TechSpot

Malware virus won't remove

Inactive
By stijpn2012
Jan 9, 2012
  1. stijpn2012

    stijpn2012 TS Rookie Topic Starter Posts: 40

    No browser open. It appears on the desktop screen lower right hand
     
  2. Broni

    Broni Malware Annihilator Posts: 47,048   +255

    You have some McAfee leftovers.
    Run this tool to remove them: http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html

    Then....

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-4127392227-4110423628-1724150597-1392\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
      O4 - HKU\S-1-5-21-4127392227-4110423628-1724150597-1392..\Run: [RegWriteNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS] C:\Users\bbailey\SoftRecovery\RegWrite.lnk ()
      O4 - HKU\S-1-5-21-4127392227-4110423628-1724150597-1392..\Run: [SystemBootNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS] C:\Users\bbailey\UserProfile\SystemBoot.lnk ()
      O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
      @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2CFBE2D1
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5C321E34
      
      :Files
      C:\Users\bbailey\SoftRecovery\RegWrite.lnk
      C:\Users\bbailey\UserProfile\SystemBoot.lnk
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.
     
  3. stijpn2012

    stijpn2012 TS Rookie Topic Starter Posts: 40

    I got a "Error creating log file" message after running the OTL scan.

    Pressed ok and then PC rebooted

    After logging back in Notepad came up but with the same error creating log file message then another error message "network path not found"

    The notepad remained empty
     
  4. Broni

    Broni Malware Annihilator Posts: 47,048   +255

    Run the fix from safe mode.
     
  5. stijpn2012

    stijpn2012 TS Rookie Topic Starter Posts: 40

    Same error message running in safe mode
     
  6. Broni

    Broni Malware Annihilator Posts: 47,048   +255

    Delete your OTL file, download fresh one and try the fix from safe mode again.
     
  7. stijpn2012

    stijpn2012 TS Rookie Topic Starter Posts: 40

    Deleted file, downloaded again, ran in safe mode again, but same error message

    Also some good news the advertising pop up wasn't there when i started up my PC just FYI
     
  8. Broni

    Broni Malware Annihilator Posts: 47,048   +255

    Good news :)

    Run OTL 'Quick scan" (no custom script) and post new log.
     
  9. stijpn2012

    stijpn2012 TS Rookie Topic Starter Posts: 40

    ========== Processes (SafeList) ==========

    PRC - [2012/01/12 02:29:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\OTL.exe
    PRC - [2012/01/08 21:50:51 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2012/01/08 21:50:50 | 000,254,034 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
    PRC - [2012/01/08 21:50:50 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe
    PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/11/22 12:30:18 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    PRC - [2011/08/17 14:08:20 | 000,133,176 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
    PRC - [2011/08/17 14:07:54 | 002,944,056 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
    PRC - [2011/07/05 17:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/06/24 13:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    PRC - [2011/05/27 16:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\Scrybe\scrybe.exe
    PRC - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
    PRC - [2011/02/25 14:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/10/19 12:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
    PRC - [2010/07/16 14:54:06 | 000,300,880 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
    PRC - [2010/07/13 14:00:20 | 000,095,800 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP FastLook\HPDayStarterService.exe
    PRC - [2010/04/21 12:12:36 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2010/04/21 12:12:36 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2010/04/21 12:12:34 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    PRC - [2010/04/21 12:12:34 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    PRC - [2010/04/21 12:12:32 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2010/04/06 02:41:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2010/04/06 02:40:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/11/21 07:10:06 | 000,124,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
    PRC - [2009/11/21 06:39:16 | 000,081,920 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
    PRC - [2009/11/21 06:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
    PRC - [2009/11/21 06:38:56 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
    PRC - [2009/11/20 04:01:10 | 003,788,800 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
    PRC - [2009/11/20 02:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
    PRC - [2009/11/20 02:32:12 | 000,442,368 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
    PRC - [2009/11/12 06:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
    PRC - [2009/11/12 00:42:40 | 000,277,096 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    PRC - [2009/11/05 06:46:40 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/11/05 06:46:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/11/05 06:46:30 | 001,098,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    PRC - [2009/09/05 05:43:40 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2009/09/05 05:43:38 | 002,360,608 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    PRC - [2009/09/05 05:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    PRC - [2009/08/04 05:32:22 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/01/05 14:06:43 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
    MOD - [2012/01/05 14:06:32 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
    MOD - [2011/12/29 01:21:31 | 000,092,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
    MOD - [2011/12/29 01:21:31 | 000,077,880 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
    MOD - [2011/11/28 22:51:51 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
    MOD - [2011/11/28 22:50:36 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
    MOD - [2011/11/25 17:58:35 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
    MOD - [2011/11/25 17:58:34 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
    MOD - [2011/11/25 17:58:17 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll
    MOD - [2011/11/25 17:58:17 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll
    MOD - [2011/11/25 17:58:16 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
    MOD - [2011/11/25 17:58:08 | 014,339,072 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
    MOD - [2011/11/25 17:57:50 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
    MOD - [2011/11/25 17:57:42 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
    MOD - [2011/11/25 17:57:40 | 012,234,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
    MOD - [2011/11/25 17:57:30 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
    MOD - [2011/11/25 17:57:23 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
    MOD - [2011/11/25 17:57:19 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
    MOD - [2011/11/25 17:57:14 | 007,963,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
    MOD - [2011/11/25 17:56:57 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
    MOD - [2011/09/26 22:33:02 | 000,877,112 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
    MOD - [2011/08/01 11:02:36 | 000,886,272 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.DLL
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/03/31 19:31:02 | 000,066,856 | ---- | M] () -- C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
    MOD - [2010/11/04 17:58:06 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2009/09/05 05:43:54 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
    MOD - [2009/07/25 05:10:56 | 008,024,064 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtGui4.dll
    MOD - [2009/07/25 05:10:28 | 002,199,552 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtCore4.dll
    MOD - [2009/06/11 06:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    MOD - [2008/01/10 04:10:42 | 000,159,744 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\iceutil32.dll
    MOD - [2008/01/10 04:10:00 | 000,167,936 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\icessl32.dll
    MOD - [2008/01/10 04:08:00 | 001,245,184 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\ice32.dll
    MOD - [2008/01/10 04:06:54 | 000,065,536 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\bzip2.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Running] -- -- (Hp.Skyroom.Windows.Service)
    SRV - [2012/01/08 21:50:50 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
    SRV - [2012/01/08 21:50:50 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)
    SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/08/17 14:08:20 | 000,133,176 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
    SRV - [2011/07/05 17:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
    SRV - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
    SRV - [2010/10/19 12:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
    SRV - [2010/07/16 14:54:06 | 000,300,880 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
    SRV - [2010/07/13 14:00:20 | 000,095,800 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP FastLook\HPDayStarterService.exe -- (HPDayStarterService)
    SRV - [2010/04/21 12:12:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2010/04/21 12:12:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2010/04/21 12:12:34 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2010/04/21 12:12:34 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
    SRV - [2010/04/21 12:12:32 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2010/04/06 02:40:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2009/11/20 02:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe -- (rgsender)
    SRV - [2009/11/12 00:42:40 | 000,277,096 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
    SRV - [2009/11/05 06:46:40 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2009/11/05 06:46:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2009/10/22 10:30:46 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
    SRV - [2009/09/05 05:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV - [2009/08/04 05:32:22 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2009/07/14 10:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/14 10:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 10:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/14 10:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)


