[Solved] Help to remove Virus/Malware causing Redirection, Playing Sounds, Blue Screen Crash

Obi3000 · Jan 2, 2011

DDS (Ver_10-12-12.02) - NTFSx86
Run by Obinna at 11:56:12.16 on 02/01/2011
Internet Explorer: 9.0.7930.16406
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3058.1697 [GMT 0:00]

AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\STacSV.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\nvvsvc.exe
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\aestsrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Windows Home Server\esClient.exe
C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
c:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
C:\windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k HPService
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
C:\windows\system32\conhost.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
C:\windows\system32\conhost.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
C:\windows\system32\conhost.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\taskeng.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Obinna\Desktop\dds.scr
C:\windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bbc.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: File Sanitizer for HP ProtectTools: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
BHO: HP ProtectTools Security Manager Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\hewlett-packard\hp protecttools security manager\bin\DpOtsPluginIe8.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.8.0.5\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\obinna\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HPPowerAssistant] c:\program files\hewlett-packard\hp power assistant\HPPA_Main.exe /hidden
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [IFXSPMGT] "c:\program files\hewlett-packard\embedded security software\ifxspmgt.exe" /NotifyLogon
mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [JP595IR86O] c:\windows\temp\Gzo.exe
dRun: [NtWqIVLZEWZU] c:\windows\temp\Gzy.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10k_ActiveX.exe -update activex
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 3 (0x3)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: DeviceNP - DeviceNP.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
LSA: Notification Packages = DPPassFilter scecli

================= FIREFOX ===================

FF - ProfilePath - c:\users\obinna\appdata\roaming\mozilla\firefox\profiles\7lfrslg4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\hewlett-packard\hp protecttools security manager\bin\firefoxext\components\dpffcli.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\obinna\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: DigitalPersona Extension: otis@digitalpersona.com - c:\program files\hewlett-packard\hp protecttools security manager\bin\FirefoxExt
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\coFFPlgn
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3

============= SERVICES / DRIVERS ===============

R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2009-11-11 51800]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2009-11-11 13256]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1108000.005\symds.sys [2010-12-16 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1108000.005\symefa.sys [2010-12-16 173104]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys [2010-12-16 501888]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\ipsdefs\20101231.001\IDSvix86.sys [2011-1-2 353912]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2009-10-2 39712]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2009-11-11 40088]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1108000.005\ironx86.sys [2010-12-16 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1108000.005\symtdiv.sys [2010-12-16 339504]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_1fb74af29935fce6\AEstSrv.exe [2010-6-4 81920]
R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2009-10-7 239464]
R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2009-10-7 97128]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\hewlett-packard\hp power assistant\HPPA_Service.exe [2009-12-16 102968]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\2009 password filter for hp protecttools\PTChangeFilterService.exe [2009-11-18 36864]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2009-11-19 102968]
R2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files\hewlett-packard\hp skyroom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2009-11-12 250936]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2009-11-11 277096]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2009-11-4 297984]
R2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\hewlett-packard\hp mediasmart server\MSSConnectorService.exe [2009-10-5 20992]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 26168]
R2 MediaCollectorService;MediaCollectorService;c:\program files\hewlett-packard\hp mediasmart server\MediaCollectorClient.exe [2009-10-5 81920]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.8.0.5\ccsvchst.exe [2010-12-16 126392]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2010-11-13 635416]
R2 rgsender;Remote Graphics Sender Service;c:\program files\hewlett-packard\hp skyroom\remote graphics sender\rgsendersvc.exe [2010-6-4 379904]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-6-4 2320920]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2009-10-7 376680]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-6-4 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-6-4 228408]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-6-4 214696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-16 102448]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-11-13 132480]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-9-9 6758912]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-9-9 68200]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2010-6-4 49152]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-20 135664]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-6-4 48640]
S2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-6-4 47616]
S2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-6-4 38912]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-2-18 1664304]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2009-10-21 32312]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-11-9 362040]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-19 1343400]

=============== Created Last 30 ================

2011-01-02 11:34:58 -------- d-----w- c:\users\obinna\appdata\roaming\Malwarebytes
2011-01-02 11:34:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-02 11:34:54 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-02 11:34:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-02 11:34:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-02 09:30:05 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{07a10321-e1b4-4abf-96c0-6b23af9bf554}\mpengine.dll
2011-01-02 09:27:37 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-02 09:27:37 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 21:23:30 -------- d-----w- c:\users\obinna\appdata\local\CrashDumps
2010-12-20 09:43:23 -------- d-----w- c:\users\obinna\appdata\roaming\Tific
2010-12-17 11:30:29 15256 ----a-w- c:\users\obinna\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
2010-12-17 09:26:07 -------- d-----w- c:\windows\en
2010-12-17 09:23:39 -------- d-----w- c:\program files\MSN Toolbar
2010-12-17 09:23:28 -------- d-----w- c:\program files\Bing Bar Installer
2010-12-17 09:23:25 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-12-17 09:23:25 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-12-17 09:23:25 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-17 09:23:08 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-17 09:22:09 469256 ----a-w- c:\program files\common files\windows live\.cache\e070167e1cb9dcb07\InstallManager_WLE_WLE.exe
2010-12-17 09:22:04 94040 ----a-w- c:\program files\common files\windows live\.cache\ddc170ff1cb9dcb06\DSETUP.dll
2010-12-17 09:22:04 525656 ----a-w- c:\program files\common files\windows live\.cache\ddc170ff1cb9dcb06\DXSETUP.exe
2010-12-17 09:22:04 1691480 ----a-w- c:\program files\common files\windows live\.cache\ddc170ff1cb9dcb06\dsetup32.dll
2010-12-17 09:22:02 94040 ----a-w- c:\program files\common files\windows live\.cache\dd3388d21cb9dcb05\DSETUP.dll
2010-12-17 09:22:02 525656 ----a-w- c:\program files\common files\windows live\.cache\dd3388d21cb9dcb05\DXSETUP.exe
2010-12-17 09:22:02 1691480 ----a-w- c:\program files\common files\windows live\.cache\dd3388d21cb9dcb05\dsetup32.dll
2010-12-17 09:21:48 -------- d-----w- c:\users\obinna\appdata\local\Windows Live
2010-12-16 17:46:55 -------- d-----w- c:\progra~2\Research In Motion
2010-12-16 09:53:31 501888 ----a-w- c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys
2010-12-16 09:53:31 43696 ----a-w- c:\windows\system32\drivers\nis\1108000.005\srtspx.sys
2010-12-16 09:53:31 339504 ----a-w- c:\windows\system32\drivers\nis\1108000.005\symtdiv.sys
2010-12-16 09:53:31 328752 ----a-r- c:\windows\system32\drivers\nis\1108000.005\symds.sys
2010-12-16 09:53:31 325680 ----a-w- c:\windows\system32\drivers\nis\1108000.005\srtsp.sys
2010-12-16 09:53:31 173104 ----a-w- c:\windows\system32\drivers\nis\1108000.005\symefa.sys
2010-12-16 09:53:31 116784 ----a-w- c:\windows\system32\drivers\nis\1108000.005\ironx86.sys
2010-12-16 09:53:10 -------- d-----w- c:\windows\system32\drivers\nis\1108000.005
2010-12-16 09:33:48 44080 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-12-16 01:48:04 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-16 01:48:04 -------- d-----w- c:\program files\Symantec
2010-12-16 01:48:04 -------- d-----w- c:\program files\common files\Symantec Shared
2010-12-16 01:47:48 -------- d-----w- c:\windows\system32\drivers\NIS
2010-12-16 01:47:47 -------- d-----w- c:\program files\Norton Internet Security
2010-12-16 01:47:35 -------- d-----w- c:\program files\NortonInstaller
2010-12-16 01:47:35 -------- d-----w- c:\progra~2\NortonInstaller
2010-12-16 01:40:35 -------- d-----w- c:\progra~2\Norton
2010-12-12 17:46:11 -------- d-----w- c:\program files\Conduit
2010-12-12 17:46:08 -------- d-----w- c:\program files\ConduitEngine
2010-12-12 17:46:06 -------- d-----w- c:\program files\uTorrentBar
2010-12-12 17:46:04 -------- d-----w- C:\extensions
2010-12-03 17:15:25 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-12-03 14:10:13 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-12-03 14:02:58 -------- d-----w- C:\Windows Home Server Drivers for Restore

==================== Find3M ====================

2010-11-13 09:05:14 368912 ----a-w- c:\windows\system32\VBAR332.DLL
2010-11-13 09:05:14 252176 ----a-w- c:\windows\system32\MSRD2X35.DLL
2010-11-13 09:05:14 24848 ----a-w- c:\windows\system32\MSJTER35.DLL
2010-11-13 09:05:14 123664 ----a-w- c:\windows\system32\MSJINT35.DLL
2010-11-13 09:05:14 1045776 ----a-w- c:\windows\system32\MSJET35.DLL
2010-11-10 22:36:37 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-11-10 22:36:37 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-11-10 22:36:36 214312 ----a-w- c:\windows\system32\SynCtrl.dll
2010-11-10 22:36:36 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST932042 rev.0006 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: >>UNKNOWN [0x8344F000]<< >>UNKNOWN [0x8C417000]<< >>UNKNOWN [0x8D1AC000]<< >>UNKNOWN [0x8D171000]<< >>UNKNOWN [0x83418000]<< >>UNKNOWN [0x8C28D000]<< >>UNKNOWN [0x8C526000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x8348B458] -> \Device\Harddisk0\DR0[0x8804E030]
\Driver\Disk[0x8804DDF0] -> IRP_MJ_CREATE -> 0x8C41B39F
3 [0x8C41B59E] -> ntkrnlpa!IofCallDriver[0x8348B458] -> [0x8804C8A8]
\Driver\hpdskflt[0x87FFB540] -> IRP_MJ_CREATE -> 0x8D172FB0
5 [0x8D173090] -> ntkrnlpa!IofCallDriver[0x8348B458] -> [0x87568340]
\Driver\ACPI[0x86752F38] -> IRP_MJ_CREATE -> 0x8C2964AA
7 [0x8C2963B2] -> ntkrnlpa!IofCallDriver[0x8348B458] -> \Device\Ide\IAAStorageDevice-1[0x874FF028]
\Driver\iaStor[0x8755C030] -> IRP_MJ_CREATE -> 0x8C56A954
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 11:56:39.27 ===============

Obi3000 · Jan 2, 2011

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 15/07/2010 20:35:59
System Uptime: 02/01/2011 11:43:07 (0 hours ago)

Motherboard: Hewlett-Packard | | 172B
Processor: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz | CPU 1 | 2667/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 281 GiB total, 237.34 GiB free.
D: is CDROM ()
E: is Removable
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Photosmart C4380 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer:
Name: Photosmart C4380 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID:
Description: Photosmart C4380 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer:
Name: Photosmart C4380 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:

Class GUID:
Description: Photosmart C4380 series
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer:
Name: Photosmart C4380 series
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000F\8&5CCACCA&0&002557A72036_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000F\8&5CCACCA&0&002557A72036_C00000000
Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4380 series
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: HP
Name: Photosmart C4380 series
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000F\8&5CCACCA&0&307C30DEECD3_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000F\8&5CCACCA&0&307C30DEECD3_C00000000
Service:

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart C4380 series
Device ID: ROOT\IMAGE\0002
Manufacturer: HP
Name: Photosmart C4380 series
PNP Device ID: ROOT\IMAGE\0002
Service: StillCam

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000F\8&5CCACCA&0&002557A72036_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000F\8&5CCACCA&0&002557A72036_C00000000
Service:

Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000F\8&5CCACCA&0&307C30DEECD3_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000F\8&5CCACCA&0&307C30DEECD3_C00000000
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

