848 ----a-w- c:\windows\system32\MSJTER35.DLL
    2010-11-13 09:05 . 2010-11-13 09:05 123664 ----a-w- c:\windows\system32\MSJINT35.DLL
    2010-11-13 09:05 . 2010-11-13 09:05 1045776 ----a-w- c:\windows\system32\MSJET35.DLL
    2010-11-10 22:36 . 2010-11-10 22:36 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
    2010-11-10 22:36 . 2010-11-10 22:36 1303728 ----a-w- c:\windows\system32\drivers\SynTP.sys
    2010-11-10 22:36 . 2010-11-10 22:36 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
    2010-11-10 22:36 . 2010-11-10 22:36 214312 ----a-w- c:\windows\system32\SynCtrl.dll
    2010-11-10 22:36 . 2010-11-10 22:36 173352 ----a-w- c:\windows\system32\SynCOM.dll
    2010-10-19 10:41 . 2010-07-18 16:23 222080 ------w- c:\windows\system32\MpSigStub.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]

    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-11-29 15:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2010-11-29 15:26 3908192 ----a-w- c:\program files\uTorrentBar\tbuTor.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]

    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
    "Google Update"="c:\users\Obinna\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-27 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" [2009-11-19 363064]
    "IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-11-18 495708]
    "nwiz"="nwiz.exe" [2010-02-17 1657448]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-18 13830760]
    "HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2009-12-16 1690680]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
    "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-10-23 563736]
    "IFXSPMGT"="c:\program files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2009-10-02 1107232]
    "File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-11-04 11264000]
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]
    HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2010-7-23 604008]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
    2009-11-09 11:51 75320 ----a-w- c:\windows\System32\DeviceNP.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-10-27 03:49 136176 ----atw- c:\users\Obinna\AppData\Local\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2010-07-20 21:31 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-20 135664]
    R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
    R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-10-29 47616]
    R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-09-28 38912]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2009-10-21 32312]
    R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-11-09 362040]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys [2010-02-26 501888]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101228.001\IDSvix86.sys [2010-12-01 353912]
    S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2009-10-02 39712]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\aestsrv.exe [2009-03-03 81920]
    S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2009-10-07 239464]
    S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2009-10-07 97128]
    S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2009-12-16 102968]
    S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
    S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-11-19 102968]
    S2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2009-11-12 250936]
    S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-11-11 277096]
    S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-11-04 297984]
    S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
    S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920]
    S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]
    S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-10-23 635416]
    S2 rgsender;Remote Graphics Sender Service;c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2009-11-19 379904]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-11-06 214696]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-15 102448]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-11-13 132480]
    S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-09-09 6758912]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-09 68200]
    S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-20 23:37]

    2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-20 23:37]

    2010-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1094772569-1696026563-3835395496-1000Core.job
    - c:\users\Obinna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 03:49]

    2010-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1094772569-1696026563-3835395496-1000UA.job
    - c:\users\Obinna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 03:49]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bbc.co.uk/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki...
    IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\users\Obinna\AppData\Roaming\Mozilla\Firefox\Profiles\7lfrslg4.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - Ext: DigitalPersona Extension: otis@digitalpersona.com - c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
    FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn
    FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
    --

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\pdfcDispatcher]
    "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(5680)
    c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
    c:\program files\WinSCP\DragExt.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\STacSV.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
    c:\program files\LSI SoftModem\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
    c:\program files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
    c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
    c:\program files\Windows Home Server\WHSConnector.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
    c:\windows\system32\conhost.exe
    c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
    c:\windows\system32\conhost.exe
    c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
    c:\windows\system32\conhost.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    c:\windows\system32\sppsvc.exe
    c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    c:\windows\system32\taskhost.exe
    c:\windows\eHome\EhTray.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-30 22:20:13 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-30 22:20
    ComboFix2.txt 2010-12-30 18:14

    Pre-Run: 249,848,442,880 bytes free
    Post-Run: 249,748,267,008 bytes free

    - - End Of File - - C1E945977973201FB5C28BE8D03CCCE2
     
  11. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    You did fine :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. Obi3000

    Obi3000 TS Rookie Topic Starter Posts: 37

    Computer looks good . I haven't experienced any of the problems I had before I started this process :)
    Not able to get OTL . Getting connection timeouts when i click on the link. Is there an alternative download link ?
    Thanks
     
  13. Broni

    Broni Malware Annihilator Posts: 52,904   +344

  14. Obi3000

    Obi3000 TS Rookie Topic Starter Posts: 37

    OTL OTL.txt part 1

    Great ! Thanks.. Part 1 of OTL.txt log below

    OTL logfile created on: 12/30/2010 11:18:01 PM - Run 1
    OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\Obinna\Desktop
    An unknown product (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.7930.16406)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 280.79 Gb Total Space | 232.70 Gb Free Space | 82.87% Space Free | Partition Type: NTFS