    ========== Driver Services (SafeList) ==========

    DRV - [2012/01/08 21:50:51 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2011/12/29 01:18:36 | 007,435,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel(R)
    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/11/08 18:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011/11/08 18:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/10/18 07:09:40 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120111.002\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/10/18 07:09:40 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120111.002\NAVENG.SYS -- (NAVENG)
    DRV - [2011/05/27 16:07:50 | 006,758,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
    DRV - [2011/03/15 17:17:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
    DRV - [2011/03/15 17:17:20 | 000,026,168 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
    DRV - [2011/02/25 13:50:52 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/11/20 04:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
    DRV - [2010/11/20 04:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
    DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 02:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
    DRV - [2010/11/20 02:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
    DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
    DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
    DRV - [2010/06/03 16:55:50 | 001,763,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV - [2010/04/21 12:12:38 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
    DRV - [2010/04/21 12:12:36 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2010/04/21 12:12:36 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2010/04/21 12:12:36 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2010/04/21 12:12:34 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
    DRV - [2010/04/21 12:12:34 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
    DRV - [2010/04/21 12:12:30 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2010/04/21 12:12:30 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2010/04/21 12:12:30 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2010/04/06 00:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel(R)
    DRV - [2010/02/27 22:01:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
    DRV - [2010/02/04 12:06:36 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV - [2009/11/12 00:43:00 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
    DRV - [2009/11/12 00:42:52 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
    DRV - [2009/11/12 00:42:50 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
    DRV - [2009/11/12 00:42:48 | 000,110,520 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
    DRV - [2009/10/29 09:55:00 | 000,047,616 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\risdpe86.sys -- (risdpcie)
    DRV - [2009/10/27 06:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rimspe86.sys -- (rimspci)
    DRV - [2009/09/29 06:47:00 | 000,038,912 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rixdpe86.sys -- (rixdpcie)
    DRV - [2009/09/18 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
    DRV - [2009/08/04 05:32:22 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009/07/21 07:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
    DRV - [2009/07/14 08:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/14 08:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
    DRV - [2009/07/14 08:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
    DRV - [2009/06/26 08:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2009/06/26 08:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rixdptsk.sys -- (rismxdp)
    DRV - [2009/06/26 08:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rimsptsk.sys -- (rimsptsk)
    DRV - [2009/04/29 23:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com/
    IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/12/29 01:13:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor


    O1 HOSTS File: ([2012/01/11 04:42:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
    O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - HKCU..\Run: [RegWriteNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS] C:\Users\bbailey\SoftRecovery\RegWrite.lnk ()
    O4 - HKCU..\Run: [SystemBootNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS] C:\Users\bbailey\UserProfile\SystemBoot.lnk ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games – Matchmaking)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab (WebGameLoader Class)
    O16 - DPF: {4E1318B0-53F0-4274-99FB-F5621625340D} http://rdnariw2k302/installOperaPrintCtrl.exe (OperaPrintControl Object)
    O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} http://zone.msn.com/bingame/amad/default/atomaders.cab (AtlAtomadersCtlAttrib Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab (MSN Games – Hearts)
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab (MSN Games – Texas Holdem Poker)
    O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {DAAC8ECF-DB09-4821-8126-E2C9499A20BA} http://rdnariw2k302/installregterm.exe (RegTerminalSrv Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 4.2.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = radisson.local
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F839DFF8-444A-4499-9279-19F3E7C857C4}: DhcpNameServer = 4.2.2.1
    O18 - Protocol\Handler\dssrequest - No CLSID value found
    O18 - Protocol\Handler\sacore - No CLSID value found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/12 02:30:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\OTL.exe
    [2012/01/12 02:17:04 | 000,000,000 | ---D | C] -- C:\HP_RECOVERY_mountHPSF
    [2012/01/11 04:43:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/01/11 04:43:46 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\temp
    [2012/01/11 04:13:22 | 004,376,389 | R--- | C] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix.exe
    [2012/01/11 03:58:06 | 004,377,322 | ---- | C] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe
    [2012/01/11 03:27:08 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2012/01/11 03:12:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2012/01/11 03:12:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2012/01/11 03:12:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2012/01/11 03:11:29 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/10 08:09:58 | 004,713,472 | ---- | C] (AVAST Software) -- \\rn-fs2\Users$\bbailey\Desktop\aswMBR.exe
    [2012/01/10 07:48:03 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- \\rn-fs2\Users$\bbailey\Desktop\tdsskiller.exe
    [2012/01/08 21:52:05 | 012,705,884 | ---- | C] (IDT, Inc.) -- C:\windows\System32\idtcpl.cpl
    [2012/01/08 21:52:05 | 001,953,792 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stlang.dll
    [2012/01/08 21:52:05 | 000,495,708 | ---- | C] (IDT, Inc.) -- C:\windows\sttray.exe
    [2012/01/08 21:52:00 | 000,179,712 | ---- | C] (IDT, Inc.) -- C:\windows\System32\staco.dll
    [2012/01/08 21:51:20 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\windows\System32\drivers\stwrt.sys
    [2012/01/08 21:51:18 | 000,934,912 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stapo.dll
    [2012/01/08 21:51:18 | 000,531,968 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stapi32.dll
    [2012/01/08 21:51:18 | 000,405,504 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stcplx.dll
    [2012/01/08 21:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
    [2012/01/07 12:53:14 | 000,000,000 | ---D | C] -- \\rn-fs2\Users$\bbailey\Desktop\gmer
    [2012/01/07 12:37:53 | 000,607,260 | R--- | C] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\dds.scr
    [2012/01/07 08:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/07 08:50:02 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
    [2012/01/07 08:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/01/07 07:24:43 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
    [2012/01/07 06:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/01/06 23:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/01/06 23:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/01/06 23:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/01/06 23:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012/01/06 23:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2012/01/06 18:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/01/06 18:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/01/06 08:47:14 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\GlarySoft
    [2012/01/06 08:32:20 | 000,000,000 | ---D | C] -- C:\windows\pss
    [2012/01/06 08:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\WinASO
    [2012/01/06 04:56:33 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Apps
    [2012/01/05 23:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
    [2012/01/05 13:30:31 | 000,000,000 | ---D | C] -- C:\a4a5b20479313b238579215fc2
    [2012/01/03 08:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
    [2012/01/03 08:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2012/01/02 12:59:38 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\IObit
    [2012/01/02 12:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
    [2012/01/02 12:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
    [2012/01/02 10:55:44 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Malwarebytes
    [2012/01/02 10:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/12/31 18:36:11 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Synaptics
    [2011/12/31 08:39:52 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\PokerStars
    [2011/12/31 08:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
    [2011/12/31 08:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrybe
    [2011/12/31 08:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
    [2011/12/31 08:02:27 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\windows\System32\SynTPCo9.dll
    [2011/12/29 13:39:41 | 000,000,000 | ---D | C] -- \\rn-fs2\Users$\bbailey\My Documents\Outlook Files
    [2011/12/29 12:50:18 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Roxio
    [2011/12/29 05:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/12/29 05:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/12/29 04:57:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Trend Micro
    [2011/12/29 04:57:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Panicware
    [2011/12/29 04:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panicware
    [2011/12/29 04:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Panicware
    [2011/12/29 01:24:22 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Downloaded Installations
    [2011/12/29 01:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Portrait Displays
    [2011/12/29 01:21:13 | 000,000,000 | ---D | C] -- \\rn-fs2\Users$\bbailey\Desktop\RT
    [2011/12/29 01:21:09 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Hewlett-Packard Company
    [2011/12/29 01:17:31 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\InstallShield
    [2011/12/29 01:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
    [2011/12/29 01:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall
    [2011/12/29 01:13:52 | 000,000,000 | R--D | C] -- C:\Users\bbailey\Pictures
    [2011/12/29 01:13:52 | 000,000,000 | R--D | C] -- C:\Users\bbailey\Desktop
    [2011/12/29 01:13:52 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Programs
    [2011/12/29 01:13:51 | 000,000,000 | R--D | C] -- C:\Users\bbailey\Videos
    [2011/12/29 01:13:51 | 000,000,000 | R--D | C] -- C:\Users\bbailey\Music
    [2011/12/29 01:13:38 | 000,000,000 | ---D | C] -- C:\windows\DPDrv
    [2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\zh-Hant
    [2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\zh-Hans
    [2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\ja
    [2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\it
    [2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\fr
    [2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\es
    [2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\de
    [2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\cs
    [2011/12/28 23:31:05 | 000,000,000 | ---D | C] --
     