32 Bit HP CIO Components Installer
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
AIO_Scan
Any Video Converter 3.0.7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 6 FREE
µTorrent
Bing Bar
Bing Bar Platform
BlackBerry Desktop Software 6.0.1
Bonjour
BufferChm
C4380
C4380_Help
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Conduit Engine
Copy
CutePDF Writer 2.7
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
Destinations
Device Access Manager for HP ProtectTools
DeviceDiscovery
DocProc
Drive Encryption for HP ProtectTools
Embedded Security for HP ProtectTools
Fax
Feedback Tool
File Sanitizer For HP ProtectTools
Folder Lock
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HP 3D DriveGuard
HP Business Card Reader
HP Common Access Service Library
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Data Vault 3.0 Update 1
HP ESU for Microsoft Windows 7
HP Imaging Device Functions 13.0
HP Integrated Module with Bluetooth wireless technology
HP Photosmart All-In-One Driver Software 13.0 Rel. 2
HP Photosmart Essential 3.5
HP Power Assistant
HP Power Data
HP Product Detection
HP ProtectTools Security Manager
HP Quick Launch Buttons
HP QuickLook
HP QuickWeb
HP Setup
HP SkyRoom
HP Smart Web Printing 4.51
HP SoftPaq Download Manager
HP Software Setup
HP Solution Center 13.0
HP Support Assistant
HP Update
HP User Guides 0160
HP Wallpaper
HP Web Camera
HP Webcam
HP Webcam Driver
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
IDT Audio
Intel(R) Management Engine Components
Intel(R) Network Connections Drivers
Intel(R) Turbo Boost Technology Driver
Intel® Matrix Storage Manager
iTunes
Junk Mail filter update
LSI HDA Modem
Malwarebytes' Anti-Malware
MarketResearch
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.0
Microsoft IntelliType Pro 8.0
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
Norton Internet Security
NVIDIA Drivers
NVIDIA nView Desktop Manager
OCR Software by I.R.I.S. 13.0
PDF Complete Special Edition
Pre-Boot Security for HP ProtectTools
Privacy Manager for HP ProtectTools
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
QLBCASL
QuickTime
Remote Graphics Receiver
Remote Graphics Sender
RICOH Media Driver
Rosetta Stone Version 3
Scan
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Word 2010 (KB2345000)
Shop for HP Supplies
Skype Toolbars
Skype™ 4.2
SmartWebPrinting
SolutionCenter
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft OneNote 2010 (KB2288640)
Update for Microsoft Outlook Social Connector (KB2289116)
uTorrentBar Toolbar
Validity Fingerprint Driver
VirtualCloneDrive
VLC media player 1.1.4
WebReg
Windows 7 Default Setting
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Home Server Connector
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
WinSCP 4.2.9

==== Event Viewer Messages From Past Week ========

02/01/2011 11:43:33, Error: Service Control Manager [7000] - The rixdpcie service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
02/01/2011 11:43:33, Error: Service Control Manager [7000] - The risdpcie service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
02/01/2011 11:43:33, Error: Service Control Manager [7000] - The rimsptsk service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
02/01/2011 11:43:33, Error: Service Control Manager [7000] - The rimspci service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
02/01/2011 11:43:33, Error: Service Control Manager [7000] - The Ricoh xD-Picture Card Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
02/01/2011 11:26:38, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

Broni · Jan 2, 2011

I'm glad, you're able to get your computer back

Now, we have a rootkit here to deal with, first...