    Computer Name: HP-NOTEBOOK | User Name: Obinna | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/30 23:14:54 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Obinna\Desktop\OTL.exe
    PRC - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
    PRC - [2009/12/16 13:48:12 | 000,102,968 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
    PRC - [2009/11/24 18:57:20 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
    PRC - [2009/11/20 21:10:06 | 000,124,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
    PRC - [2009/11/20 20:39:16 | 000,081,920 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
    PRC - [2009/11/20 20:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
    PRC - [2009/11/20 20:38:56 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
    PRC - [2009/11/19 22:11:24 | 000,102,968 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    PRC - [2009/11/19 18:01:10 | 003,788,800 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
    PRC - [2009/11/19 16:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
    PRC - [2009/11/19 16:32:12 | 000,442,368 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
    PRC - [2009/11/18 15:17:36 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
    PRC - [2009/11/18 12:19:46 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\stacsv.exe
    PRC - [2009/11/12 15:32:00 | 000,250,936 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2009/11/11 08:42:40 | 000,277,096 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    PRC - [2009/11/04 21:46:40 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/11/04 21:46:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/11/04 08:29:18 | 000,297,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
    PRC - [2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/10/23 11:52:36 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
    PRC - [2009/10/07 12:49:26 | 000,239,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
    PRC - [2009/10/07 12:48:44 | 000,376,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSConnector.exe
    PRC - [2009/10/07 12:48:44 | 000,097,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\esClient.exe
    PRC - [2009/10/05 09:59:08 | 000,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
    PRC - [2009/10/05 09:59:08 | 000,020,992 | ---- | M] (HP) -- C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
    PRC - [2009/10/02 21:53:24 | 001,107,232 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
    PRC - [2009/10/02 21:47:44 | 000,214,304 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
    PRC - [2009/10/02 21:13:10 | 000,988,448 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
    PRC - [2009/09/04 19:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    PRC - [2009/08/25 16:57:52 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/08/03 20:32:22 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
    PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/14 01:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2009/03/03 10:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\AEstSrv.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/30 23:14:54 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Obinna\Desktop\OTL.exe
    MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2009/07/14 01:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
    MOD - [2009/07/14 01:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
    MOD - [2009/07/14 01:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
    MOD - [2009/07/14 01:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
    MOD - [2009/07/14 01:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
    MOD - [2009/07/14 01:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
    MOD - [2009/07/14 01:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
    MOD - [2009/07/14 01:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
    MOD - [2009/07/14 01:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
    MOD - [2009/07/14 01:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
    SRV - File not found [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Sky -- (Hp.Skyroom.Windows.Service)
    SRV - [2010/11/29 14:52:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2010/08/16 06:15:05 | 000,804,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/07/19 21:34:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/03/25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
    SRV - [2010/02/18 13:26:46 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
    SRV - [2009/12/16 13:48:12 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
    SRV - [2009/11/24 18:57:20 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
    SRV - [2009/11/19 22:11:24 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
    SRV - [2009/11/19 16:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe -- (rgsender)
    SRV - [2009/11/18 15:17:36 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
    SRV - [2009/11/18 12:19:46 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\stacsv.exe -- (STacSV)
    SRV - [2009/11/12 15:32:00 | 000,250,936 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2009/11/11 08:42:40 | 000,277,096 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
    SRV - [2009/11/09 11:52:18 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
    SRV - [2009/11/04 21:46:40 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2009/11/04 21:46:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2009/11/04 08:29:18 | 000,297,984 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
    SRV - [2009/10/23 11:52:36 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
    SRV - [2009/10/07 12:49:26 | 000,239,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
    SRV - [2009/10/07 12:48:44 | 000,376,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)
    SRV - [2009/10/07 12:48:44 | 000,097,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\esClient.exe -- (esClient)
    SRV - [2009/10/05 09:59:08 | 000,081,920 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe -- (MediaCollectorService)
    SRV - [2009/10/05 09:59:08 | 000,020,992 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe -- (HPMSSConnectorSvc)
    SRV - [2009/10/02 21:53:24 | 001,107,232 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe -- (IFXSpMgtSrv)
    SRV - [2009/10/02 21:47:44 | 000,214,304 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
    SRV - [2009/10/02 21:13:10 | 000,988,448 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe -- (IFXTCS)
    SRV - [2009/09/04 19:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV - [2009/08/25 16:57:52 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2009/08/03 20:32:22 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2009/07/14 01:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
    SRV - [2009/07/14 01:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
    SRV - [2009/07/14 01:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
    SRV - [2009/07/14 01:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2009/07/14 01:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
    SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/14 01:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
    SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
    SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
    SRV - [2009/07/14 01:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009/07/14 01:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
    SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/14 01:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
    SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2009/07/14 01:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
    SRV - [2009/07/14 01:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
    SRV - [2009/07/14 01:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
    SRV - [2009/07/14 01:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
    SRV - [2009/07/14 01:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
    SRV - [2009/03/03 10:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\AEstSrv.exe -- (AESTFilters)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Obinna\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2010/12/29 11:55:59 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20101230.003\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/12/29 11:55:59 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20101230.003\NAVENG.SYS -- (NAVENG)
    DRV - [2010/12/16 01:48:04 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/12/15 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/12/15 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/12/01 01:03:34 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101228.001\IDSvix86.sys -- (IDSVix86)
    DRV - [2010/11/23 03:34:08 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2010/11/13 09:37:11 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
    DRV - [2010/11/10 22:36:37 | 001,303,728 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2010/09/09 21:42:33 | 006,758,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
    DRV - [2010/09/09 21:39:52 | 009,956,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2010/09/09 21:39:52 | 000,068,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2010/07/07 18:18:56 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
    DRV - [2010/06/04 20:24:31 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\vpchbus.sys -- (vpcbus)
    DRV - [2010/06/04 20:24:31 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
    DRV - [2010/06/04 20:24:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
    DRV - [2010/05/06 04:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS -- (SYMTDIv)
    DRV - [2010/05/06 04:01:44 | 000,044,080 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
    DRV - [2010/04/29 05:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS -- (SymIRON)
    DRV - [2010/04/22 03:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS -- (SymEFA)
    DRV - [2010/04/22 02:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS -- (SRTSP)