  10. stijpn2012

    stijpn2012 TS Rookie Topic Starter Posts: 40

    ========== Files - Modified Within 30 Days ==========

    [2012/01/12 02:45:54 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/01/12 02:45:54 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/01/12 02:39:23 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/01/12 02:38:25 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
    [2012/01/12 02:38:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/01/12 02:37:58 | 2352,513,024 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/12 02:29:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\OTL.exe
    [2012/01/12 02:03:03 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/01/11 04:42:10 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
    [2012/01/11 04:13:54 | 004,376,389 | R--- | M] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix.exe
    [2012/01/11 03:58:50 | 004,377,322 | ---- | M] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe
    [2012/01/11 03:57:40 | 000,000,000 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe.6o5k40p.partial
    [2012/01/11 02:55:15 | 000,055,214 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\bootkit_remover.zip
    [2012/01/10 08:22:05 | 000,000,512 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\MBR.dat
    [2012/01/10 08:10:31 | 004,713,472 | ---- | M] (AVAST Software) -- \\rn-fs2\Users$\bbailey\Desktop\aswMBR.exe
    [2012/01/10 07:47:56 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- \\rn-fs2\Users$\bbailey\Desktop\tdsskiller.exe
    [2012/01/10 07:46:59 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
    [2012/01/10 07:46:47 | 000,661,410 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2012/01/10 07:46:47 | 000,121,296 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2012/01/10 01:05:38 | 585,239,942 | ---- | M] () -- C:\windows\MEMORY.DMP
    [2012/01/08 21:50:51 | 001,953,792 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stlang.dll
    [2012/01/08 21:50:51 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\windows\sttray.exe
    [2012/01/08 21:50:51 | 000,431,616 | ---- | M] (IDT, Inc.) -- C:\windows\System32\drivers\stwrt.sys
    [2012/01/08 21:50:50 | 012,705,884 | ---- | M] (IDT, Inc.) -- C:\windows\System32\idtcpl.cpl
    [2012/01/08 21:50:50 | 000,934,912 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stapo.dll
    [2012/01/08 21:50:50 | 000,531,968 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stapi32.dll
    [2012/01/08 21:50:50 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stcplx.dll
    [2012/01/08 21:50:50 | 000,179,712 | ---- | M] (IDT, Inc.) -- C:\windows\System32\staco.dll
    [2012/01/07 12:49:25 | 000,294,216 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\gmer.zip
    [2012/01/07 12:36:15 | 000,607,260 | R--- | M] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\dds.scr
    [2012/01/07 08:50:11 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/06 23:25:09 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/01/06 23:20:37 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/01/06 23:19:01 | 000,002,503 | ---- | M] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2012/01/06 23:19:01 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
    [2012/01/06 18:28:46 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
    [2012/01/06 02:58:59 | 000,001,047 | ---- | M] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
    [2012/01/06 02:58:59 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk
    [2012/01/05 13:16:35 | 000,007,426 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012/01/03 08:47:22 | 001,541,924 | ---- | M] () -- C:\windows\System32\drivers\Cat.DB
    [2011/12/31 08:02:40 | 000,002,669 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
    [2011/12/29 20:00:25 | 000,000,328 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForbbailey.job
    [2011/12/29 04:41:27 | 000,002,560 | ---- | M] () -- C:\windows\_MSRSTRT.EXE
    [2011/12/29 02:48:36 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/12/29 01:21:30 | 000,000,178 | ---- | M] () -- C:\windows\System32\HPPA.ini
    [2011/12/28 08:22:57 | 000,001,490 | ---- | M] () -- C:\user.js
    [2011/12/15 15:24:49 | 000,408,488 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2012/01/11 03:57:40 | 000,000,000 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe.6o5k40p.partial
    [2012/01/11 03:12:17 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2012/01/11 03:12:17 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2012/01/11 03:12:17 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2012/01/11 03:12:17 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2012/01/11 03:12:17 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2012/01/10 08:25:55 | 000,055,214 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\bootkit_remover.zip
    [2012/01/10 08:22:05 | 000,000,512 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\MBR.dat
    [2012/01/07 12:49:47 | 000,294,216 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\gmer.zip
    [2012/01/07 08:50:11 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/06 23:25:09 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/01/06 23:20:37 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/01/05 23:21:47 | 000,001,047 | ---- | C] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
    [2012/01/05 23:21:47 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.lnk
    [2012/01/03 08:44:52 | 001,541,924 | ---- | C] () -- C:\windows\System32\drivers\Cat.DB
    [2011/12/31 08:02:40 | 000,002,669 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
    [2011/12/31 04:48:57 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
    [2011/12/29 04:41:26 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
    [2011/12/29 01:15:40 | 000,001,641 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDT HD Audio.lnk
    [2011/12/28 08:22:55 | 000,001,490 | ---- | C] () -- C:\user.js
    [2011/11/24 18:06:02 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
    [2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign
    [2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign
    [2011/02/25 13:20:37 | 000,000,085 | ---- | C] () -- C:\windows\TermReg.ini
    [2011/02/25 13:13:52 | 000,007,426 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/01/03 21:55:50 | 001,763,968 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
    [2011/01/03 21:55:50 | 000,033,280 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
    [2011/01/03 21:55:50 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
    [2011/01/03 21:55:50 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
    [2010/09/15 14:04:14 | 000,000,178 | ---- | C] () -- C:\windows\System32\HPPA.ini
    [2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPSCEL.dll.hpsign
    [2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApi.dll.hpsign
    [2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPClback.dll.hpsign
    [2010/07/15 16:01:46 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApiUI.dll.hpsign
    [2010/06/03 15:05:28 | 000,127,868 | ---- | C] () -- C:\windows\System32\igcompkrng575.bin
    [2010/06/03 15:05:26 | 000,104,636 | ---- | C] () -- C:\windows\System32\igfcg575m.bin
    [2010/06/03 15:05:24 | 000,870,560 | ---- | C] () -- C:\windows\System32\igkrng575.bin
    [2010/06/03 14:19:12 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
    [2010/06/03 14:15:30 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
    [2010/06/03 14:15:28 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
    [2009/11/12 00:42:48 | 000,110,520 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
    [2009/10/23 01:56:00 | 000,000,256 | ---- | C] () -- C:\windows\System32\vcsAPIShared.dll.hpsign
    [2009/07/14 13:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
    [2009/07/14 13:33:53 | 000,408,488 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
    [2009/07/14 11:05:48 | 000,661,410 | ---- | C] () -- C:\windows\System32\perfh009.dat
    [2009/07/14 11:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
    [2009/07/14 11:05:48 | 000,121,296 | ---- | C] () -- C:\windows\System32\perfc009.dat
    [2009/07/14 11:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
    [2009/07/14 11:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
    [2009/07/14 11:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
    [2009/07/14 08:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
    [2009/07/14 08:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
    [2009/07/14 08:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
    [2009/07/14 07:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
    [2009/07/14 07:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
    [2009/07/14 07:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
    [2009/07/14 07:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
    [2009/06/11 06:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

    ========== LOP Check ==========

    [2011/12/28 08:22:49 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\Babylon
    [2011/09/27 10:20:18 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\DigitalPersona
    [2012/01/06 08:47:14 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\GlarySoft
    [2012/01/02 13:14:39 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\IObit
    [2011/10/01 16:57:06 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\redsn0w
    [2011/12/28 08:23:04 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\SumatraPDF
    [2011/12/31 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\Synaptics
    [2012/01/03 12:05:27 | 000,032,636 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
     
  11. Broni

    Broni Malware Annihilator Posts: 47,048   +255

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\users\bbailey\UserProfile\SystemBoot.lnk
    c:\users\bbailey\SoftRecovery\RegWrite.lnk
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SystemBootNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS"=-
    "RegWriteNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS"=-
    [-HKLM\~\startupfolder\C:^Users^bbailey^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RegWrite.lnk]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000000
    