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Obi3000 · Jan 3, 2011

TDSkiller log file below

2011/01/03 18:51:29.0031 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/03 18:51:29.0031 ================================================================================
2011/01/03 18:51:29.0031 SystemInfo:
2011/01/03 18:51:29.0031
2011/01/03 18:51:29.0031 OS Version: 6.1.7600 ServicePack: 0.0
2011/01/03 18:51:29.0031 Product type: Workstation
2011/01/03 18:51:29.0031 ComputerName: HP-NOTEBOOK
2011/01/03 18:51:29.0031 UserName: Obinna
2011/01/03 18:51:29.0031 Windows directory: C:\windows
2011/01/03 18:51:29.0031 System windows directory: C:\windows
2011/01/03 18:51:29.0031 Processor architecture: Intel x86
2011/01/03 18:51:29.0031 Number of processors: 4
2011/01/03 18:51:29.0031 Page size: 0x1000
2011/01/03 18:51:29.0031 Boot type: Normal boot
2011/01/03 18:51:29.0031 ================================================================================
2011/01/03 18:51:29.0436 Initialize success
2011/01/03 18:51:33.0789 ================================================================================
2011/01/03 18:51:33.0789 Scan started
2011/01/03 18:51:33.0789 Mode: Manual;
2011/01/03 18:51:33.0789 ================================================================================
2011/01/03 18:51:34.0116 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2011/01/03 18:51:34.0194 Accelerometer (4df5e6215a102a192b2b6dbb61f2fba5) C:\windows\system32\DRIVERS\Accelerometer.sys
2011/01/03 18:51:34.0241 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/01/03 18:51:34.0288 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/01/03 18:51:34.0350 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/01/03 18:51:34.0397 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/01/03 18:51:34.0444 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/01/03 18:51:34.0522 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
2011/01/03 18:51:34.0600 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\windows\system32\DRIVERS\AGRSM.sys
2011/01/03 18:51:34.0694 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/01/03 18:51:34.0756 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/01/03 18:51:34.0818 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/01/03 18:51:34.0850 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/01/03 18:51:34.0881 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/01/03 18:51:34.0943 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/01/03 18:51:34.0974 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/01/03 18:51:35.0006 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
2011/01/03 18:51:35.0052 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/01/03 18:51:35.0099 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
2011/01/03 18:51:35.0115 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/01/03 18:51:35.0193 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/01/03 18:51:35.0224 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/01/03 18:51:35.0286 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/01/03 18:51:35.0318 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/01/03 18:51:35.0396 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/01/03 18:51:35.0458 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/01/03 18:51:35.0520 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/01/03 18:51:35.0708 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
2011/01/03 18:51:35.0801 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/01/03 18:51:35.0910 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
2011/01/03 18:51:35.0957 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/01/03 18:51:35.0988 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/01/03 18:51:36.0051 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/01/03 18:51:36.0082 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/01/03 18:51:36.0098 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/01/03 18:51:36.0129 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/01/03 18:51:36.0160 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys
2011/01/03 18:51:36.0222 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/01/03 18:51:36.0254 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
2011/01/03 18:51:36.0300 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys
2011/01/03 18:51:36.0347 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys
2011/01/03 18:51:36.0394 btwaudio (ce5833c144ca6623bcbde93b188aa850) C:\windows\system32\drivers\btwaudio.sys
2011/01/03 18:51:36.0456 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\windows\system32\DRIVERS\btwavdt.sys
2011/01/03 18:51:36.0503 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
2011/01/03 18:51:36.0519 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\windows\system32\DRIVERS\btwrchid.sys
2011/01/03 18:51:36.0597 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys
2011/01/03 18:51:36.0675 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/01/03 18:51:36.0753 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/01/03 18:51:36.0800 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/01/03 18:51:36.0862 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/01/03 18:51:36.0924 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/01/03 18:51:36.0956 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/01/03 18:51:36.0987 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/01/03 18:51:37.0034 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/01/03 18:51:37.0080 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/01/03 18:51:37.0127 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/01/03 18:51:37.0174 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\windows\system32\drivers\csc.sys
2011/01/03 18:51:37.0283 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\windows\system32\DRIVERS\ctxusbm.sys
2011/01/03 18:51:37.0346 DAMDrv (a05433f6218dcb8f0dec232de65f8b26) C:\windows\system32\DRIVERS\DAMDrv.sys
2011/01/03 18:51:37.0470 dc3d (91c1736e77cff029302728b431d0eedb) C:\windows\system32\DRIVERS\dc3d.sys
2011/01/03 18:51:37.0564 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
2011/01/03 18:51:37.0595 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/01/03 18:51:37.0626 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/01/03 18:51:37.0673 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/01/03 18:51:37.0720 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\windows\System32\drivers\dxgkrnl.sys
2011/01/03 18:51:37.0798 e1kexpress (034fa3a00fff4f68dd9f6d3793392274) C:\windows\system32\DRIVERS\e1k6232.sys
2011/01/03 18:51:37.0892 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/01/03 18:51:38.0048 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/01/03 18:51:38.0172 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\windows\system32\Drivers\ElbyCDIO.sys
2011/01/03 18:51:38.0235 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/01/03 18:51:38.0297 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/01/03 18:51:38.0344 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/01/03 18:51:38.0438 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/01/03 18:51:38.0469 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/01/03 18:51:38.0516 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/01/03 18:51:38.0562 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/01/03 18:51:38.0578 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/01/03 18:51:38.0625 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/01/03 18:51:38.0687 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/01/03 18:51:38.0750 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/01/03 18:51:38.0781 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/01/03 18:51:38.0843 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
2011/01/03 18:51:38.0952 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/01/03 18:51:39.0015 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/01/03 18:51:39.0108 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/01/03 18:51:39.0140 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/01/03 18:51:39.0186 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/01/03 18:51:39.0233 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys
2011/01/03 18:51:39.0280 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/01/03 18:51:39.0311 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/01/03 18:51:39.0358 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/01/03 18:51:39.0420 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/01/03 18:51:39.0530 hpdskflt (e1d82f0c8456abb03b7df5d623ca47d1) C:\windows\system32\DRIVERS\hpdskflt.sys
2011/01/03 18:51:39.0592 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
2011/01/03 18:51:39.0639 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/01/03 18:51:39.0686 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/01/03 18:51:39.0717 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/01/03 18:51:39.0764 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/01/03 18:51:39.0842 iaStor (01446278d4563b3013c92830ae6cbb26) C:\windows\system32\DRIVERS\iaStor.sys
2011/01/03 18:51:39.0904 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
2011/01/03 18:51:40.0076 IDSVix86 (33ca0e61eab15d439a1f592ddc020712) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101231.001\IDSvix86.sys
2011/01/03 18:51:40.0310 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/01/03 18:51:40.0466 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/01/03 18:51:40.0528 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\windows\system32\DRIVERS\Impcd.sys
2011/01/03 18:51:40.0590 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/01/03 18:51:40.0637 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/01/03 18:51:40.0684 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/01/03 18:51:40.0731 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/01/03 18:51:40.0762 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/01/03 18:51:40.0809 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/01/03 18:51:40.0856 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/01/03 18:51:40.0887 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/01/03 18:51:40.0934 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/01/03 18:51:40.0965 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/01/03 18:51:40.0996 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/01/03 18:51:41.0043 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2011/01/03 18:51:41.0090 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/01/03 18:51:41.0168 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/01/03 18:51:41.0199 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/01/03 18:51:41.0230 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/01/03 18:51:41.0277 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/01/03 18:51:41.0308 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/01/03 18:51:41.0355 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/01/03 18:51:41.0370 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/01/03 18:51:41.0417 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/01/03 18:51:41.0464 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/01/03 18:51:41.0526 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/01/03 18:51:41.0604 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/01/03 18:51:41.0651 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/01/03 18:51:41.0698 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/01/03 18:51:41.0729 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/01/03 18:51:41.0776 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/01/03 18:51:41.0823 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/01/03 18:51:41.0838 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/01/03 18:51:41.0870 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/01/03 18:51:41.0901 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/01/03 18:51:41.0932 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/01/03 18:51:41.0963 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/01/03 18:51:41.0979 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/01/03 18:51:42.0010 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/01/03 18:51:42.0057 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/01/03 18:51:42.0072 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/01/03 18:51:42.0088 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/01/03 18:51:42.0166 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/01/03 18:51:42.0213 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2011/01/03 18:51:42.0260 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/01/03 18:51:42.0275 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/01/03 18:51:42.0306 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/01/03 18:51:42.0353 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/01/03 18:51:42.0494 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20110103.001\NAVENG.SYS
2011/01/03 18:51:42.0540 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20110103.001\NAVEX15.SYS
2011/01/03 18:51:42.0728 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2011/01/03 18:51:42.0790 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/01/03 18:51:42.0852 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/01/03 18:51:42.0899 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2011/01/03 18:51:42.0946 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2011/01/03 18:51:42.0977 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/01/03 18:51:43.0040 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/01/03 18:51:43.0071 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2011/01/03 18:51:43.0242 NETw5s32 (3577b851e59da59e6d65419a057c9914) C:\windows\system32\DRIVERS\NETw5s32.sys
2011/01/03 18:51:43.0414 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/01/03 18:51:43.0476 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/01/03 18:51:43.0492 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/01/03 18:51:43.0539 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
2011/01/03 18:51:43.0586 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/01/03 18:51:43.0648 NVHDA (79e97cdae5449a59a4798fc5b006c58f) C:\windows\system32\drivers\nvhda32v.sys
2011/01/03 18:51:43.0898 nvlddmkm (b4c5099e80c873d665b8aaaadf8494c2) C:\windows\system32\DRIVERS\nvlddmkm.sys
2011/01/03 18:51:44.0132 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
2011/01/03 18:51:44.0163 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
2011/01/03 18:51:44.0194 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2011/01/03 18:51:44.0241 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/01/03 18:51:44.0350 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/01/03 18:51:44.0381 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/01/03 18:51:44.0412 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/01/03 18:51:44.0459 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/01/03 18:51:44.0490 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/01/03 18:51:44.0537 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/01/03 18:51:44.0553 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/01/03 18:51:44.0600 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/01/03 18:51:44.0693 PersonalSecureDrive (b6faedf5356a5c0954487f7381c88cc3) C:\windows\System32\drivers\psd.sys
2011/01/03 18:51:44.0787 Point32 (60a044879c4fa76314494f5fddc43b93) C:\windows\system32\DRIVERS\point32.sys
2011/01/03 18:51:44.0865 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/01/03 18:51:44.0927 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/01/03 18:51:45.0005 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/01/03 18:51:45.0083 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/01/03 18:51:45.0146 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/01/03 18:51:45.0177 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/01/03 18:51:45.0208 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/01/03 18:51:45.0255 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/01/03 18:51:45.0286 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/01/03 18:51:45.0317 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/01/03 18:51:45.0364 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/01/03 18:51:45.0380 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2011/01/03 18:51:45.0426 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/01/03 18:51:45.0442 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/01/03 18:51:45.0473 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\windows\system32\drivers\rdpdr.sys
2011/01/03 18:51:45.0520 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/01/03 18:51:45.0536 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/01/03 18:51:45.0567 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/01/03 18:51:45.0582 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2011/01/03 18:51:45.0629 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
2011/01/03 18:51:45.0676 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\windows\system32\DRIVERS\rimmptsk.sys
2011/01/03 18:51:45.0707 rimspci (e891f07815af88075705ef6a248711f6) C:\windows\system32\DRIVERS\rimspe86.sys
2011/01/03 18:51:45.0738 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\windows\system32\DRIVERS\rimsptsk.sys
2011/01/03 18:51:45.0785 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\windows\system32\Drivers\RimUsb.sys
2011/01/03 18:51:45.0863 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\windows\system32\DRIVERS\RimSerial.sys
2011/01/03 18:51:45.0894 risdpcie (d853d35f792a3a44726a794bf9a0bbc3) C:\windows\system32\DRIVERS\risdpe86.sys
2011/01/03 18:51:45.0926 rismc32 (470fc46e2989f6606043c1c5365b15fd) C:\windows\system32\DRIVERS\rismc32.sys
2011/01/03 18:51:46.0004 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\windows\system32\DRIVERS\rixdptsk.sys
2011/01/03 18:51:46.0050 rixdpcie (6a60626412129c713cc30c81870a8095) C:\windows\system32\DRIVERS\rixdpe86.sys
2011/01/03 18:51:46.0082 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\windows\system32\Drivers\RootMdm.sys
2011/01/03 18:51:46.0128 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/01/03 18:51:46.0175 RsvLock (c44ca55601f0a19a505f10bfefb66cf5) C:\windows\system32\drivers\RsvLock.sys
2011/01/03 18:51:46.0206 s3cap (5423d8437051e89dd34749f242c98648) C:\windows\system32\DRIVERS\vms3cap.sys
2011/01/03 18:51:46.0238 SafeBoot (906c08952889cffe83df15d53da1137c) C:\windows\system32\drivers\SafeBoot.sys
2011/01/03 18:51:46.0238 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 906c08952889cffe83df15d53da1137c
2011/01/03 18:51:46.0238 SafeBoot - detected Locked file (1)
2011/01/03 18:51:46.0284 SbAlg (1ddc99d066d4b704a63287975dec9dd4) C:\windows\system32\drivers\SbAlg.sys
2011/01/03 18:51:46.0300 SbFsLock (120eda2066893d0246357d3551f2c6c1) C:\windows\system32\drivers\SbFsLock.sys
2011/01/03 18:51:46.0331 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/01/03 18:51:46.0362 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/01/03 18:51:46.0425 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\windows\system32\DRIVERS\sdbus.sys
2011/01/03 18:51:46.0503 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/01/03 18:51:46.0550 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/01/03 18:51:46.0581 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/01/03 18:51:46.0643 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/01/03 18:51:46.0690 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2011/01/03 18:51:46.0706 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/01/03 18:51:46.0737 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/01/03 18:51:46.0768 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/01/03 18:51:46.0815 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/01/03 18:51:46.0862 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/01/03 18:51:46.0877 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/01/03 18:51:46.0924 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/01/03 18:51:47.0002 SNP2UVC (4d8a49526aa035b1a8ff3fe6807783f5) C:\windows\system32\DRIVERS\snp2uvc.sys
2011/01/03 18:51:47.0080 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/01/03 18:51:47.0189 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS
2011/01/03 18:51:47.0236 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS
2011/01/03 18:51:47.0345 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\windows\system32\DRIVERS\srv.sys
2011/01/03 18:51:47.0392 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\windows\system32\DRIVERS\srv2.sys
2011/01/03 18:51:47.0439 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\windows\system32\DRIVERS\srvnet.sys
2011/01/03 18:51:47.0486 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/01/03 18:51:47.0532 STHDA (b205de6202b6a019403cf6395d047ca8) C:\windows\system32\DRIVERS\stwrt.sys
2011/01/03 18:51:47.0579 StillCam (edb05bd63148796f23ea78506404a538) C:\windows\system32\DRIVERS\serscan.sys
2011/01/03 18:51:47.0657 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\windows\system32\DRIVERS\vmstorfl.sys
2011/01/03 18:51:47.0704 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\windows\system32\DRIVERS\storvsc.sys
2011/01/03 18:51:47.0735 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/01/03 18:51:47.0798 SymDS (56890bf9d9204b93042089d4b45ae671) C:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS
2011/01/03 18:51:47.0844 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS
2011/01/03 18:51:47.0891 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\windows\system32\Drivers\SYMEVENT.SYS
2011/01/03 18:51:47.0938 SymIM (b5eb73a7f72dafc6da693d1a802a057e) C:\windows\system32\DRIVERS\SymIMv.sys
2011/01/03 18:51:47.0969 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS
2011/01/03 18:51:48.0016 SYMTDIv (bf610335eda8d9026e45b4ac73d0de58) C:\windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS
2011/01/03 18:51:48.0094 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\windows\system32\DRIVERS\SynTP.sys
2011/01/03 18:51:48.0234 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys
2011/01/03 18:51:48.0312 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys
2011/01/03 18:51:48.0375 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2011/01/03 18:51:48.0406 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2011/01/03 18:51:48.0437 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2011/01/03 18:51:48.0468 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2011/01/03 18:51:48.0515 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2011/01/03 18:51:48.0546 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\windows\system32\drivers\tpm.sys
2011/01/03 18:51:48.0593 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/01/03 18:51:48.0624 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2011/01/03 18:51:48.0671 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/01/03 18:51:48.0734 udfs (2efee45a340e1590e37c2f2bac16d051) C:\windows\system32\DRIVERS\udfs.sys
2011/01/03 18:51:48.0812 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/01/03 18:51:48.0843 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/01/03 18:51:48.0905 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/01/03 18:51:48.0952 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\windows\system32\Drivers\usbaapl.sys
2011/01/03 18:51:48.0999 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2011/01/03 18:51:49.0030 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/01/03 18:51:49.0061 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
2011/01/03 18:51:49.0108 usbhub (0db84eda895894ba222e27acf597c806) C:\windows\system32\DRIVERS\usbhub.sys
2011/01/03 18:51:49.0139 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/01/03 18:51:49.0202 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/01/03 18:51:49.0233 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/01/03 18:51:49.0264 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/01/03 18:51:49.0326 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
2011/01/03 18:51:49.0389 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\windows\system32\DRIVERS\VClone.sys
2011/01/03 18:51:49.0436 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/01/03 18:51:49.0467 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/01/03 18:51:49.0514 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/01/03 18:51:49.0560 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/01/03 18:51:49.0607 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/01/03 18:51:49.0638 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/01/03 18:51:49.0685 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/01/03 18:51:49.0716 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\windows\system32\DRIVERS\vmbus.sys
2011/01/03 18:51:49.0763 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\windows\system32\DRIVERS\VMBusHID.sys
2011/01/03 18:51:49.0794 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/01/03 18:51:49.0826 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/01/03 18:51:49.0872 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
2011/01/03 18:51:49.0904 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\windows\system32\DRIVERS\vpchbus.sys
2011/01/03 18:51:49.0935 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\windows\system32\DRIVERS\vpcnfltr.sys
2011/01/03 18:51:49.0982 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\windows\system32\DRIVERS\vpcusb.sys
2011/01/03 18:51:50.0013 vpcvmm (b21e23c100d6d5162b95cf6f05b4e035) C:\windows\system32\drivers\vpcvmm.sys
2011/01/03 18:51:50.0091 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/01/03 18:51:50.0106 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/01/03 18:51:50.0138 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/01/03 18:51:50.0184 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
2011/01/03 18:51:50.0231 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/01/03 18:51:50.0278 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/01/03 18:51:50.0294 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/01/03 18:51:50.0356 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/01/03 18:51:50.0372 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/01/03 18:51:50.0434 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/01/03 18:51:50.0465 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/01/03 18:51:50.0528 windrvNT (ce291805cb4cd561a5a569df4e28e41f) C:\windows\system32\windrvNT.sys
2011/01/03 18:51:50.0637 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUSB.sys
2011/01/03 18:51:50.0668 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/01/03 18:51:50.0730 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/01/03 18:51:50.0762 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/01/03 18:51:50.0793 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/01/03 18:51:50.0855 ================================================================================
2011/01/03 18:51:50.0855 Scan finished
2011/01/03 18:51:50.0855 ================================================================================
2011/01/03 18:51:50.0871 Detected object count: 1
2011/01/03 18:52:04.0786 Locked file(SafeBoot) - User select action: Skip

Broni · Jan 3, 2011

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Obi3000 · Jan 3, 2011

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP EliteBook 8440p
Logical Drives Mask: 0x0000004c