    DRV - [2010/04/22 02:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2010/02/26 00:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys -- (ccHP)
    DRV - [2010/02/04 01:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS -- (SymDS)
    DRV - [2009/12/17 22:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV - [2009/12/11 07:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
    DRV - [2009/12/01 17:49:51 | 000,295,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
    DRV - [2009/11/18 12:19:46 | 000,420,864 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2009/11/11 08:43:00 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
    DRV - [2009/11/11 08:42:52 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Unknown | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
    DRV - [2009/11/11 08:42:50 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
    DRV - [2009/11/11 08:42:48 | 000,110,520 | ---- | M] () [Kernel | Unknown | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
    DRV - [2009/11/06 00:35:22 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel(R)
    DRV - [2009/10/29 00:55:00 | 000,047,616 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\risdpe86.sys -- (risdpcie)
    DRV - [2009/10/26 21:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rimspe86.sys -- (rimspci)
    DRV - [2009/10/21 13:37:52 | 000,032,312 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
    DRV - [2009/10/02 21:47:10 | 000,039,712 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\windows\System32\drivers\psd.sys -- (PersonalSecureDrive)
    DRV - [2009/09/28 21:47:00 | 000,038,912 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rixdpe86.sys -- (rixdpcie)
    DRV - [2009/09/18 02:04:28 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV - [2009/09/17 20:54:50 | 000,018,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
    DRV - [2009/09/17 20:54:42 | 000,029,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
    DRV - [2009/09/17 20:54:40 | 000,108,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
    DRV - [2009/09/17 20:54:36 | 000,086,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
    DRV - [2009/09/17 20:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
    DRV - [2009/09/08 17:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
    DRV - [2009/08/09 21:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
    DRV - [2009/08/07 12:17:26 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\iaStor.sys -- (iaStor)
    DRV - [2009/08/03 20:32:22 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009/07/20 22:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
    DRV - [2009/07/14 01:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\cmdide.sys -- (cmdide)
    DRV - [2009/07/14 01:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\adpahci.sys -- (adpahci)
    DRV - [2009/07/14 01:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
    DRV - [2009/07/14 01:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
    DRV - [2009/07/14 01:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2009/07/14 01:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\arcsas.sys -- (arcsas)
    DRV - [2009/07/14 01:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\amdsata.sys -- (amdsata)
    DRV - [2009/07/14 01:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\arc.sys -- (arc)
    DRV - [2009/07/14 01:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\amdxata.sys -- (amdxata)
    DRV - [2009/07/14 01:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\aliide.sys -- (aliide)
    DRV - [2009/07/14 01:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nvstor.sys -- (nvstor)
    DRV - [2009/07/14 01:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nvraid.sys -- (nvraid)
    DRV - [2009/07/14 01:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
    DRV - [2009/07/14 01:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
    DRV - [2009/07/14 01:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
    DRV - [2009/07/14 01:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
    DRV - [2009/07/14 01:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2009/07/14 01:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
    DRV - [2009/07/14 01:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
    DRV - [2009/07/14 01:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\iirsp.sys -- (iirsp)
    DRV - [2009/07/14 01:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\megasas.sys -- (megasas)
    DRV - [2009/07/14 01:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
    DRV - [2009/07/14 01:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\elxstor.sys -- (elxstor)
    DRV - [2009/07/14 01:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
    DRV - [2009/07/14 01:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
    DRV - [2009/07/14 01:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
    DRV - [2009/07/14 01:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
    DRV - [2009/07/14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009/07/14 01:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
    DRV - [2009/07/14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009/07/14 01:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
    DRV - [2009/07/14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/14 01:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\viaide.sys -- (viaide)
    DRV - [2009/07/14 01:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\ql2300.sys -- (ql2300)
    DRV - [2009/07/14 01:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\rdyboost.sys -- (rdyboost)
    DRV - [2009/07/14 01:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
    DRV - [2009/07/14 01:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
    DRV - [2009/07/14 01:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\pcw.sys -- (pcw)
    DRV - [2009/07/14 01:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
    DRV - [2009/07/14 01:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\stexstor.sys -- (stexstor)
    DRV - [2009/07/14 01:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\cng.sys -- (CNG)
    DRV - [2009/07/14 00:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2009/07/14 00:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
    DRV - [2009/07/14 00:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
    DRV - [2009/07/13 23:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
    DRV - [2009/07/13 23:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
    DRV - [2009/07/13 23:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
    DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/13 23:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
    DRV - [2009/07/13 23:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
    DRV - [2009/07/13 23:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
    DRV - [2009/07/13 23:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
    DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
    DRV - [2009/07/13 23:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
    DRV - [2009/07/13 23:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
    DRV - [2009/07/13 23:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\CompositeBus.sys -- (CompositeBus)
    DRV - [2009/07/13 23:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\appid.sys -- (AppID)
    DRV - [2009/07/13 23:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
    DRV - [2009/07/13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009/07/13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/07/13 23:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
    DRV - [2009/07/13 23:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
    DRV - [2009/07/13 23:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
    DRV - [2009/07/13 23:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
    DRV - [2009/07/13 22:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 22:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
    DRV - [2009/07/13 22:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
    DRV - [2009/07/13 22:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
    DRV - [2009/07/13 22:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
    DRV - [2009/07/13 22:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
    DRV - [2009/07/13 22:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2009/07/13 22:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
    DRV - [2009/07/13 22:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
    DRV - [2009/07/08 20:48:38 | 000,025,656 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
    DRV - [2009/07/08 20:48:22 | 000,033,848 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\Accelerometer.sys -- (Accelerometer)
    DRV - [2009/06/25 23:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\windows\system32\DRIVERS\rimmptsk.sys -- (rimmptsk)
    DRV - [2009/06/25 23:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rixdptsk.sys -- (rismxdp)
    DRV - [2009/06/25 23:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rimsptsk.sys -- (rimsptsk)
    DRV - [2009/06/10 21:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2009/04/29 14:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2004/05/10 21:42:38 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\windrvNT.sys -- (windrvNT)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM/2
    IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/"
    FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4189
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
    FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
    FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/09 22:29:04 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010/11/13 10:00:16 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn\ [2010/12/16 09:53:09 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn\ [2010/12/16 01:48:27 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/14 21:33:17 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/18 11:37:27 | 000,000,000 | ---D | M]