    ClearJavaCache::

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
     
  12. stijpn2012

    stijpn2012 TS Rookie Topic Starter Posts: 40

    ComboFix 12-01-10.02 - bbailey 01/12/2012 3:52.5.4 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2991.1722 [GMT 9:00]
    Running from: c:\combofix\ComboFix.exe
    Command switches used :: \\rn-fs2\Users$\bbailey\Desktop\CFScript.txt
    AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\users\bbailey\SoftRecovery\RegWrite.lnk"
    "c:\users\bbailey\UserProfile\SystemBoot.lnk"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\bbailey\SoftRecovery\RegWrite.lnk
    c:\users\bbailey\UserProfile\SystemBoot.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-11 18:58 . 2012-01-11 18:58 -------- d-----w- c:\users\Radisson\AppData\Local\temp
    2012-01-11 18:58 . 2012-01-11 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-11 18:58 . 2012-01-11 18:58 -------- d-----w- c:\users\administrator\AppData\Local\temp
    2012-01-11 17:38 . 2012-01-11 17:38 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A3E672D-BABD-445D-B812-5178A4EF8919}\offreg.dll
    2012-01-11 17:17 . 2012-01-11 17:17 -------- d-----w- C:\HP_RECOVERY_mountHPSF
    2012-01-10 19:43 . 2012-01-11 18:59 -------- d-----w- c:\users\bbailey\AppData\Local\temp
    2012-01-06 23:50 . 2011-12-10 06:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-06 23:50 . 2012-01-06 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-06 21:58 . 2012-01-06 21:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-01-06 14:24 . 2012-01-06 14:24 -------- d-----w- c:\program files\iPod
    2012-01-06 14:24 . 2012-01-06 14:25 -------- d-----w- c:\program files\iTunes
    2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
    2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
    2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2012-01-06 14:20 . 2012-01-06 14:20 -------- d-----w- c:\program files\QuickTime
    2012-01-06 09:28 . 2012-01-06 09:53 -------- d-----w- c:\programdata\AVAST Software
    2012-01-06 09:28 . 2012-01-06 09:28 -------- d-----w- c:\program files\AVAST Software
    2012-01-05 23:47 . 2012-01-05 23:47 -------- d-----w- c:\users\bbailey\AppData\Roaming\GlarySoft
    2012-01-05 23:06 . 2012-01-05 23:06 -------- d-----w- c:\program files\WinASO
    2012-01-05 19:56 . 2012-01-05 19:56 -------- d-----w- c:\users\bbailey\AppData\Local\Apps
    2012-01-05 04:45 . 2012-01-05 04:45 -------- d-----w- c:\users\administrator\AppData\Local\Google
    2012-01-05 04:40 . 2012-01-05 04:40 -------- d-----w- c:\users\administrator\AppData\Roaming\hpqlog
    2012-01-05 04:39 . 2012-01-05 04:39 -------- d-----w- c:\users\administrator\AppData\Roaming\IObit
    2012-01-05 04:38 . 2012-01-05 04:38 -------- d-----w- c:\users\administrator\AppData\Roaming\Synaptics
    2012-01-05 04:30 . 2012-01-05 04:30 -------- d-----w- C:\a4a5b20479313b238579215fc2
    2012-01-02 23:43 . 2012-01-03 03:04 -------- d-----w- c:\program files\PC Tools Security
    2012-01-02 23:41 . 2012-01-02 23:52 -------- d-----w- c:\programdata\PC Tools
    2012-01-02 03:59 . 2012-01-02 04:14 -------- d-----w- c:\users\bbailey\AppData\Roaming\IObit
    2012-01-02 03:59 . 2012-01-02 03:59 -------- d-----w- c:\program files\IObit
    2012-01-02 03:35 . 2010-01-10 09:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
    2012-01-02 03:34 . 2012-01-05 04:51 -------- d-----w- c:\program files\SpywareBlaster
    2012-01-02 01:55 . 2012-01-02 01:55 -------- d-----w- c:\users\bbailey\AppData\Roaming\Malwarebytes
    2012-01-02 01:55 . 2012-01-02 01:55 -------- d-----w- c:\programdata\Malwarebytes
    2011-12-31 09:36 . 2011-12-31 09:36 -------- d-----w- c:\users\bbailey\AppData\Roaming\Synaptics
    2011-12-30 23:39 . 2012-01-10 15:53 -------- d-----w- c:\users\bbailey\AppData\Local\PokerStars
    2011-12-30 23:38 . 2012-01-09 13:58 -------- d-----w- c:\program files\PokerStars
    2011-12-30 23:02 . 2011-12-30 23:02 -------- d-----w- c:\programdata\Synaptics
    2011-12-30 23:02 . 2011-03-31 10:30 218408 ----a-w- c:\windows\system32\SynCtrl.dll
    2011-12-30 23:02 . 2011-03-31 10:32 1335472 ----a-w- c:\windows\system32\drivers\SynTP.sys
    2011-12-30 23:02 . 2011-03-31 10:30 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
    2011-12-30 23:02 . 2011-03-31 10:30 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
    2011-12-29 03:50 . 2011-12-29 03:50 -------- d-----w- c:\users\bbailey\AppData\Local\Roxio
    2011-12-28 20:05 . 2012-01-05 04:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-12-28 20:05 . 2012-01-05 04:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-12-28 19:41 . 2011-12-28 19:41 2560 ----a-w- c:\windows\_MSRSTRT.EXE
    2011-12-28 19:37 . 2011-12-28 19:37 -------- d-----w- c:\program files\Panicware
    2011-12-28 19:18 . 2011-11-29 17:21 6823496 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A3E672D-BABD-445D-B812-5178A4EF8919}\mpengine.dll
    2011-12-28 19:18 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-12-28 16:24 . 2011-12-28 16:24 -------- d-----w- c:\users\bbailey\AppData\Local\Downloaded Installations
    2011-12-28 16:22 . 2011-12-28 16:22 -------- d-----w- c:\program files\Common Files\Portrait Displays
    2011-12-28 16:21 . 2011-12-28 16:21 -------- d-----w- c:\users\bbailey\AppData\Roaming\Hewlett-Packard Company
    2011-12-28 16:18 . 2011-12-28 16:18 7435264 ----a-w- c:\windows\system32\drivers\NETwNs32.sys
    2011-12-28 16:18 . 2011-12-28 16:18 684032 ----a-w- c:\windows\system32\NETwNc32.dll
    2011-12-28 16:18 . 2011-12-28 16:18 2760704 ----a-w- c:\windows\system32\NETwNr32.dll
    2011-12-28 16:17 . 2011-12-28 16:17 -------- d-----w- c:\users\bbailey\AppData\Roaming\InstallShield
    2011-12-28 16:17 . 2011-12-28 16:17 -------- d-----w- c:\program files\Common Files\Roxio Shared
    2011-12-28 16:17 . 2011-12-28 16:17 -------- d-----w- c:\programdata\Uninstall
    2011-12-28 14:31 . 2012-01-11 17:00 -------- d-----w- c:\users\bbailey\AppData\Local\ElevatedDiagnostics
    2011-12-27 23:23 . 2011-12-27 23:23 -------- d-----w- c:\users\bbailey\AppData\Roaming\SumatraPDF