Kernel Drivers (total 257):
0x8340A000 \SystemRoot\system32\ntkrnlpa.exe
0x8381A000 \SystemRoot\system32\halmacpi.dll
0x80BB5000 \SystemRoot\system32\kdcom.dll
0x83A09000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83A81000 \SystemRoot\system32\PSHED.dll
0x83A92000 \SystemRoot\system32\BOOTVID.dll
0x83A9A000 \SystemRoot\system32\CLFS.SYS
0x83ADC000 \SystemRoot\system32\CI.dll
0x83B87000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8C22C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8C23A000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8C282000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8C28B000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8C293000 \SystemRoot\system32\DRIVERS\pci.sys
0x8C2BD000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8C2C8000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x8C2D7000 \SystemRoot\system32\DRIVERS\mpio.sys
0x8C2FB000 \SystemRoot\System32\drivers\partmgr.sys
0x8C30C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8C314000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8C31F000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8C32F000 \SystemRoot\System32\drivers\volmgrx.sys
0x8C37A000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8C381000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8C38F000 \SystemRoot\system32\DRIVERS\aliide.sys
0x8C396000 \SystemRoot\system32\DRIVERS\amdide.sys
0x8C39D000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x8C3A5000 \SystemRoot\System32\drivers\mountmgr.sys
0x8C3BB000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x8C3DB000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x8C200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C225000 \SystemRoot\system32\DRIVERS\pciide.sys
0x83BF8000 \SystemRoot\system32\DRIVERS\viaide.sys
0x8C439000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x8C514000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8C5EE000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8C400000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8C623000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x8C63B000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C682000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8C68C000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x8C69F000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x8C709000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x8C755000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x8C77B000 \SystemRoot\system32\DRIVERS\djsvs.sys
0x8C78F000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8C7B5000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x8C80D000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x8C84A000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8C853000 \SystemRoot\system32\DRIVERS\arc.sys
0x8C869000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x8C881000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x8C8F4000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x8C904000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x8C91E000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x8C92E000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x8C948000 \SystemRoot\system32\DRIVERS\megasas.sys
0x8C953000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x8C9E5000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x8C7CC000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x8CA1A000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x8CB99000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x8CBEE000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x8CA00000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x8CC22000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x8CC47000 \SystemRoot\System32\Drivers\SbAlg.sys
0x8CC52000 \SystemRoot\system32\drivers\fltmgr.sys
0x8CC86000 \SystemRoot\system32\drivers\NIS\1108000.005\SYMDS.SYS
0x8CCDC000 \SystemRoot\system32\drivers\fileinfo.sys
0x8CCED000 \SystemRoot\System32\Drivers\SbFsLock.sys
0x8CCEF000 \SystemRoot\system32\drivers\NIS\1108000.005\SYMEFA.SYS
0x8CE38000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8CF67000 \SystemRoot\System32\Drivers\msrpc.sys
0x8CF92000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8CD1C000 \SystemRoot\System32\Drivers\cng.sys
0x8CFA5000 \SystemRoot\System32\drivers\pcw.sys
0x8CFB3000 \SystemRoot\system32\DRIVERS\storvsc.sys
0x8CFBE000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8D00E000 \SystemRoot\system32\drivers\ndis.sys
0x8D0C5000 \SystemRoot\system32\drivers\NETIO.SYS
0x8D103000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8D233000 \SystemRoot\System32\drivers\tcpip.sys
0x8D37C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8D3AD000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8D3B6000 \SystemRoot\system32\DRIVERS\wd.sys
0x8D3BE000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8D200000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x8D209000 \SystemRoot\System32\Drivers\spldr.sys
0x8D211000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x8D128000 \SystemRoot\System32\Drivers\SafeBoot.sys
0x8D141000 \SystemRoot\System32\drivers\rdyboost.sys
0x8D16E000 \SystemRoot\System32\Drivers\mup.sys
0x8D229000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8D17E000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x8D187000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8D1B9000 \SystemRoot\system32\DRIVERS\disk.sys
0x92517000 \SystemRoot\System32\drivers\psd.sys
0x92520000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x9253F000 \SystemRoot\System32\Drivers\Null.SYS
0x92546000 \SystemRoot\System32\Drivers\Beep.SYS
0x9254D000 \SystemRoot\System32\drivers\vga.sys
0x92559000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x9257A000 \SystemRoot\System32\drivers\watchdog.sys
0x92587000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9258F000 \SystemRoot\system32\drivers\rdpencdd.sys
0x92597000 \SystemRoot\system32\drivers\rdprefmp.sys
0x9259F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x925AA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x925B8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x925CF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CD79000 \SystemRoot\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS
0x925DA000 \??\C:\windows\system32\Drivers\SYMEVENT.SYS
0x9282E000 \SystemRoot\system32\drivers\afd.sys
0x92888000 \SystemRoot\System32\DRIVERS\netbt.sys
0x928BA000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x928C1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x928E0000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x928F1000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x92901000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x9290E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9291C000 \SystemRoot\system32\DRIVERS\serial.sys
0x92936000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92949000 \SystemRoot\system32\drivers\vpcvmm.sys
0x92990000 \SystemRoot\system32\DRIVERS\termdd.sys
0x929A0000 \SystemRoot\system32\drivers\NIS\1108000.005\Ironx86.SYS
0x929BF000 \SystemRoot\system32\drivers\NIS\1108000.005\SRTSPX.SYS
0x929C9000 \SystemRoot\System32\Drivers\RsvLock.SYS
0x92C30000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92C71000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92C7B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x92C85000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101231.001\IDSvix86.sys
0x92CE0000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x92CE5000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x92D43000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x92D60000 \SystemRoot\System32\drivers\discache.sys
0x92D6C000 \SystemRoot\System32\Drivers\dfsc.sys
0x92D84000 \SystemRoot\system32\DRIVERS\ctxusbm.sys
0x92D98000 \SystemRoot\system32\drivers\csc.sys
0x9463A000 \SystemRoot\system32\drivers\NIS\1108000.005\ccHPx86.sys
0x946B9000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x946C7000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
0x94773000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x94794000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x95C06000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x96584000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x96E3D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x96EF4000 \SystemRoot\System32\drivers\dxgmms1.sys
0x96F2D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x96F4C000 \SystemRoot\system32\DRIVERS\HECI.sys
0x96F57000 \SystemRoot\system32\DRIVERS\serenum.sys
0x96F61000 \SystemRoot\system32\DRIVERS\e1k6232.sys
0x96F96000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x96FA5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x97829000 \SystemRoot\system32\DRIVERS\NETw5s32.sys
0x97EA5000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x97EAF000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x97EDB000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x97EF4000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x97F05000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x97F33000 \SystemRoot\system32\drivers\tpm.sys
0x97F3F000 \SystemRoot\system32\DRIVERS\parport.sys
0x97F57000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x97F6F000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x97F78000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x97220000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x9735D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9735F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9736C000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x97372000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x97393000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x9739E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x973A7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x973AB000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x973B8000 \SystemRoot\system32\DRIVERS\serscan.sys
0x973C0000 \SystemRoot\System32\Drivers\RootMdm.sys
0x973C8000 \SystemRoot\system32\drivers\modem.sys
0x973D5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x973E7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x97200000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x97F85000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x97FA7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x97FBF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x97FD6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9720B000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x97212000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x97FED000 \SystemRoot\system32\DRIVERS\VClone.sys
0x9721C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x96E00000 \SystemRoot\system32\DRIVERS\ks.sys
0x97800000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9780E000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x96FF0000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x96586000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x965BC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x947A6000 \SystemRoot\system32\DRIVERS\rismc32.sys
0x947B2000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0x947BD000 \SystemRoot\System32\DRIVERS\scfilter.sys
0x947C9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x947DA000 \SystemRoot\system32\drivers\nvhda32v.sys
0x94600000 \SystemRoot\system32\drivers\portcls.sys
0x92C00000 \SystemRoot\system32\drivers\drmk.sys
0x97435000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x974A1000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x975BD000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x92400000 \SystemRoot\System32\Drivers\bthport.sys
0x975CF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9B00E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9B0E8000 \SystemRoot\System32\Drivers\dump_SbHiber.sys
0x9B0E9000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x9B0FA000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x9B103000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x9B127000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x9B134000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x9B14F000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x9B161000 \SystemRoot\system32\DRIVERS\btwavdt.sys
0x92464000 \SystemRoot\system32\drivers\btwaudio.sys
0x9B1D4000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x9B1DF000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x9B1E2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9B1F5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x975DC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9C023000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x9C1D1000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x9C1DF000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x9CB80000 \SystemRoot\System32\win32k.sys
0x9C1E6000 \SystemRoot\System32\drivers\Dxapi.sys
0x9C1F0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9CDE0000 \SystemRoot\System32\TSDDD.dll
0x9CA20000 \SystemRoot\System32\cdd.dll
0x9CA40000 \SystemRoot\System32\ATMFD.DLL
0x9C000000 \SystemRoot\system32\drivers\luafv.sys
0x97400000 \SystemRoot\system32\drivers\WudfPf.sys
0x9741A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA2E2C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA2E72000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA2E82000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA2E95000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0xA2E9E000 \SystemRoot\system32\drivers\HTTP.sys
0xA2F23000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA2F3C000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA2F4E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA2F71000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA2FAC000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA2FC7000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xA6C2A000 \SystemRoot\system32\drivers\peauth.sys
0xA6D9F000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA6DA9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA6DCA000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA6DD7000 \??\C:\windows\system32\windrvNT.sys
0xA6CC1000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA6D10000 \SystemRoot\System32\DRIVERS\srv.sys
0xAA620000 \SystemRoot\System32\Drivers\NIS\1108000.005\SRTSP.SYS
0xAA677000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20110103.001\NAVEX15.SYS
0xAA7C2000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20110103.001\NAVENG.SYS
0xAA7D6000 \SystemRoot\system32\drivers\klmd.sys
0x77560000 \Windows\System32\ntdll.dll
0x480D0000 \Windows\System32\smss.exe
0x777A0000 \Windows\System32\apisetschema.dll