    [2010/12/14 21:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Obinna\AppData\Roaming\Mozilla\Extensions
    [2010/12/14 21:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Obinna\AppData\Roaming\Mozilla\Firefox\Profiles\7lfrslg4.default\extensions
    [2010/12/14 21:33:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/11/13 10:00:16 | 000,000,000 | ---D | M] (DigitalPersona Extension) -- C:\PROGRAM FILES\HEWLETT-PACKARD\HP PROTECTTOOLS SECURITY MANAGER\BIN\FIREFOXEXT
    [2010/09/09 22:29:04 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
    [2010/12/16 01:48:27 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\COFFPLGN
    [2010/12/16 09:53:09 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPLGN
    [2010/12/03 17:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/12/03 17:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/12/03 17:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/12/03 17:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
     
  15. Obi3000

    Obi3000 TS Rookie Topic Starter Posts: 37

    OTL OTL.txt part 2

    Part 2 of OTL.txt

    O1 HOSTS File: ([2010/12/30 22:17:12 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
    O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [IFXSPMGT] C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
    O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe ()
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
    O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (livessp) - C:\windows\System32\livessp.dll (Microsoft Corp.)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
    NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
    NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)


    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/30 23:15:29 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Obinna\Desktop\OTL.exe
    [2010/12/30 22:17:14 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2010/12/30 20:50:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
    [2010/12/30 18:09:16 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Local\temp
    [2010/12/30 18:02:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2010/12/30 18:02:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2010/12/30 18:02:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2010/12/30 18:02:01 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
    [2010/12/30 18:01:35 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/30 10:54:12 | 000,000,000 | ---D | C] -- C:\Users\Obinna\Desktop\tdsskiller
    [2010/12/30 01:42:44 | 000,000,000 | ---D | C] -- C:\Users\Obinna\Documents\Outlook Files
    [2010/12/29 12:46:56 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Roaming\Malwarebytes
    [2010/12/29 12:46:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
    [2010/12/29 12:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/12/29 12:46:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
    [2010/12/29 12:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/12/29 11:50:46 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Local\Symantec
    [2010/12/29 11:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/12/20 21:23:30 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Local\CrashDumps
    [2010/12/20 10:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
    [2010/12/20 09:43:23 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Roaming\Tific
    [2010/12/17 09:26:07 | 000,000,000 | ---D | C] -- C:\windows\en
    [2010/12/17 09:23:39 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
    [2010/12/17 09:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
    [2010/12/17 09:21:48 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Local\Windows Live
    [2010/12/16 17:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
    [2010/12/16 09:53:31 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1108000.005\cchpx86.sys
    [2010/12/16 09:53:31 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1108000.005\symtdiv.sys
    [2010/12/16 09:53:31 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1108000.005\symds.sys
    [2010/12/16 09:53:31 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1108000.005\srtsp.sys
    [2010/12/16 09:53:31 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1108000.005\symefa.sys
    [2010/12/16 09:53:31 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1108000.005\ironx86.sys
    [2010/12/16 09:53:31 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1108000.005\srtspx.sys
    [2010/12/16 09:53:10 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS\1108000.005
    [2010/12/16 09:33:48 | 000,044,080 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SymIMV.sys
    [2010/12/16 01:48:04 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
    [2010/12/16 01:48:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2010/12/16 01:48:04 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2010/12/16 01:47:48 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS
    [2010/12/16 01:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
    [2010/12/16 01:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
    [2010/12/16 01:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
    [2010/12/16 01:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
    [2010/12/14 21:33:20 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Roaming\Mozilla
    [2010/12/14 21:33:20 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Local\Mozilla
    [2010/12/14 21:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010/12/14 21:15:32 | 000,000,000 | ---D | C] -- C:\windows\Minidump
    [2010/12/12 17:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
    [2010/12/12 17:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
    [2010/12/12 17:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentBar
    [2010/12/12 17:46:04 | 000,000,000 | ---D | C] -- C:\extensions
    [2010/12/03 17:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
    [2010/12/03 14:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
    [2010/12/03 14:02:58 | 000,000,000 | ---D | C] -- C:\Windows Home Server Drivers for Restore
    [2010/06/04 21:14:18 | 000,256,560 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
    [2010/06/04 21:14:18 | 000,213,040 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll

    ========== Files - Modified Within 30 Days ==========

    [2010/12/30 23:18:00 | 000,000,910 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1094772569-1696026563-3835395496-1000UA.job
    [2010/12/30 23:14:54 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Obinna\Desktop\OTL.exe
    [2010/12/30 22:54:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/12/30 22:24:15 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/12/30 22:24:15 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/12/30 22:17:12 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
    [2010/12/30 22:17:00 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/12/30 22:16:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2010/12/30 22:16:04 | 2404,757,504 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/30 20:50:03 | 004,011,777 | R--- | M] () -- C:\Users\Obinna\Desktop\ComboFix.exe
    [2010/12/30 18:29:24 | 001,081,416 | ---- | M] () -- C:\windows\System32\drivers\NIS\1108000.005\Cat.DB
    [2010/12/30 17:47:37 | 000,080,384 | ---- | M] () -- C:\Users\Obinna\Desktop\MBRCheck.exe
    [2010/12/30 01:16:50 | 000,009,286 | ---- | M] () -- C:\Users\Public\Documents\DDS.zip
    [2010/12/30 01:12:13 | 000,005,396 | ---- | M] () -- C:\Users\Public\Documents\DDS_Attach.zip
    [2010/12/30 00:18:00 | 000,000,858 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1094772569-1696026563-3835395496-1000Core.job
    [2010/12/29 14:56:01 | 632,877,875 | ---- | M] () -- C:\windows\MEMORY.DMP
    [2010/12/29 12:46:48 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/29 11:05:59 | 000,002,969 | ---- | M] () -- C:\Users\Obinna\Desktop\HiJackThis.lnk
    [2010/12/26 19:04:47 | 000,012,159 | ---- | M] () -- C:\Users\Obinna\Desktop\IrwPrintShoppingList.pdf
    [2010/12/26 16:26:00 | 000,621,772 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2010/12/26 16:26:00 | 000,108,912 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
    [2010/12/19 00:15:24 | 000,002,283 | ---- | M] () -- C:\Users\Obinna\Desktop\Google Chrome.lnk
    [2010/12/18 11:37:27 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/12/17 11:45:56 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
    [2010/12/16 17:47:39 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
    [2010/12/16 17:13:35 | 000,002,414 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
    [2010/12/16 01:48:04 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
    [2010/12/16 01:48:04 | 000,007,443 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.CAT
    [2010/12/16 01:48:04 | 000,000,805 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.INF
    [2010/12/16 01:40:35 | 000,001,259 | ---- | M] () -- C:\Users\Obinna\Desktop\Norton Installation Files.lnk
    [2010/12/14 21:33:17 | 000,001,913 | ---- | M] () -- C:\Users\Obinna\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/12/14 21:33:17 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/12/13 11:56:11 | 000,211,299 | ---- | M] () -- C:\Users\Public\Documents\DarfieldRoad_CouncilTaxPayment.pdf
    [2010/12/04 23:27:50 | 000,001,996 | -H-- | M] () -- C:\Users\Obinna\Documents\Default.rdp
    [2010/12/03 20:40:54 | 000,410,560 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
    [2010/12/03 14:10:21 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
    [2010/12/03 14:09:03 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf

    ========== Files Created - No Company Name ==========

    [2010/12/30 18:02:07 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
    [2010/12/30 18:02:07 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2010/12/30 18:02:07 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
    [2010/12/30 18:02:07 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2010/12/30 18:02:07 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2010/12/30 17:58:06 | 004,011,777 | R--- | C] () -- C:\Users\Obinna\Desktop\ComboFix.exe
    [2010/12/30 17:50:54 | 000,080,384 | ---- | C] () -- C:\Users\Obinna\Desktop\MBRCheck.exe
    [2010/12/30 01:16:50 | 000,009,286 | ---- | C] () -- C:\Users\Public\Documents\DDS.zip
    [2010/12/30 01:12:13 | 000,005,396 | ---- | C] () -- C:\Users\Public\Documents\DDS_Attach.zip
    [2010/12/29 12:46:48 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/29 11:02:08 | 000,002,969 | ---- | C] () -- C:\Users\Obinna\Desktop\HiJackThis.lnk
    [2010/12/26 19:04:47 | 000,012,159 | ---- | C] () -- C:\Users\Obinna\Desktop\IrwPrintShoppingList.pdf
    [2010/12/26 11:35:02 | 2404,757,504 | -HS- | C] () -- C:\hiberfil.sys
    [2010/12/19 00:15:24 | 000,002,283 | ---- | C] () -- C:\Users\Obinna\Desktop\Google Chrome.lnk
    [2010/12/19 00:13:15 | 000,000,910 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1094772569-1696026563-3835395496-1000UA.job
    [2010/12/19 00:13:15 | 000,000,858 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1094772569-1696026563-3835395496-1000Core.job
    [2010/12/17 11:45:56 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
    [2010/12/16 17:12:53 | 001,081,416 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\Cat.DB
    [2010/12/16 09:53:31 | 000,007,873 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\symefa.cat
    [2010/12/16 09:53:31 | 000,007,787 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\symnetv.cat
    [2010/12/16 09:53:31 | 000,007,442 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\srtspx.cat
    [2010/12/16 09:53:31 | 000,007,438 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\srtsp.cat
    [2010/12/16 09:53:31 | 000,007,438 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\iron.cat
    [2010/12/16 09:53:31 | 000,007,425 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\symds.cat
    [2010/12/16 09:53:31 | 000,007,396 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\cchpx86.cat
    [2010/12/16 09:53:31 | 000,007,368 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\symnet.cat
    [2010/12/16 09:53:31 | 000,003,373 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\symefa.inf
    [2010/12/16 09:53:31 | 000,002,793 | R--- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\symds.inf
    [2010/12/16 09:53:31 | 000,001,754 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\cchpx86.inf
    [2010/12/16 09:53:31 | 000,001,473 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\symnetv.inf
    [2010/12/16 09:53:31 | 000,001,445 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\symnet.inf
    [2010/12/16 09:53:31 | 000,001,388 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\srtspx.inf
    [2010/12/16 09:53:31 | 000,001,382 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\srtsp.inf
    [2010/12/16 09:53:31 | 000,000,741 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\iron.inf
    [2010/12/16 09:53:10 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\isolate.ini
    [2010/12/16 01:48:04 | 000,007,443 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.CAT
    [2010/12/16 01:48:04 | 000,000,805 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.INF
    [2010/12/16 01:48:02 | 000,002,414 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
    [2010/12/16 01:40:35 | 000,001,259 | ---- | C] () -- C:\Users\Obinna\Desktop\Norton Installation Files.lnk
    [2010/12/14 21:33:17 | 000,001,913 | ---- | C] () -- C:\Users\Obinna\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/12/14 21:33:17 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/12/14 21:15:31 | 632,877,875 | ---- | C] () -- C:\windows\MEMORY.DMP
    [2010/12/13 11:56:10 | 000,211,299 | ---- | C] () -- C:\Users\Public\Documents\DarfieldRoad_CouncilTaxPayment.pdf
    [2010/12/03 14:10:21 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
    [2010/12/03 14:09:03 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
    [2010/11/19 21:51:48 | 000,000,600 | ---- | C] () -- C:\Users\Obinna\AppData\Roaming\winscp.rnd
    [2010/10/28 22:29:32 | 000,004,608 | ---- | C] () -- C:\Users\Obinna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/17 21:04:43 | 000,000,924 | ---- | C] () -- C:\Users\Obinna\AppData\Roaming\Rim.Desktop.Exception.log
    [2010/08/17 20:59:49 | 000,001,948 | ---- | C] () -- C:\Users\Obinna\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    [2010/08/03 22:07:23 | 000,011,372 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2010/07/30 00:47:28 | 000,087,552 | ---- | C] () -- C:\windows\System32\cpwmon2k.dll
    [2010/07/21 19:55:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/07/15 20:18:50 | 000,110,592 | ---- | C] () -- C:\windows\System32\suppdll.dll
    [2010/07/15 20:18:50 | 000,035,363 | ---- | C] () -- C:\windows\System32\windrvNT.sys
    [2010/07/15 19:41:52 | 000,000,000 | ---- | C] () -- C:\Users\Obinna\AppData\Local\QSwitch.txt
    [2010/07/15 19:41:52 | 000,000,000 | ---- | C] () -- C:\Users\Obinna\AppData\Local\DSwitch.txt
    [2010/07/15 19:41:52 | 000,000,000 | ---- | C] () -- C:\Users\Obinna\AppData\Local\AtStart.txt
    [2010/06/04 21:14:18 | 001,765,168 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
    [2010/06/04 21:14:18 | 000,034,480 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
    [2010/06/04 21:14:18 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
    [2010/06/04 20:57:43 | 001,731,176 | ---- | C] () -- C:\windows\System32\nvwdmcpl.dll
    [2010/06/04 20:57:43 | 001,612,392 | ---- | C] () -- C:\windows\System32\nView.dll
    [2010/06/04 20:57:43 | 001,108,584 | ---- | C] () -- C:\windows\System32\nvwimg.dll
    [2010/06/04 20:57:43 | 000,473,704 | ---- | C] () -- C:\windows\System32\nvShell.dll
    [2010/06/04 20:04:18 | 000,000,188 | ---- | C] () -- C:\windows\System32\HPWA.ini
    [2010/06/04 19:58:49 | 000,000,178 | ---- | C] () -- C:\windows\System32\HPPA.ini
    [2010/02/19 08:43:00 | 000,000,256 | ---- | C] () -- C:\windows\System32\vcsAPIShared.dll.hpsign
    [2009/11/24 18:57:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPSCEL.dll.hpsign
    [2009/11/24 18:57:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApi.dll.hpsign
    [2009/11/24 18:57:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPClback.dll.hpsign
    [2009/11/24 13:55:38 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApiUI.dll.hpsign
    [2009/11/24 13:55:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign
    [2009/11/24 13:55:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign
    [2009/11/11 08:42:48 | 000,110,520 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
    [2009/11/09 11:52:36 | 000,329,272 | ---- | C] () -- C:\windows\System32\flcdlmsg.dll
    [2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
    [2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