    2011-12-27 23:22 . 2011-12-27 23:22 1490 ----a-w- C:\user.js
    2011-12-27 23:22 . 2011-12-27 23:22 -------- d-----w- c:\users\bbailey\AppData\Roaming\Babylon
    2011-12-27 23:22 . 2011-12-27 23:22 -------- d-----w- c:\users\bbailey\AppData\Local\Babylon
    2011-12-27 23:22 . 2011-12-27 23:22 -------- d-----w- c:\programdata\Babylon
    2011-12-27 23:04 . 2012-01-11 18:58 -------- d--h--w- c:\users\bbailey\UserProfile
    2011-12-27 23:04 . 2012-01-11 18:58 -------- d--h--w- c:\users\bbailey\SoftRecovery
    2011-12-15 06:11 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
    2011-12-15 06:10 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-15 06:08 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-12-15 06:08 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-05 03:07 . 2011-12-05 03:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-24 09:28 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-11-16 13:32 . 2011-11-16 13:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-24 05:29 . 2011-10-24 05:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 05:29 . 2011-10-24 05:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-15 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-03 136216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-03 171032]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-03 170008]
    "IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-04-21 115560]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-01 59240]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-08-17 14904]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-07 421736]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2012-01-08 495708]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-5 795936]
    Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2011-12-31 45056]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ DPPassFilter scecli
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R1 MpKsl32e3c7cb;MpKsl32e3c7cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6839C83D-EE69-41E2-8E4C-DC7FAF42A1F5}\MpKsl32e3c7cb.sys [x]
    R1 MpKsl3dcb8ff4;MpKsl3dcb8ff4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{531D348C-33A2-48BA-9CCF-50D0BD38BBC9}\MpKsl3dcb8ff4.sys [x]
    R1 MpKsl5fad6417;MpKsl5fad6417;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A65FA436-245B-432A-A60E-5123D8B17809}\MpKsl5fad6417.sys [x]
    R1 MpKsl6a02d7a0;MpKsl6a02d7a0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6839C83D-EE69-41E2-8E4C-DC7FAF42A1F5}\MpKsl6a02d7a0.sys [x]
    R1 MpKsleba0c0bf;MpKsleba0c0bf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{39DB4C9C-805A-4EAE-AA68-B09ABDA1B971}\MpKsleba0c0bf.sys [x]
    R1 MpKsledfc84ef;MpKsledfc84ef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{972F4AEC-8798-434E-BA50-9C931C86E223}\MpKsledfc84ef.sys [x]
    R1 MpKsleee50011;MpKsleee50011;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9765E7B4-97F9-4B37-A695-C6A31DA655D1}\MpKsleee50011.sys [x]
    R1 MpKslf6bcd812;MpKslf6bcd812;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A65FA436-245B-432A-A60E-5123D8B17809}\MpKslf6bcd812.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 136176]
    R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
    R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-10-29 47616]
    R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-09-28 38912]
    R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-10-22 1639728]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 136176]
    R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2011-05-27 6758912]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-19 52224]
    S0 SafeBoot;SafeBoot; [x]
    S0 SbAlg;SbAlg; [x]
    S0 SbFsLock;SbFsLock; [x]
    S1 RsvLock;RsvLock; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2012-01-08 81920]
    S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-08-17 133176]
    S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-10-19 32768]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
    S2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984]
    S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP FastLook\HPDayStarterService.exe [2010-07-13 95800]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-05 227384]
    S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-11-11 277096]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-03-15 26168]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
    S2 rgsender;Remote Graphics Sender Service;c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2009-11-19 379904]
    S2 ScrybeUpdater;Scrybe Updater;c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-04-05 224424]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-08 106104]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-04 232960]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
    S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-12-28 7435264]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
    S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 05:39]
    .
    2012-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 05:39]
    .
    2011-12-29 c:\windows\Tasks\HPCeeScheduleForbbailey.job
    - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ninemsn.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 4.2.2.1
    DPF: {4E1318B0-53F0-4274-99FB-F5621625340D} - hxxp://rdnariw2k302/installOperaPrintCtrl.exe
    DPF: {DAAC8ECF-DB09-4821-8126-E2C9499A20BA} - hxxp://rdnariw2k302/installregterm.exe
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(644)
    c:\windows\system32\DPFPApi.DLL
    .
    Completion time: 2012-01-12 04:00:36
    ComboFix-quarantined-files.txt 2012-01-11 19:00
    ComboFix2.txt 2012-01-10 19:43
    ComboFix3.txt 2012-01-10 18:27
    .
    Pre-Run: 168,461,557,760 bytes free
    Post-Run: 168,294,821,888 bytes free
    .
    - - End Of File - - 5E4281EB1BA332D0DA9F84112C741C2C
     
  13. Broni

    Broni Malware Annihilator Posts: 47,048   +255

    Post new OTL log.
     