Processes (total 126):
0 System Idle Process
4 System
324 C:\Windows\System32\smss.exe
580 csrss.exe
636 C:\Windows\System32\wininit.exe
648 csrss.exe
696 C:\Windows\System32\services.exe
716 C:\Windows\System32\lsass.exe
736 C:\Windows\System32\lsm.exe
784 C:\Windows\System32\winlogon.exe
876 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\nvvsvc.exe
964 C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
1000 C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
1040 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\stacsv.exe
1584 C:\Windows\System32\svchost.exe
1624 C:\Windows\System32\hpservice.exe
1712 C:\Windows\System32\svchost.exe
1848 C:\Windows\System32\spoolsv.exe
1884 C:\Windows\System32\svchost.exe
1920 C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
1984 C:\Windows\System32\svchost.exe
504 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\AEstSrv.exe
564 C:\Program Files\LSI SoftModem\agrsmsvc.exe
576 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
508 C:\Program Files\Bonjour\mDNSResponder.exe
528 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
2060 C:\Program Files\Windows Home Server\esClient.exe
2092 C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
2224 C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
2272 C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
2292 C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
2332 C:\Windows\System32\svchost.exe
2352 C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
2408 C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
2464 C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
2536 C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
2628 C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
2700 C:\Program Files\PDF Complete\pdfsvc.exe
2788 C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
2872 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3036 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3080 C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
3124 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3308 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
3400 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3448 C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
3536 C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
3552 C:\Program Files\Windows Home Server\WHSConnector.exe
3640 WmiPrvSE.exe
3716 WmiPrvSE.exe
3596 C:\Windows\System32\nvvsvc.exe
4048 C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
4076 C:\Windows\System32\svchost.exe
4104 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
4140 C:\Windows\System32\svchost.exe
4176 C:\Windows\System32\svchost.exe
4656 C:\Windows\System32\conhost.exe
4728 C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
4752 C:\Windows\System32\conhost.exe
4820 C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
4828 C:\Windows\System32\conhost.exe
5956 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
6004 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
4700 C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
4920 C:\Windows\System32\svchost.exe
5108 C:\Windows\System32\SearchIndexer.exe
1860 C:\Windows\System32\taskhost.exe
2996 C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
5232 C:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
5840 C:\Windows\System32\dwm.exe
2816 C:\Windows\explorer.exe
5796 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
3960 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1876 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1216 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
3188 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
4264 C:\Program Files\IDT\WDM\sttray.exe
3356 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
5296 C:\Program Files\iTunes\iTunesHelper.exe
5800 C:\Program Files\Citrix\ICA Client\concentr.exe
4976 C:\Windows\System32\svchost.exe
3620 C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
2544 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
5412 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
4052 C:\Program Files\Microsoft IntelliType Pro\itype.exe
3744 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3864 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
4240 C:\Users\Obinna\AppData\Local\Google\Update\GoogleUpdate.exe
5752 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
1572 C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
884 C:\Program Files\Windows Home Server\WHSTrayApp.exe
6328 C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
6352 C:\Program Files\Citrix\ICA Client\wfcrun32.exe
6552 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
6744 C:\Program Files\iPod\bin\iPodService.exe
6772 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
6984 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
7072 C:\Program Files\Windows Live\Contacts\wlcomm.exe
7112 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
7432 C:\Windows\ehome\ehmsas.exe
8040 C:\Program Files\Windows Media Player\wmpnetwk.exe
6212 C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe
6416 C:\Program Files\Hp\Digital Imaging\bin\hpqbam08.exe
6160 C:\Windows\System32\svchost.exe
5656 C:\Program Files\Hp\Digital Imaging\bin\hpqgpc01.exe
7976 C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
7660 C:\Program Files\Internet Explorer\iexplore.exe
2616 C:\Program Files\Internet Explorer\iexplore.exe
2828 C:\Users\Obinna\Desktop\tdsskiller\TDSSKiller.exe
4676 C:\Windows\System32\notepad.exe
7960 C:\Windows\System32\svchost.exe
7668 C:\Windows\System32\audiodg.exe
5488 C:\Windows\System32\SearchProtocolHost.exe
6660 C:\Windows\System32\SearchFilterHost.exe
2256 C:\Windows\System32\SearchProtocolHost.exe
7156 dllhost.exe
4948 dllhost.exe
7580 C:\Users\Obinna\Desktop\MBRCheck.exe
7184 MpCmdRun.exe
7516 C:\Windows\System32\conhost.exe
3028 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`12d00000 (NTFS)

PhysicalDrive0 Model Number: ST9320423AS, Rev: 0006HPM1

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Obi3000 · Jan 3, 2011

ComboFix 11-01-03.01 - Obinna 03/01/2011 19:25:43.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3058.1656 [GMT 0:00]
Running from: c:\users\Obinna\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-12-03 to 2011-01-03 )))))))))))))))))))))))))))))))
.

2011-01-03 19:32 . 2011-01-03 19:35 -------- d-----w- c:\users\Obinna\AppData\Local\temp
2011-01-03 19:32 . 2011-01-03 19:32 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-01-03 19:32 . 2011-01-03 19:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-02 11:34 . 2011-01-02 11:34 -------- d-----w- c:\users\Obinna\AppData\Roaming\Malwarebytes
2011-01-02 11:34 . 2011-01-02 11:34 -------- d-----w- c:\programdata\Malwarebytes
2011-01-02 11:34 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-02 11:34 . 2011-01-02 11:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-02 11:34 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-02 09:27 . 2010-11-01 23:03 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2011-01-02 09:27 . 2010-11-01 22:59 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-20 21:23 . 2010-12-20 21:23 -------- d-----w- c:\users\Obinna\AppData\Local\CrashDumps
2010-12-20 10:12 . 2010-12-20 21:22 -------- d-----w- c:\program files\Windows Live Safety Center
2010-12-20 09:43 . 2010-12-20 09:43 -------- d-----w- c:\users\Obinna\AppData\Roaming\Tific
2010-12-17 09:26 . 2010-12-17 09:26 -------- d-----w- c:\windows\en
2010-12-17 09:23 . 2010-12-17 09:23 -------- d-----w- c:\program files\MSN Toolbar
2010-12-17 09:23 . 2010-12-17 09:23 -------- d-----w- c:\program files\Bing Bar Installer
2010-12-17 09:23 . 2009-09-04 17:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-12-17 09:23 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-12-17 09:23 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-12-17 09:23 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-17 09:22 . 2010-12-17 09:22 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\e070167e1cb9dcb07\InstallManager_WLE_WLE.exe
2010-12-17 09:22 . 2010-12-17 09:22 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\ddc170ff1cb9dcb06\DSETUP.dll
2010-12-17 09:22 . 2010-12-17 09:22 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\ddc170ff1cb9dcb06\DXSETUP.exe
2010-12-17 09:22 . 2010-12-17 09:22 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\ddc170ff1cb9dcb06\dsetup32.dll
2010-12-17 09:22 . 2010-12-17 09:22 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\dd3388d21cb9dcb05\DXSETUP.exe
2010-12-17 09:22 . 2010-12-17 09:22 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\dd3388d21cb9dcb05\DSETUP.dll
2010-12-17 09:22 . 2010-12-17 09:22 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\dd3388d21cb9dcb05\dsetup32.dll
2010-12-17 09:21 . 2011-01-03 18:38 -------- d-----w- c:\users\Obinna\AppData\Local\Windows Live
2010-12-16 17:46 . 2010-12-16 17:46 -------- d-----w- c:\programdata\Research In Motion
2010-12-16 09:33 . 2010-05-06 04:01 44080 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-12-16 01:48 . 2010-12-16 01:50 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-12-16 01:48 . 2010-12-16 01:48 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-16 01:48 . 2010-12-16 01:48 -------- d-----w- c:\program files\Symantec
2010-12-16 01:47 . 2010-12-16 17:14 -------- d-----w- c:\windows\system32\drivers\NIS
2010-12-16 01:47 . 2010-12-16 01:47 -------- d-----w- c:\program files\Norton Internet Security
2010-12-16 01:47 . 2010-12-16 01:47 -------- d-----w- c:\program files\NortonInstaller
2010-12-16 01:40 . 2010-12-16 01:48 -------- d-----w- c:\programdata\Norton
2010-12-14 21:33 . 2010-12-14 21:33 -------- d-----w- c:\users\Obinna\AppData\Local\Mozilla
2010-12-12 17:46 . 2010-12-12 17:46 -------- d-----w- c:\program files\Conduit
2010-12-12 17:46 . 2010-12-12 17:46 -------- d-----w- c:\program files\uTorrentBar
2010-12-12 17:46 . 2010-12-12 17:46 -------- d-----w- C:\extensions

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-13 09:37 . 2010-11-13 09:37 132480 ----a-w- c:\windows\system32\drivers\Impcd.sys
2010-11-13 09:05 . 2010-11-13 09:05 368912 ----a-w- c:\windows\system32\VBAR332.DLL
2010-11-13 09:05 . 2010-11-13 09:05 252176 ----a-w- c:\windows\system32\MSRD2X35.DLL
2010-11-13 09:05 . 2010-11-13 09:05 24848 ----a-w- c:\windows\system32\MSJTER35.DLL
2010-11-13 09:05 . 2010-11-13 09:05 123664 ----a-w- c:\windows\system32\MSJINT35.DLL
2010-11-13 09:05 . 2010-11-13 09:05 1045776 ----a-w- c:\windows\system32\MSJET35.DLL
2010-11-10 22:36 . 2010-11-10 22:36 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-11-10 22:36 . 2010-11-10 22:36 1303728 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-11-10 22:36 . 2010-11-10 22:36 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-11-10 22:36 . 2010-11-10 22:36 214312 ----a-w- c:\windows\system32\SynCtrl.dll
2010-11-10 22:36 . 2010-11-10 22:36 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-10-19 10:41 . 2010-07-18 16:23 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 15:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-11-29 15:26 3908192 ----a-w- c:\program files\uTorrentBar\tbuTor.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"Google Update"="c:\users\Obinna\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-27 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" [2009-11-19 363064]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-11-18 495708]
"nwiz"="nwiz.exe" [2010-02-17 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-18 13830760]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2009-12-16 1690680]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-10-23 563736]
"IFXSPMGT"="c:\program files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2009-10-02 1107232]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-11-04 11264000]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2010-7-23 604008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-11-09 11:51 75320 ----a-w- c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-27 03:49 136176 ----atw- c:\users\Obinna\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-07-20 21:31 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-20 135664]
R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-10-29 47616]
R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-09-28 38912]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 1664304]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2009-10-21 32312]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-11-09 362040]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-19 1343400]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS [2010-02-04 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys [2010-02-26 501888]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101231.001\IDSvix86.sys [2010-12-01 353912]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2009-10-02 39712]
S1 RsvLock;RsvLock; [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS [2010-05-06 339504]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\aestsrv.exe [2009-03-03 81920]
S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2009-10-07 239464]
S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2009-10-07 97128]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2009-12-16 102968]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-11-19 102968]
S2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2009-11-12 250936]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-11-11 277096]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-11-04 297984]
S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-10-23 635416]
S2 rgsender;Remote Graphics Sender Service;c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2009-11-19 379904]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2009-10-07 376680]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-11-06 214696]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-15 102448]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-11-13 132480]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-09-09 6758912]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-09 68200]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-20 23:37]

2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-20 23:37]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1094772569-1696026563-3835395496-1000Core.job
- c:\users\Obinna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 03:49]

2011-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1094772569-1696026563-3835395496-1000UA.job
- c:\users\Obinna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 03:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Obinna\AppData\Roaming\Mozilla\Firefox\Profiles\7lfrslg4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: DigitalPersona Extension: otis@digitalpersona.com - c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5728)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\STacSV.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\windows\eHome\EhTray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-01-03 19:37:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-03 19:37

Pre-Run: 254,075,031,552 bytes free
Post-Run: 253,857,013,760 bytes free

- - End Of File - - CC33ED3782BD7B0A16F535767AC96D42

Broni · Jan 3, 2011

Looks good

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Obi3000 · Jan 3, 2011

OTL.txt part 1

OTL logfile created on: 1/3/2011 8:37:09 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Obinna\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.79 Gb Total Space | 236.51 Gb Free Space | 84.23% Space Free | Partition Type: NTFS

Computer Name: HP-NOTEBOOK | User Name: Obinna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/03 20:35:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Obinna\Desktop\OTL.exe
PRC - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
PRC - [2009/12/16 13:48:12 | 000,102,968 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
PRC - [2009/11/24 18:57:20 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
PRC - [2009/11/20 21:10:06 | 000,124,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
PRC - [2009/11/20 20:39:16 | 000,081,920 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
PRC - [2009/11/20 20:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
PRC - [2009/11/20 20:38:56 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
PRC - [2009/11/19 22:11:24 | 000,102,968 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
PRC - [2009/11/19 18:01:10 | 003,788,800 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
PRC - [2009/11/19 16:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
PRC - [2009/11/19 16:32:12 | 000,442,368 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
PRC - [2009/11/18 15:17:36 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2009/11/18 12:19:46 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\stacsv.exe
PRC - [2009/11/12 15:32:00 | 000,250,936 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2009/11/11 08:42:40 | 000,277,096 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009/11/04 21:46:40 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 21:46:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/11/04 08:29:18 | 000,297,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/23 11:52:36 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009/10/07 12:49:26 | 000,239,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
PRC - [2009/10/07 12:48:44 | 000,376,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSConnector.exe
PRC - [2009/10/07 12:48:44 | 000,097,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\esClient.exe
PRC - [2009/10/05 09:59:08 | 000,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
PRC - [2009/10/05 09:59:08 | 000,020,992 | ---- | M] (HP) -- C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
PRC - [2009/10/02 21:53:24 | 001,107,232 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
PRC - [2009/10/02 21:47:44 | 000,214,304 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
PRC - [2009/10/02 21:13:10 | 000,988,448 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
PRC - [2009/09/04 19:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/08/25 16:57:52 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/08/03 20:32:22 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 01:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/03/03 10:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\AEstSrv.exe