    ========== LOP Check ==========

    [2010/09/21 21:14:45 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\AnvSoft
    [2010/09/20 21:32:23 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\Ashampoo
    [2010/07/23 22:12:10 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\Blackberry Desktop
    [2010/11/13 10:13:48 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\DigitalPersona
    [2010/10/28 19:23:50 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\ICAClient
    [2010/11/13 10:03:35 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\Infineon
    [2010/08/17 21:04:49 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\Research In Motion
    [2010/12/20 09:43:23 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\Tific
    [2010/12/16 01:41:56 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\uTorrent
    [2010/07/20 22:50:17 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\Windows Home Server
    [2010/12/30 10:49:09 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/07/14 01:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010/12/30 22:20:13 | 000,024,193 | ---- | M] () -- C:\ComboFix.txt
    [2010/12/30 22:16:04 | 2404,757,504 | -HS- | M] () -- C:\hiberfil.sys
    [2010/08/07 15:19:10 | 327,118,024 | ---- | M] () -- C:\HP_Printer_software_PS_AIO_02_USW_Full_Win_WW_130_140.exe
    [2010/12/30 22:16:12 | 3206,344,704 | -HS- | M] () -- C:\pagefile.sys
    [2010/11/13 10:01:08 | 000,002,389 | ---- | M] () -- C:\pdfco.log
    [2010/12/30 10:57:11 | 000,077,632 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_30.12.2010_10.54.26_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 04:52:25 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 04:52:25 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 04:52:25 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 04:52:25 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 21:31:19 | 000,000,065 | -H-- | M] () -- C:\windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2007/03/15 14:32:10 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5ha.dll
    [2009/07/14 01:15:26 | 000,280,064 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzppw71.dll
    [2009/07/14 01:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2009/07/14 01:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/23 00:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 04:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/09/15 20:31:18 | 000,000,221 | -HS- | M] () -- C:\Users\Obinna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/12/30 20:50:03 | 004,011,777 | R--- | M] () -- C:\Users\Obinna\Desktop\ComboFix.exe
    [2010/12/30 17:47:37 | 000,080,384 | ---- | M] () -- C:\Users\Obinna\Desktop\MBRCheck.exe
    [2010/12/30 23:14:54 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Obinna\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >
    [2009/08/10 22:31:00 | 000,013,022 | ---- | M] () -- C:\Windows\snp2uvc.src

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 21:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/06/04 21:06:48 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2010/06/04 21:06:48 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2010/06/04 21:06:48 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2010/06/04 21:06:48 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2010/06/04 21:06:48 | 000,786,432 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
    [2010/06/04 21:06:48 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/11/13 10:00:25 | 000,000,402 | -HS- | M] () -- C:\Users\Obinna\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/11/10 23:00:07 | 000,011,372 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:DE406C3E

    < End of report >
     
  16. Obi3000

    Obi3000 TS Rookie Topic Starter Posts: 37

    OTL Extras.txt

    OTL Extras logfile created on: 12/30/2010 11:18:01 PM - Run 1
    OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\Obinna\Desktop
    An unknown product (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.7930.16406)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 280.79 Gb Total Space | 232.70 Gb Free Space | 82.87% Space Free | Partition Type: NTFS