  14. stijpn2012

    stijpn2012 TS Rookie Topic Starter Posts: 40

    OTL logfile created on: 1/12/2012 4:38:58 AM - Run 3
    OTL by OldTimer - Version 3.2.31.0 Folder = \\rn-fs2\Users$\bbailey\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.92 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 53.47% Memory free
    5.84 Gb Paging File | 4.01 Gb Available in Paging File | 68.63% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 215.59 Gb Total Space | 156.55 Gb Free Space | 72.61% Space Free | Partition Type: NTFS
    Drive F: | 1.99 Gb Total Space | 1.53 Gb Free Space | 77.24% Space Free | Partition Type: FAT32

    Computer Name: RN-LT1 | User Name: bbailey | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/01/12 02:29:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\OTL.exe
    PRC - [2012/01/08 21:50:51 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2012/01/08 21:50:50 | 000,254,034 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
    PRC - [2012/01/08 21:50:50 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe
    PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/11/22 12:30:18 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    PRC - [2011/10/09 11:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
    PRC - [2011/08/17 14:08:20 | 000,133,176 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
    PRC - [2011/08/17 14:07:54 | 002,944,056 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
    PRC - [2011/07/05 17:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/06/24 13:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    PRC - [2011/05/27 16:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\Scrybe\scrybe.exe
    PRC - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
    PRC - [2011/02/25 14:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/10/19 12:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
    PRC - [2010/07/16 14:54:06 | 000,300,880 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
    PRC - [2010/07/13 14:00:20 | 000,095,800 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP FastLook\HPDayStarterService.exe
    PRC - [2010/04/21 12:12:36 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2010/04/21 12:12:36 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2010/04/21 12:12:34 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    PRC - [2010/04/21 12:12:34 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    PRC - [2010/04/21 12:12:32 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2010/04/06 02:41:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2010/04/06 02:40:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/11/21 07:10:06 | 000,124,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
    PRC - [2009/11/21 06:39:16 | 000,081,920 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
    PRC - [2009/11/21 06:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
    PRC - [2009/11/21 06:38:56 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
    PRC - [2009/11/20 04:01:10 | 003,788,800 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
    PRC - [2009/11/20 02:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
    PRC - [2009/11/20 02:32:12 | 000,442,368 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
    PRC - [2009/11/12 06:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
    PRC - [2009/11/12 00:42:40 | 000,277,096 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    PRC - [2009/11/05 06:46:40 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/11/05 06:46:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/11/05 06:46:30 | 001,098,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    PRC - [2009/09/05 05:43:40 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2009/09/05 05:43:38 | 002,360,608 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    PRC - [2009/09/05 05:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    PRC - [2009/08/04 05:32:22 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/01/05 14:06:43 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
    MOD - [2012/01/05 14:06:32 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
    MOD - [2011/12/29 01:21:31 | 000,092,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
    MOD - [2011/12/29 01:21:31 | 000,077,880 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
    MOD - [2011/11/28 22:51:51 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
    MOD - [2011/11/28 22:50:36 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
    MOD - [2011/11/25 17:58:35 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
    MOD - [2011/11/25 17:58:34 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
    MOD - [2011/11/25 17:58:17 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll
    MOD - [2011/11/25 17:58:17 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll
    MOD - [2011/11/25 17:58:16 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
    MOD - [2011/11/25 17:58:08 | 014,339,072 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
    MOD - [2011/11/25 17:57:50 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
    MOD - [2011/11/25 17:57:42 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
    MOD - [2011/11/25 17:57:40 | 012,234,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
    MOD - [2011/11/25 17:57:30 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
    MOD - [2011/11/25 17:57:23 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
    MOD - [2011/11/25 17:57:19 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
    MOD - [2011/11/25 17:57:14 | 007,963,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
    MOD - [2011/11/25 17:56:57 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
    MOD - [2011/09/26 22:33:02 | 000,877,112 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
    MOD - [2011/08/01 11:02:36 | 000,886,272 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.DLL
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/03/31 19:31:02 | 000,066,856 | ---- | M] () -- C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
    MOD - [2010/11/04 17:58:06 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2009/09/05 05:43:54 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
    MOD - [2009/07/25 05:10:56 | 008,024,064 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtGui4.dll
    MOD - [2009/07/25 05:10:28 | 002,199,552 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtCore4.dll
    MOD - [2009/06/11 06:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    MOD - [2008/01/10 04:10:42 | 000,159,744 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\iceutil32.dll
    MOD - [2008/01/10 04:10:00 | 000,167,936 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\icessl32.dll
    MOD - [2008/01/10 04:08:00 | 001,245,184 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\ice32.dll
    MOD - [2008/01/10 04:06:54 | 000,065,536 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\bzip2.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Running] -- -- (Hp.Skyroom.Windows.Service)
    SRV - [2012/01/08 21:50:50 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
    SRV - [2012/01/08 21:50:50 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)
    SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/08/17 14:08:20 | 000,133,176 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
    SRV - [2011/07/05 17:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
    SRV - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
    SRV - [2010/10/19 12:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
    SRV - [2010/07/16 14:54:06 | 000,300,880 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
    SRV - [2010/07/13 14:00:20 | 000,095,800 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP FastLook\HPDayStarterService.exe -- (HPDayStarterService)
    SRV - [2010/04/21 12:12:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2010/04/21 12:12:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2010/04/21 12:12:34 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2010/04/21 12:12:34 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
    SRV - [2010/04/21 12:12:32 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2010/04/06 02:40:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2009/11/20 02:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe -- (rgsender)
    SRV - [2009/11/12 00:42:40 | 000,277,096 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
    SRV - [2009/11/05 06:46:40 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2009/11/05 06:46:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2009/10/22 10:30:46 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
    SRV - [2009/09/05 05:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV - [2009/08/04 05:32:22 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2009/07/14 10:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/14 10:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 10:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/14 10:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)