========== Modules (SafeList) ==========

MOD - [2011/01/03 20:35:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Obinna\Desktop\OTL.exe
MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 01:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 01:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 01:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 01:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 01:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 01:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 01:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 01:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 01:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 01:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - File not found [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Sky -- (Hp.Skyroom.Windows.Service)
SRV - [2010/11/29 14:52:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/08/16 06:15:05 | 000,804,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/19 21:34:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2010/02/18 13:26:46 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2009/12/16 13:48:12 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV - [2009/11/24 18:57:20 | 000,300,808 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV - [2009/11/19 22:11:24 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2009/11/19 16:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe -- (rgsender)
SRV - [2009/11/18 15:17:36 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009/11/18 12:19:46 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\stacsv.exe -- (STacSV)
SRV - [2009/11/12 15:32:00 | 000,250,936 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2009/11/11 08:42:40 | 000,277,096 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2009/11/09 11:52:18 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2009/11/04 21:46:40 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/04 21:46:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/11/04 08:29:18 | 000,297,984 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2009/10/23 11:52:36 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/10/07 12:49:26 | 000,239,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
SRV - [2009/10/07 12:48:44 | 000,376,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)
SRV - [2009/10/07 12:48:44 | 000,097,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\esClient.exe -- (esClient)
SRV - [2009/10/05 09:59:08 | 000,081,920 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe -- (MediaCollectorService)
SRV - [2009/10/05 09:59:08 | 000,020,992 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe -- (HPMSSConnectorSvc)
SRV - [2009/10/02 21:53:24 | 001,107,232 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe -- (IFXSpMgtSrv)
SRV - [2009/10/02 21:47:44 | 000,214,304 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2009/10/02 21:13:10 | 000,988,448 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe -- (IFXTCS)
SRV - [2009/09/04 19:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/08/25 16:57:52 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/08/03 20:32:22 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/07/14 01:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 01:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 01:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 01:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 01:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 01:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 01:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 01:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 01:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 01:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 01:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 01:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 01:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/03/03 10:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1fb74af29935fce6\AEstSrv.exe -- (AESTFilters)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Obinna\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/12/17 01:36:27 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20110103.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/17 01:36:27 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20110103.001\NAVENG.SYS -- (NAVENG)
DRV - [2010/12/16 01:48:04 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/12/15 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/12/15 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/12/01 01:03:34 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101231.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/11/23 03:34:08 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/11/13 09:37:11 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/11/10 22:36:37 | 001,303,728 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2010/09/09 21:42:33 | 006,758,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2010/09/09 21:39:52 | 009,956,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/09/09 21:39:52 | 000,068,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/07/07 18:18:56 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/06/04 20:24:31 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\vpchbus.sys -- (vpcbus)
DRV - [2010/06/04 20:24:31 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/06/04 20:24:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/05/06 04:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/05/06 04:01:44 | 000,044,080 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2010/04/29 05:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/22 03:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/22 02:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/22 02:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 00:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/04 01:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/12/17 22:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/12/11 07:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/12/01 17:49:51 | 000,295,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009/11/18 12:19:46 | 000,420,864 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/11/11 08:43:00 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2009/11/11 08:42:52 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2009/11/11 08:42:50 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2009/11/11 08:42:48 | 000,110,520 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009/11/06 00:35:22 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel(R)
DRV - [2009/10/29 00:55:00 | 000,047,616 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\risdpe86.sys -- (risdpcie)
DRV - [2009/10/26 21:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rimspe86.sys -- (rimspci)
DRV - [2009/10/21 13:37:52 | 000,032,312 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2009/10/02 21:47:10 | 000,039,712 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\windows\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2009/09/28 21:47:00 | 000,038,912 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rixdpe86.sys -- (rixdpcie)
DRV - [2009/09/18 02:04:28 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/09/17 20:54:50 | 000,018,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2009/09/17 20:54:42 | 000,029,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/09/17 20:54:40 | 000,108,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2009/09/17 20:54:36 | 000,086,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2009/09/17 20:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/09/08 17:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/08/09 21:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/08/07 12:17:26 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/08/03 20:32:22 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/20 22:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
DRV - [2009/07/14 01:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 01:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 01:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 01:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 01:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 01:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 01:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 01:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 01:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 01:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 01:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 01:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 01:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 01:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 01:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 01:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 01:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 01:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 01:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 01:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 01:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 01:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 01:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 01:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 01:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 01:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 01:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 01:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 01:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 01:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 01:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 01:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 01:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 01:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 01:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 01:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 01:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 01:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 00:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 00:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 00:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 23:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 23:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 23:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 23:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 23:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 23:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/07/13 23:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 23:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 23:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 23:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 23:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 23:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 23:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 23:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 23:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 22:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 22:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 22:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 22:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 22:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 22:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 22:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 22:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 22:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/08 20:48:38 | 000,025,656 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2009/07/08 20:48:22 | 000,033,848 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV - [2009/06/25 23:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\windows\system32\DRIVERS\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 23:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 23:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rimsptsk.sys -- (rimsptsk)
DRV - [2009/06/10 21:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/04/29 14:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2004/05/10 21:42:38 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\windrvNT.sys -- (windrvNT)

========== Standard Registry (SafeList) ==========

Obi3000 · Jan 3, 2011

OTL.txt part 2

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM/2
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/"
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4189
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/09 22:29:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010/11/13 10:00:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPlgn\ [2010/12/16 09:53:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\coFFPlgn\ [2010/12/16 01:48:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/14 21:33:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/18 11:37:27 | 000,000,000 | ---D | M]

[2010/12/14 21:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Obinna\AppData\Roaming\Mozilla\Extensions
[2010/12/14 21:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Obinna\AppData\Roaming\Mozilla\Firefox\Profiles\7lfrslg4.default\extensions
[2010/12/14 21:33:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/13 10:00:16 | 000,000,000 | ---D | M] (DigitalPersona Extension) -- C:\PROGRAM FILES\HEWLETT-PACKARD\HP PROTECTTOOLS SECURITY MANAGER\BIN\FIREFOXEXT
[2010/09/09 22:29:04 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/12/16 01:48:27 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\COFFPLGN
[2010/12/16 09:53:09 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\IPSFFPLGN
[2010/12/03 17:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/03 17:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 17:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/03 17:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/01/03 19:35:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IFXSPMGT] C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/03 20:35:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Obinna\Desktop\OTL.exe
[2011/01/03 19:35:20 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/01/03 19:32:11 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Local\temp
[2011/01/03 19:24:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/01/03 19:24:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/01/03 19:24:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/01/03 19:24:50 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/01/03 19:24:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/03 19:24:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2011/01/03 19:24:21 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/01/03 18:50:46 | 000,000,000 | ---D | C] -- C:\Users\Obinna\Desktop\tdsskiller
[2011/01/02 11:34:58 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Roaming\Malwarebytes
[2011/01/02 11:34:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/01/02 11:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/02 11:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/02 11:34:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/01/02 11:34:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/02 11:24:34 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Obinna\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/02 11:24:06 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Obinna\Desktop\TFC.exe
[2010/12/20 21:23:30 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Local\CrashDumps
[2010/12/20 10:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/12/20 09:43:23 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Roaming\Tific
[2010/12/19 00:14:43 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2010/12/17 09:26:07 | 000,000,000 | ---D | C] -- C:\windows\en
[2010/12/17 09:23:39 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/12/17 09:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/12/17 09:21:48 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Local\Windows Live
[2010/12/16 17:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2010/12/16 09:53:31 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1108000.005\cchpx86.sys
[2010/12/16 09:53:31 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1108000.005\symtdiv.sys
[2010/12/16 09:53:31 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1108000.005\symds.sys
[2010/12/16 09:53:31 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1108000.005\srtsp.sys
[2010/12/16 09:53:31 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1108000.005\symefa.sys
[2010/12/16 09:53:31 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1108000.005\ironx86.sys
[2010/12/16 09:53:31 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1108000.005\srtspx.sys
[2010/12/16 09:53:10 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS\1108000.005
[2010/12/16 09:33:48 | 000,044,080 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SymIMV.sys
[2010/12/16 01:48:04 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2010/12/16 01:48:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/12/16 01:48:04 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/12/16 01:47:48 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS
[2010/12/16 01:47:47 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2010/12/16 01:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2010/12/16 01:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/12/16 01:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/12/16 01:40:35 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2010/12/16 01:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/12/14 21:33:20 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Roaming\Mozilla
[2010/12/14 21:33:20 | 000,000,000 | ---D | C] -- C:\Users\Obinna\AppData\Local\Mozilla
[2010/12/14 21:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2010/12/14 21:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/12/14 21:15:32 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2010/12/12 17:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/12/12 17:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2010/12/12 17:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentBar
[2010/12/12 17:46:04 | 000,000,000 | ---D | C] -- C:\extensions
[2010/06/04 21:14:18 | 000,256,560 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2010/06/04 21:14:18 | 000,213,040 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2011/01/03 20:35:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Obinna\Desktop\OTL.exe
[2011/01/03 20:35:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/01/03 20:18:00 | 000,000,910 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1094772569-1696026563-3835395496-1000UA.job
[2011/01/03 19:54:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/03 19:42:09 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/03 19:42:09 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/03 19:35:16 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/01/03 19:35:03 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/03 19:33:11 | 2404,757,504 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/03 19:18:19 | 004,012,705 | R--- | M] () -- C:\Users\Obinna\Desktop\ComboFix.exe
[2011/01/03 19:15:52 | 000,080,384 | ---- | M] () -- C:\Users\Obinna\Desktop\MBRCheck.exe
[2011/01/03 19:06:26 | 001,082,464 | ---- | M] () -- C:\windows\System32\drivers\NIS\1108000.005\Cat.DB
[2011/01/03 18:50:18 | 001,232,020 | ---- | M] () -- C:\Users\Obinna\Desktop\tdsskiller.zip
[2011/01/03 18:05:30 | 000,630,590 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/01/03 18:05:30 | 000,111,732 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/01/03 17:59:34 | 000,410,560 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/01/02 11:54:52 | 000,624,128 | ---- | M] () -- C:\Users\Obinna\Desktop\dds.scr
[2011/01/02 11:34:54 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/02 11:24:58 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Obinna\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/02 11:24:06 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Obinna\Desktop\TFC.exe
[2011/01/02 11:23:48 | 000,296,448 | ---- | M] () -- C:\Users\Obinna\Desktop\9d4w3091.exe
[2010/12/23 00:18:00 | 000,000,858 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1094772569-1696026563-3835395496-1000Core.job
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/12/19 00:31:49 | 443,376,627 | ---- | M] () -- C:\windows\MEMORY.DMP
[2010/12/19 00:15:24 | 000,002,283 | ---- | M] () -- C:\Users\Obinna\Desktop\Google Chrome.lnk
[2010/12/18 11:37:27 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/12/17 11:45:56 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2010/12/16 17:47:39 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2010/12/16 17:13:35 | 000,002,414 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/12/16 01:48:04 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2010/12/16 01:48:04 | 000,007,443 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2010/12/16 01:48:04 | 000,000,805 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2010/12/16 01:40:35 | 000,001,259 | ---- | M] () -- C:\Users\Obinna\Desktop\Norton Installation Files.lnk
[2010/12/14 21:33:17 | 000,001,913 | ---- | M] () -- C:\Users\Obinna\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/14 21:33:17 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/12/13 11:56:11 | 000,211,299 | ---- | M] () -- C:\Users\Public\Documents\DarfieldRoad_CouncilTaxPayment.pdf
[2010/12/04 23:27:50 | 000,001,996 | -H-- | M] () -- C:\Users\Obinna\Documents\Default.rdp