    Computer Name: HP-NOTEBOOK | User Name: Obinna | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- C:\Users\Obinna\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
    "{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{17DA6412-EC90-42D1-A9A4-661416750025}" = HP SkyRoom
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
    "{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
    "{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server Connector
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{2A08C71B-CC60-42EA-8DA2-FE5486E3B20B}" = Remote Graphics Sender
    "{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
    "{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
    "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4DC71B23-A996-42D3-8E4B-092BB3CDB71C}" = Embedded Security for HP ProtectTools
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{4EE201CD-5A61-4749-9EEC-28CE86E9EE90}" = Remote Graphics Receiver
    "{518C838E-A21C-40BE-B844-648040C2491D}" = HP Wireless Assistant
    "{544FFB43-6682-4E15-AD12-BE0F04CC21E5}" = HP User Guides 0160
    "{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
    "{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
    "{58215966-9BA6-485D-B8DA-4AE31150B92E}" = HP Common Access Service Library
    "{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{67C090D6-109A-47D7-8DED-4160C4D96F32}" = HP 3D DriveGuard
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{78365FC6-09CA-4AC3-BC01-70FB46596047}" = Validity Fingerprint Driver
    "{7861911B-4270-498A-8F7A-FCF0570F484B}" = HP QuickWeb
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
    "{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
    "{871732B3-1EE5-4C54-8462-8BFF516880B7}" = HP ESU for Microsoft Windows 7
    "{883FDE02-EBF8-4D59-87FB-5FF410A35A6C}" = Remote Graphics Sender
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    "{964D0D1C-1D28-4802-8EE8-345CC8D2633B}" = HP Data Vault 3.0 Update 1
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
    "{98BCAD50-58AE-4EDD-9BBA-388B221E750B}" = Privacy Manager for HP ProtectTools
    "{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
    "{a1f89c34-f061-447d-ac10-b5f1896a5923}" = C4380_Help
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
    "{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext
    "{BAEE9CD5-A680-43A2-A5FA-6F700C5AD45A}" = HP QuickLook
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
    "{C83002C4-450F-40B1-B7FC-29A04CE69646}" = HP ProtectTools Security Manager
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4CFC5F3-481C-40AA-9944-E7E4E732136C}" = Microsoft IntelliType Pro 8.0
    "{D6782B98-BDC0-45F4-A046-9D26C475CBF8}" = Drive Encryption for HP ProtectTools
    "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
    "{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DB8FCBE8-B9AE-455D-B9FE-55BB06F165CF}" = C4380
    "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E366F338-BF6E-4165-BDDB-3DCCB3388F9F}" = HP Power Data
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EEB023B5-8EBE-4BEB-90C8-BDA16ABEDBB4}" = HP Power Assistant
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
    "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
    "{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
    "{FD8234FF-A70D-4632-B146-F41AB37C0B24}" = HP Business Card Reader
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Any Video Converter_is1" = Any Video Converter 3.0.7
    "Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
    "B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
    "BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
    "CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
    "conduitEngine" = Conduit Engine
    "CutePDF Writer Installation" = CutePDF Writer 2.7
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.51
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "HPProtectTools" = HP ProtectTools Security Manager
    "InstallShield_{17DA6412-EC90-42D1-A9A4-661416750025}" = HP SkyRoom
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "NIS" = Norton Internet Security
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "PDF Complete" = PDF Complete Special Edition
    "PROSet" = Intel(R) Network Connections Drivers
    "Shop for HP Supplies" = Shop for HP Supplies
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "uTorrent" = µTorrent
    "uTorrentBar Toolbar" = uTorrentBar Toolbar
    "VirtualCloneDrive" = VirtualCloneDrive
    "VLC media player" = VLC media player 1.1.4
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "winscp3_is1" = WinSCP 4.2.9

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Folder Lock" = Folder Lock
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/30/2010 10:17:17 AM | Computer Name = HP-Notebook | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\hewlett-packard\hp
    skyroom\remote graphics receiver\hprpusb\64-bit\DPInst.exe". Dependent Assembly
    Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 12/30/2010 11:18:30 AM | Computer Name = HP-Notebook | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Research
    In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 12/30/2010 11:18:34 AM | Computer Name = HP-Notebook | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Common
    Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Dependent Assembly
    Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 12/30/2010 11:18:38 AM | Computer Name = HP-Notebook | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\hewlett-packard\hp
    skyroom\remote graphics receiver\hprpusb\64-bit\DPInst.exe". Dependent Assembly
    Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 12/30/2010 11:24:19 AM | Computer Name = HP-Notebook | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 12/30/2010 11:24:19 AM | Computer Name = HP-Notebook | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1092

    Error - 12/30/2010 11:24:19 AM | Computer Name = HP-Notebook | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1092

    Error - 12/30/2010 1:43:47 PM | Computer Name = HP-Notebook | Source = MSSConnectorService | ID = 0
    Description = The remote name could not be resolved: 'hp-storage' at System.Net.HttpWebRequest.GetResponse()

    at MSSConnectorService.MSSLongPoller.Poll()

    Error - 12/30/2010 3:05:05 PM | Computer Name = HP-Notebook | Source = MSSConnectorService | ID = 0
    Description = The remote name could not be resolved: 'hp-storage' at System.Net.HttpWebRequest.GetResponse()

    at MSSConnectorService.MSSLongPoller.Poll()

    Error - 12/30/2010 4:43:03 PM | Computer Name = HP-Notebook | Source = MSSConnectorService | ID = 0
    Description = The remote name could not be resolved: 'hp-storage' at System.Net.HttpWebRequest.GetResponse()

    at MSSConnectorService.MSSLongPoller.Poll()

    [ Hewlett-Packard Events ]
    Error - 7/23/2010 4:43:42 PM | Computer Name = HP-Notebook | Source = Hewlett-Packard | ID = 0
    Description = en-GB Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
    Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
    System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 7/23/2010 4:43:43 PM | Computer Name = HP-Notebook | Source = Hewlett-Packard | ID = 0
    Description = en-GB Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
    Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
    System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 8/7/2010 9:28:34 AM | Computer Name = HP-Notebook | Source = Hewlett-Packard | ID = 0
    Description =

    Error - 8/22/2010 4:37:24 PM | Computer Name = HP-Notebook | Source = Hewlett-Packard | ID = 0
    Description = en-GB Object reference not set to an instance of an object. HPSF at
    HPAssistant.Pages.MaintainTuneUpProgress.bgScan_RunWorkerCompleted(Object sender,
    RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
    e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)

    at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
    Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
    source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


    Error - 11/10/2010 6:32:04 PM | Computer Name = HP-Notebook | Source = Hewlett-Packard | ID = 0
    Description = en-GB Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
    Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
    System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 11/10/2010 6:32:04 PM | Computer Name = HP-Notebook | Source = Hewlett-Packard | ID = 0
    Description = en-GB Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
    Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
    System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 11/13/2010 5:19:25 AM | Computer Name = HP-Notebook | Source = Hewlett-Packard | ID = 0
    Description = en-GB Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
    Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
    System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    [ HP Power Assistant Events ]
    Error - 12/30/2010 6:52:12 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
    Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
    pmcData) at HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)