========== Files Created - No Company Name ==========

[2011/01/03 19:24:56 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/01/03 19:24:56 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/01/03 19:24:56 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2011/01/03 19:24:56 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/01/03 19:24:56 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/01/03 19:18:06 | 004,012,705 | R--- | C] () -- C:\Users\Obinna\Desktop\ComboFix.exe
[2011/01/03 19:15:51 | 000,080,384 | ---- | C] () -- C:\Users\Obinna\Desktop\MBRCheck.exe
[2011/01/03 18:50:16 | 001,232,020 | ---- | C] () -- C:\Users\Obinna\Desktop\tdsskiller.zip
[2011/01/02 11:54:52 | 000,624,128 | ---- | C] () -- C:\Users\Obinna\Desktop\dds.scr
[2011/01/02 11:34:54 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/02 11:23:48 | 000,296,448 | ---- | C] () -- C:\Users\Obinna\Desktop\9d4w3091.exe
[2011/01/02 09:23:27 | 2404,757,504 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/19 00:15:24 | 000,002,283 | ---- | C] () -- C:\Users\Obinna\Desktop\Google Chrome.lnk
[2010/12/19 00:13:15 | 000,000,910 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1094772569-1696026563-3835395496-1000UA.job
[2010/12/19 00:13:15 | 000,000,858 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1094772569-1696026563-3835395496-1000Core.job
[2010/12/17 11:45:56 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2010/12/16 17:12:53 | 001,082,464 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\Cat.DB
[2010/12/16 09:53:31 | 000,007,873 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\symefa.cat
[2010/12/16 09:53:31 | 000,007,787 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\symnetv.cat
[2010/12/16 09:53:31 | 000,007,442 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\srtspx.cat
[2010/12/16 09:53:31 | 000,007,438 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\srtsp.cat
[2010/12/16 09:53:31 | 000,007,438 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\iron.cat
[2010/12/16 09:53:31 | 000,007,425 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\symds.cat
[2010/12/16 09:53:31 | 000,007,396 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\cchpx86.cat
[2010/12/16 09:53:31 | 000,007,368 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\symnet.cat
[2010/12/16 09:53:31 | 000,003,373 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\symefa.inf
[2010/12/16 09:53:31 | 000,002,793 | R--- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\symds.inf
[2010/12/16 09:53:31 | 000,001,754 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\cchpx86.inf
[2010/12/16 09:53:31 | 000,001,473 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\symnetv.inf
[2010/12/16 09:53:31 | 000,001,445 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\symnet.inf
[2010/12/16 09:53:31 | 000,001,388 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\srtspx.inf
[2010/12/16 09:53:31 | 000,001,382 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\srtsp.inf
[2010/12/16 09:53:31 | 000,000,741 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\iron.inf
[2010/12/16 09:53:10 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NIS\1108000.005\isolate.ini
[2010/12/16 01:48:04 | 000,007,443 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2010/12/16 01:48:04 | 000,000,805 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2010/12/16 01:48:02 | 000,002,414 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/12/16 01:40:35 | 000,001,259 | ---- | C] () -- C:\Users\Obinna\Desktop\Norton Installation Files.lnk
[2010/12/14 21:33:17 | 000,001,913 | ---- | C] () -- C:\Users\Obinna\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/14 21:33:17 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/12/14 21:15:31 | 443,376,627 | ---- | C] () -- C:\windows\MEMORY.DMP
[2010/12/13 11:56:10 | 000,211,299 | ---- | C] () -- C:\Users\Public\Documents\DarfieldRoad_CouncilTaxPayment.pdf
[2010/11/19 21:51:48 | 000,000,600 | ---- | C] () -- C:\Users\Obinna\AppData\Roaming\winscp.rnd
[2010/10/28 22:29:32 | 000,004,608 | ---- | C] () -- C:\Users\Obinna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/17 21:04:43 | 000,000,924 | ---- | C] () -- C:\Users\Obinna\AppData\Roaming\Rim.Desktop.Exception.log
[2010/08/17 20:59:49 | 000,001,948 | ---- | C] () -- C:\Users\Obinna\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2010/08/03 22:07:23 | 000,011,372 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/07/30 00:47:28 | 000,087,552 | ---- | C] () -- C:\windows\System32\cpwmon2k.dll
[2010/07/21 19:55:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/15 20:18:50 | 000,110,592 | ---- | C] () -- C:\windows\System32\suppdll.dll
[2010/07/15 20:18:50 | 000,035,363 | ---- | C] () -- C:\windows\System32\windrvNT.sys
[2010/07/15 19:41:52 | 000,000,000 | ---- | C] () -- C:\Users\Obinna\AppData\Local\QSwitch.txt
[2010/07/15 19:41:52 | 000,000,000 | ---- | C] () -- C:\Users\Obinna\AppData\Local\DSwitch.txt
[2010/07/15 19:41:52 | 000,000,000 | ---- | C] () -- C:\Users\Obinna\AppData\Local\AtStart.txt
[2010/06/04 21:14:18 | 001,765,168 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2010/06/04 21:14:18 | 000,034,480 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2010/06/04 21:14:18 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010/06/04 20:57:43 | 001,731,176 | ---- | C] () -- C:\windows\System32\nvwdmcpl.dll
[2010/06/04 20:57:43 | 001,612,392 | ---- | C] () -- C:\windows\System32\nView.dll
[2010/06/04 20:57:43 | 001,108,584 | ---- | C] () -- C:\windows\System32\nvwimg.dll
[2010/06/04 20:57:43 | 000,473,704 | ---- | C] () -- C:\windows\System32\nvShell.dll
[2010/06/04 20:04:18 | 000,000,188 | ---- | C] () -- C:\windows\System32\HPWA.ini
[2010/06/04 19:58:49 | 000,000,178 | ---- | C] () -- C:\windows\System32\HPPA.ini
[2010/02/19 08:43:00 | 000,000,256 | ---- | C] () -- C:\windows\System32\vcsAPIShared.dll.hpsign
[2009/11/24 18:57:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPSCEL.dll.hpsign
[2009/11/24 18:57:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApi.dll.hpsign
[2009/11/24 18:57:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPClback.dll.hpsign
[2009/11/24 13:55:38 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApiUI.dll.hpsign
[2009/11/24 13:55:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign
[2009/11/24 13:55:20 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign
[2009/11/11 08:42:48 | 000,110,520 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2009/11/09 11:52:36 | 000,329,272 | ---- | C] () -- C:\windows\System32\flcdlmsg.dll
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2010/09/21 21:14:45 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\AnvSoft
[2010/09/20 21:32:23 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\Ashampoo
[2010/07/23 22:12:10 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\Blackberry Desktop
[2010/11/13 10:13:48 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\DigitalPersona
[2010/10/28 19:23:50 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\ICAClient
[2010/11/13 10:03:35 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\Infineon
[2010/08/17 21:04:49 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\Research In Motion
[2010/12/20 09:43:23 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\Tific
[2010/12/16 01:41:56 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\uTorrent
[2010/07/20 22:50:17 | 000,000,000 | ---D | M] -- C:\Users\Obinna\AppData\Roaming\Windows Home Server
[2010/12/22 10:07:21 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/07/14 01:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2011/01/03 19:37:54 | 000,024,742 | ---- | M] () -- C:\ComboFix.txt
[2011/01/03 19:33:11 | 2404,757,504 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/07 15:19:10 | 327,118,024 | ---- | M] () -- C:\HP_Printer_software_PS_AIO_02_USW_Full_Win_WW_130_140.exe
[2011/01/03 19:33:14 | 3206,344,704 | -HS- | M] () -- C:\pagefile.sys
[2010/11/13 10:01:08 | 000,002,389 | ---- | M] () -- C:\pdfco.log
[2011/01/03 19:24:38 | 000,077,168 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_03.01.2011_18.51.29_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 04:52:25 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 04:52:25 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 04:52:25 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 04:52:25 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:31:19 | 000,000,065 | -H-- | M] () -- C:\windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/03/15 14:32:10 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2009/07/14 01:15:26 | 000,280,064 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzppw71.dll
[2009/07/14 01:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009/07/14 01:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/23 00:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 04:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/15 20:31:18 | 000,000,221 | -HS- | M] () -- C:\Users\Obinna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/01/02 11:23:48 | 000,296,448 | ---- | M] () -- C:\Users\Obinna\Desktop\9d4w3091.exe
[2011/01/03 19:18:19 | 004,012,705 | R--- | M] () -- C:\Users\Obinna\Desktop\ComboFix.exe
[2011/01/02 11:24:58 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Obinna\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/03 19:15:52 | 000,080,384 | ---- | M] () -- C:\Users\Obinna\Desktop\MBRCheck.exe
[2011/01/03 20:35:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Obinna\Desktop\OTL.exe
[2011/01/02 11:24:06 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Obinna\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2009/08/10 22:31:00 | 000,013,022 | ---- | M] () -- C:\Windows\snp2uvc.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 21:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/06/04 21:06:48 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/06/04 21:06:48 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/06/04 21:06:48 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/06/04 21:06:48 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/06/04 21:06:48 | 000,786,432 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2010/06/04 21:06:48 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/11/13 10:00:25 | 000,000,402 | -HS- | M] () -- C:\Users\Obinna\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/11/10 23:00:07 | 000,011,372 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMPE406C3E

< End of report >

Obi3000 · Jan 3, 2011

OTL Extras logfile created on: 1/3/2011 8:37:09 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Obinna\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.79 Gb Total Space | 236.51 Gb Free Space | 84.23% Space Free | Partition Type: NTFS

Computer Name: HP-NOTEBOOK | User Name: Obinna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Obinna\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17DA6412-EC90-42D1-A9A4-661416750025}" = HP SkyRoom
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server Connector
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2A08C71B-CC60-42EA-8DA2-FE5486E3B20B}" = Remote Graphics Sender
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4DC71B23-A996-42D3-8E4B-092BB3CDB71C}" = Embedded Security for HP ProtectTools
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EE201CD-5A61-4749-9EEC-28CE86E9EE90}" = Remote Graphics Receiver
"{518C838E-A21C-40BE-B844-648040C2491D}" = HP Wireless Assistant
"{544FFB43-6682-4E15-AD12-BE0F04CC21E5}" = HP User Guides 0160
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{58215966-9BA6-485D-B8DA-4AE31150B92E}" = HP Common Access Service Library
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67C090D6-109A-47D7-8DED-4160C4D96F32}" = HP 3D DriveGuard
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78365FC6-09CA-4AC3-BC01-70FB46596047}" = Validity Fingerprint Driver
"{7861911B-4270-498A-8F7A-FCF0570F484B}" = HP QuickWeb
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{871732B3-1EE5-4C54-8462-8BFF516880B7}" = HP ESU for Microsoft Windows 7
"{883FDE02-EBF8-4D59-87FB-5FF410A35A6C}" = Remote Graphics Sender
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{964D0D1C-1D28-4802-8EE8-345CC8D2633B}" = HP Data Vault 3.0 Update 1
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{98BCAD50-58AE-4EDD-9BBA-388B221E750B}" = Privacy Manager for HP ProtectTools
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{a1f89c34-f061-447d-ac10-b5f1896a5923}" = C4380_Help
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext
"{BAEE9CD5-A680-43A2-A5FA-6F700C5AD45A}" = HP QuickLook
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{C83002C4-450F-40B1-B7FC-29A04CE69646}" = HP ProtectTools Security Manager
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4CFC5F3-481C-40AA-9944-E7E4E732136C}" = Microsoft IntelliType Pro 8.0
"{D6782B98-BDC0-45F4-A046-9D26C475CBF8}" = Drive Encryption for HP ProtectTools
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB8FCBE8-B9AE-455D-B9FE-55BB06F165CF}" = C4380
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E366F338-BF6E-4165-BDDB-3DCCB3388F9F}" = HP Power Data
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EEB023B5-8EBE-4BEB-90C8-BDA16ABEDBB4}" = HP Power Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{FD8234FF-A70D-4632-B146-F41AB37C0B24}" = HP Business Card Reader
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 3.0.7
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"conduitEngine" = Conduit Engine
"CutePDF Writer Installation" = CutePDF Writer 2.7
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"HPProtectTools" = HP ProtectTools Security Manager
"InstallShield_{17DA6412-EC90-42D1-A9A4-661416750025}" = HP SkyRoom
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PDF Complete" = PDF Complete Special Edition
"PROSet" = Intel(R) Network Connections Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.9

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Folder Lock" = Folder Lock
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/3/2011 1:59:56 PM | Computer Name = HP-Notebook | Source = MSSConnectorService | ID = 0
Description = The remote name could not be resolved: 'hp-storage' at System.Net.HttpWebRequest.GetResponse()

at MSSConnectorService.MSSLongPoller.Poll()

Error - 1/3/2011 1:59:58 PM | Computer Name = HP-Notebook | Source = MSSConnectorService | ID = 0
Description = The remote name could not be resolved: 'hp-storage' at System.Net.HttpWebRequest.GetResponse()

at MSSConnectorService.MSSLongPoller.Poll()

Error - 1/3/2011 2:00:01 PM | Computer Name = HP-Notebook | Source = MSSConnectorService | ID = 0
Description = The remote name could not be resolved: 'hp-storage' at System.Net.HttpWebRequest.GetResponse()

at MSSConnectorService.MSSLongPoller.Poll()

Error - 1/3/2011 2:30:44 PM | Computer Name = HP-Notebook | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Research
In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/3/2011 2:30:54 PM | Computer Name = HP-Notebook | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Dependent Assembly
Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/3/2011 2:31:09 PM | Computer Name = HP-Notebook | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\hewlett-packard\hp
skyroom\remote graphics receiver\hprpusb\64-bit\DPInst.exe". Dependent Assembly
Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/3/2011 3:33:25 PM | Computer Name = HP-Notebook | Source = MSSConnectorService | ID = 0
Description = The remote name could not be resolved: 'hp-storage' at System.Net.HttpWebRequest.GetResponse()

at MSSConnectorService.MSSLongPoller.Poll()

Error - 1/3/2011 3:33:25 PM | Computer Name = HP-Notebook | Source = MSSConnectorService | ID = 0
Description = The remote name could not be resolved: 'hp-storage' at System.Net.HttpWebRequest.GetResponse()

at MSSConnectorService.MSSLongPoller.Poll()

Error - 1/3/2011 3:33:25 PM | Computer Name = HP-Notebook | Source = MSSConnectorService | ID = 0
Description = The remote name could not be resolved: 'hp-storage' at System.Net.HttpWebRequest.GetResponse()

at MSSConnectorService.MSSLongPoller.Poll()

Error - 1/3/2011 3:33:25 PM | Computer Name = HP-Notebook | Source = MSSConnectorService | ID = 0
Description = The remote name could not be resolved: 'hp-storage' at System.Net.HttpWebRequest.GetResponse()

at MSSConnectorService.MSSLongPoller.Poll()

[ Hewlett-Packard Events ]
Error - 7/23/2010 4:43:42 PM | Computer Name = HP-Notebook | Source = Hewlett-Packard | ID = 0
Description = en-GB Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/23/2010 4:43:43 PM | Computer Name = HP-Notebook | Source = Hewlett-Packard | ID = 0
Description = en-GB Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 8/7/2010 9:28:34 AM | Computer Name = HP-Notebook | Source = Hewlett-Packard | ID = 0
Description =

Error - 8/22/2010 4:37:24 PM | Computer Name = HP-Notebook | Source = Hewlett-Packard | ID = 0
Description = en-GB Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainTuneUpProgress.bgScan_RunWorkerCompleted(Object sender,
RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)

at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error - 11/10/2010 6:32:04 PM | Computer Name = HP-Notebook | Source = Hewlett-Packard | ID = 0
Description = en-GB Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 11/10/2010 6:32:04 PM | Computer Name = HP-Notebook | Source = Hewlett-Packard | ID = 0
Description = en-GB Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 11/13/2010 5:19:25 AM | Computer Name = HP-Notebook | Source = Hewlett-Packard | ID = 0
Description = en-GB Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

[ HP Power Assistant Events ]
Error - 12/22/2010 9:00:55 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)

Error - 12/22/2010 9:01:55 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)

Error - 12/22/2010 9:02:55 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)

Error - 12/22/2010 9:03:55 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)

Error - 12/22/2010 9:04:55 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)

Error - 12/22/2010 9:05:55 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)

Error - 12/22/2010 9:06:55 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)

Error - 12/22/2010 9:07:55 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
Description = System.Exception GetPMCData() failed : 597 at HP_Common.CaslWrapper.GetPMCData(GetPMCDataOutput&
pmcData) at HPPA_Service.CurrentConfiguration.getPMCData(GetPMCDataOutput& pmcData)

Error - 12/22/2010 9:08:02 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.SinkForEventQuery.Cancel()
at System.Management.ManagementEventWatcher.Stop() at MessageHandlers.MessageHandler.stopListening()

Error - 12/22/2010 9:08:03 AM | Computer Name = HP-Notebook | Source = HP PA Service | ID = 0
Description = System.Runtime.InteropServices.COMException (0x800706BA): The RPC
server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.SinkForEventQuery.Cancel()
at System.Management.ManagementEventWatcher.Stop() at System.Management.ManagementEventWatcher.Finalize()

[ HP Wireless Assistant Events ]
Error - 12/17/2010 7:18:34 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/17/2010 7:19:34 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/17/2010 7:21:34 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/17/2010 7:22:34 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/17/2010 7:24:34 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/17/2010 7:25:34 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/17/2010 7:27:34 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/17/2010 7:28:34 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/17/2010 7:30:34 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/17/2010 7:31:34 PM | Computer Name = HP-Notebook | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ System Events ]
Error - 1/3/2011 1:59:42 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7000
Description = The Ricoh xD-Picture Card Driver service failed to start due to the
following error: %%1058

Error - 1/3/2011 1:59:42 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7000
Description = The rixdpcie service failed to start due to the following error: %%1058

Error - 1/3/2011 3:24:38 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 1/3/2011 3:25:38 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 1/3/2011 3:33:20 PM | Computer Name = HP-Notebook | Source = EventLog | ID = 6008
Description = The previous system shutdown at 19:32:41 on ?03/?01/?2011 was unexpected.

Error - 1/3/2011 3:33:23 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7000
Description = The rimspci service failed to start due to the following error: %%1058

Error - 1/3/2011 3:33:23 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7000
Description = The rimsptsk service failed to start due to the following error: %%1058

Error - 1/3/2011 3:33:23 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7000
Description = The risdpcie service failed to start due to the following error: %%1058

Error - 1/3/2011 3:33:23 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7000
Description = The Ricoh xD-Picture Card Driver service failed to start due to the
following error: %%1058

Error - 1/3/2011 3:33:23 PM | Computer Name = HP-Notebook | Source = Service Control Manager | ID = 7000
Description = The rixdpcie service failed to start due to the following error: %%1058

< End of report >

Broni · Jan 3, 2011

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

====================================================================

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/07/21 19:55:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:DE406C3E


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
=====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Obi3000 · Jan 3, 2011

OTL log

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\ProgramData\ezsidmv.dat moved successfully.
ADS C:\ProgramData\TEMPE406C3E deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Obinna
->Temp folder emptied: 56126 bytes
->Temporary Internet Files folder emptied: 15201418 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 7040371 bytes
->Flash cache emptied: 615 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6941 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 21.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Obinna
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.1 log created on 01032011_213005

Files\Folders moved on Reboot...
C:\Users\Obinna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\C9320E64-EE0F-4422-B6DA-C0F3768C080E.dat moved successfully.
C:\Users\Obinna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFDWG4A\ads[5].htm moved successfully.
C:\Users\Obinna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7IR5WEXY\sh29[1].htm moved successfully.
C:\Users\Obinna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4CCTWHM6\crosspixel-dest[1].htm moved successfully.

Registry entries deleted on Reboot...

Obi3000 · Jan 3, 2011

security Check Log

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````

Obi3000 · Jan 3, 2011

ESSET_Scan log

C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\crack_RosettaStoneVersion3.exe NSIS/TrojanDownloader.Agent.NDK trojan
C:\swsetup\Wpaper\Disk1\Setup.exe probably a variant of Win32/Adware.Agent.FRYYPNJ application

Broni · Jan 3, 2011

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

make sure, you have both boxes UN-checked AND (important!) click on Decline button

=====================================================================

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL

:Services

:Reg

:Files
C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\crack_RosettaStoneVersion3.exe 
C:\swsetup\Wpaper\Disk1\Setup.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
=====================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

Obi3000 · Jan 4, 2011

Thanks for all your help Broni.. I have completed all the steps and my computer is working perfectly now.
Final logs below

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\crack_RosettaStoneVersion3.exe moved successfully.
C:\swsetup\Wpaper\Disk1\Setup.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Obinna
->Temp folder emptied: 15120890 bytes
->Temporary Internet Files folder emptied: 57197625 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 649 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21064 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 69.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Obinna
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.1 log created on 01042011_093618

Files\Folders moved on Reboot...
C:\Users\Obinna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\C9320E64-EE0F-4422-B6DA-C0F3768C080E.dat moved successfully.
C:\Users\Obinna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QCUQL1FH\sh29[1].htm moved successfully.
C:\Users\Obinna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EADRGGNL\crosspixel-dest[1].htm moved successfully.
C:\Users\Obinna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C49VZRNF\ads[1].htm moved successfully.

Registry entries deleted on Reboot...

Obi3000 · Jan 4, 2011

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Obinna
->Temp folder emptied: 98601 bytes
->Temporary Internet Files folder emptied: 3729275 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15515 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Obinna
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.1 log created on 01042011_101608

Files\Folders moved on Reboot...
C:\Users\Obinna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\C9320E64-EE0F-4422-B6DA-C0F3768C080E.dat moved successfully.
C:\Users\Obinna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y3GYI9TH\ads[2].htm moved successfully.
C:\Users\Obinna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y3GYI9TH\sh29[1].htm moved successfully.
C:\Users\Obinna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYOZE86X\crosspixel-dest[1].htm moved successfully.
C:\Users\Obinna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYOZE86X\iframes_api_loader[1].htm moved successfully.

Registry entries deleted on Reboot...

Broni · Jan 4, 2011

Way to go!!
Good luck and stay safe

TechSpot

[Solved] Help to remove Virus/Malware causing Redirection, Playing Sounds, Blue Screen Crash

Obi3000 Newcomer, in training

Obi3000 Newcomer, in training

Broni Malware Annihilator

Obi3000 Newcomer, in training

Broni Malware Annihilator

Obi3000 Newcomer, in training

Obi3000 Newcomer, in training

Broni Malware Annihilator

Obi3000 Newcomer, in training

Obi3000 Newcomer, in training

Obi3000 Newcomer, in training

Broni Malware Annihilator

Obi3000 Newcomer, in training

Obi3000 Newcomer, in training

Obi3000 Newcomer, in training

Broni Malware Annihilator

Obi3000 Newcomer, in training

Obi3000 Newcomer, in training

Broni Malware Annihilator