    Error - 12/30/2010 6:53:12 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
    Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
    pmcData) at HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)

    Error - 12/30/2010 6:54:12 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
    Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
    pmcData) at HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)

    Error - 12/30/2010 6:55:12 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
    Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
    pmcData) at HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)

    Error - 12/30/2010 6:55:42 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
    Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
    radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 12/30/2010 6:55:45 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
    Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
    radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 12/30/2010 6:56:12 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
    Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
    pmcData) at HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)

    Error - 12/30/2010 6:57:12 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
    Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
    pmcData) at HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)

    Error - 12/30/2010 3:58:59 PM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
    Description = System.InvalidOperationException There is an error in the XML document.

    at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader xmlReader, String
    encodingStyle, XmlDeserializationEvents events) at System.Xml.Serialization.XmlSerializer.Deserialize(XmlReader
    xmlReader) at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput& pmcData) at
    HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)

    Error - 12/30/2010 3:58:59 PM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
    Description = System.FormatException The string '2059-58-58T58:58:58' is not a valid
    AllXsd value. at System.Xml.Schema.XsdDateTime..ctor(String text, XsdDateTimeFlags
    kinds) at System.Xml.XmlConvert.ToDateTime(String s, XmlDateTimeSerializationMode
    dateTimeOption) at System.Xml.Serialization.XmlCustomFormatter.ToDateTime(String
    value) at System.Xml.Serialization.XmlSerializationReader.ToDateTime(String value)

    at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read96_GetPMCDataOutputOutputData(Boolean
    isNullable, Boolean checkType) at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read97_GetPMCDataOutputOutput(Boolean
    isNullable, Boolean checkType) at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read98_GetPMCDataOutput(Boolean
    isNullable, Boolean checkType) at Microsoft.Xml.Serialization.GeneratedAssembly.XmlSerializationReader1.Read227_GetPMCDataOutput()

    [ HP Wireless Assistant Events ]
    Error - 12/18/2010 5:00:17 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
    Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
    radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 12/18/2010 5:00:32 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
    Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
    radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 12/18/2010 5:00:33 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
    Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
    radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 12/18/2010 5:00:38 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
    Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
    radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 12/18/2010 5:00:55 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
    Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
    radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 12/18/2010 5:00:58 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
    Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
    radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 12/18/2010 5:01:05 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
    Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
    radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 12/18/2010 5:01:07 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
    Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
    radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 12/18/2010 5:01:08 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
    Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
    radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 12/18/2010 5:01:19 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
    Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
    radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    [ System Events ]
    Error - 12/30/2010 4:48:58 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 12/30/2010 4:50:26 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 12/30/2010 4:51:23 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 12/30/2010 6:16:28 PM | Computer Name = HP-Notebook | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 20:58:30 on ?30/?12/?2010 was unexpected.

    Error - 12/30/2010 6:16:30 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7000
    Description = The rimspci service failed to start due to the following error: %%1058

    Error - 12/30/2010 6:16:30 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7000
    Description = The rimsptsk service failed to start due to the following error: %%1058

    Error - 12/30/2010 6:16:30 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7000
    Description = The risdpcie service failed to start due to the following error: %%1058

    Error - 12/30/2010 6:16:30 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7000
    Description = The Ricoh xD-Picture Card Driver service failed to start due to the
    following error: %%1058

    Error - 12/30/2010 6:16:30 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7000
    Description = The rixdpcie service failed to start due to the following error: %%1058

    Error - 12/30/2010 7:15:05 PM | Computer Name = HP-Notebook | Source = NetBT | ID = 4319
    Description = A duplicate name has been detected on the TCP network. The IP address
    of the computer that sent the message is in the data. Use nbtstat -n in a command
    window to see which name is in the Conflict state.


    < End of report >
     
  17. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    You didn't say...
    =======================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:DE406C3E
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  18. Obi3000

    Obi3000 TS Rookie Topic Starter Posts: 37

    Hi Broni,
    Unfortunately I am still having problems getting my computer to start after. Last Known Good configuration no longer works. I have tried using the windows 7 start up repair disc but this comes back with the message "Startup repair cannot repair this computer automatically"
    I think my only option now is to do a system restore from a backup I made prior to starting the virus removal process. Should I go ahead with this ? If this works, what should be the next steps.
    Thanks for your help
     
  19. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    I need more details....
     
  20. Obi3000

    Obi3000 TS Rookie Topic Starter Posts: 37

    Hi Broni,
    When I boot up the PC. It loads the "Windows Error Recovery" screen. The message is
    I am presented with 2 options . 1) Launch Startup Repair and 2)Start Windows Normally

    When I select 1) A screen titled "Windows Boot Manager" is displayed with the following :
    When I follow these steps by booting a windows repair CD, Windows attempts to perform a Startup repair but this fails with the message " Startup repair cannot repair your computer automatically"
    problem details states:
    If I exit this and choose 2) "start windows normally", the starting windows screen is displayed then there is a blue screen flash (too quick to make out the message) and I am returned back to the windows error recovery screen.
     
  21. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    I can see a lot of people on Google with very same problem.

    At what exact point of our cleaning process did it happen?
     
  22. Obi3000

    Obi3000 TS Rookie Topic Starter Posts: 37

    Hi
    The problem started immediately after the 2nd Combofix run with CFScript (see my response in thread #10) . Combfix run completed and computer rebooted with the startup error.
    I have been scanning google and trying various solutions but so far no luck.. System restore to previous backup is looking like the next step at the mo..
     
  23. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    I'm little bit confused...
    After Combofix, you're still able to run OTL scan, so....
     
  24. Obi3000

    Obi3000 TS Rookie Topic Starter Posts: 37

    Yep. I got the start-up problem after the second combofix run. I was then able to get passed it by using last known good configuration... I then ran OTL as instructed.. But when I shut down my PC for the night and came back the next day , I got the same startup issues only this time it wouldn't let me boot when I select Last known good configuration..
    Hope that clears it up..
     
  25. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    See, if it'll boot.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...