    ========== Driver Services (SafeList) ==========

    DRV - [2012/01/08 21:50:51 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2011/12/29 01:18:36 | 007,435,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel(R)
    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/11/08 18:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011/11/08 18:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/10/18 07:09:40 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120111.002\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/10/18 07:09:40 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120111.002\NAVENG.SYS -- (NAVENG)
    DRV - [2011/05/27 16:07:50 | 006,758,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
    DRV - [2011/03/15 17:17:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
    DRV - [2011/03/15 17:17:20 | 000,026,168 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
    DRV - [2011/02/25 13:50:52 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/11/20 04:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
    DRV - [2010/11/20 04:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
    DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 02:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
    DRV - [2010/11/20 02:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
    DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
    DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
    DRV - [2010/06/03 16:55:50 | 001,763,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV - [2010/04/21 12:12:38 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
    DRV - [2010/04/21 12:12:36 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2010/04/21 12:12:36 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2010/04/21 12:12:36 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2010/04/21 12:12:34 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
    DRV - [2010/04/21 12:12:34 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
    DRV - [2010/04/21 12:12:30 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2010/04/21 12:12:30 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2010/04/21 12:12:30 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2010/04/06 00:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel(R)
    DRV - [2010/02/27 22:01:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
    DRV - [2010/02/04 12:06:36 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV - [2009/11/12 00:43:00 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
    DRV - [2009/11/12 00:42:52 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
    DRV - [2009/11/12 00:42:50 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
    DRV - [2009/11/12 00:42:48 | 000,110,520 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
    DRV - [2009/10/29 09:55:00 | 000,047,616 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\risdpe86.sys -- (risdpcie)
    DRV - [2009/10/27 06:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rimspe86.sys -- (rimspci)
    DRV - [2009/09/29 06:47:00 | 000,038,912 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rixdpe86.sys -- (rixdpcie)
    DRV - [2009/09/18 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
    DRV - [2009/08/04 05:32:22 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009/07/21 07:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
    DRV - [2009/07/14 08:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/14 08:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
    DRV - [2009/07/14 08:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
    DRV - [2009/06/26 08:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2009/06/26 08:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rixdptsk.sys -- (rismxdp)
    DRV - [2009/06/26 08:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rimsptsk.sys -- (rimsptsk)
    DRV - [2009/04/29 23:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com/
    IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/12/29 01:13:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor


    O1 HOSTS File: ([2012/01/12 03:58:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
    O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games – Matchmaking)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab (WebGameLoader Class)
    O16 - DPF: {4E1318B0-53F0-4274-99FB-F5621625340D} http://rdnariw2k302/installOperaPrintCtrl.exe (OperaPrintControl Object)
    O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} http://zone.msn.com/bingame/amad/default/atomaders.cab (AtlAtomadersCtlAttrib Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab (MSN Games – Hearts)
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab (MSN Games – Texas Holdem Poker)
    O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {DAAC8ECF-DB09-4821-8126-E2C9499A20BA} http://rdnariw2k302/installregterm.exe (RegTerminalSrv Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 4.2.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = radisson.local
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F839DFF8-444A-4499-9279-19F3E7C857C4}: DhcpNameServer = 4.2.2.1
    O18 - Protocol\Handler\dssrequest - No CLSID value found
    O18 - Protocol\Handler\sacore - No CLSID value found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
  15. stijpn2012

    stijpn2012 TS Rookie Topic Starter Posts: 40

    ========== Files - Modified Within 30 Days ==========

    [2012/01/12 04:15:26 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/01/12 04:15:26 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/01/12 04:09:06 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/01/12 04:07:59 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
    [2012/01/12 04:07:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/01/12 04:07:29 | 2352,513,024 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/12 04:03:00 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/01/12 03:58:50 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
    [2012/01/12 02:29:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\OTL.exe
    [2012/01/11 04:13:54 | 004,376,389 | R--- | M] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix.exe
    [2012/01/11 03:58:50 | 004,377,322 | ---- | M] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe
    [2012/01/11 03:57:40 | 000,000,000 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe.6o5k40p.partial
    [2012/01/11 02:55:15 | 000,055,214 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\bootkit_remover.zip
    [2012/01/10 08:22:05 | 000,000,512 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\MBR.dat
    [2012/01/10 08:10:31 | 004,713,472 | ---- | M] (AVAST Software) -- \\rn-fs2\Users$\bbailey\Desktop\aswMBR.exe
    [2012/01/10 07:47:56 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- \\rn-fs2\Users$\bbailey\Desktop\tdsskiller.exe
    [2012/01/10 07:46:59 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
    [2012/01/10 07:46:47 | 000,661,410 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2012/01/10 07:46:47 | 000,121,296 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2012/01/10 01:05:38 | 585,239,942 | ---- | M] () -- C:\windows\MEMORY.DMP
    [2012/01/08 21:50:51 | 001,953,792 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stlang.dll
    [2012/01/08 21:50:51 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\windows\sttray.exe
    [2012/01/08 21:50:51 | 000,431,616 | ---- | M] (IDT, Inc.) -- C:\windows\System32\drivers\stwrt.sys
    [2012/01/08 21:50:50 | 012,705,884 | ---- | M] (IDT, Inc.) -- C:\windows\System32\idtcpl.cpl
    [2012/01/08 21:50:50 | 000,934,912 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stapo.dll
    [2012/01/08 21:50:50 | 000,531,968 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stapi32.dll
    [2012/01/08 21:50:50 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stcplx.dll
    [2012/01/08 21:50:50 | 000,179,712 | ---- | M] (IDT, Inc.) -- C:\windows\System32\staco.dll
    [2012/01/07 12:49:25 | 000,294,216 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\gmer.zip
    [2012/01/07 12:36:15 | 000,607,260 | R--- | M] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\dds.scr
    [2012/01/07 08:50:11 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/06 23:25:09 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/01/06 23:20:37 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/01/06 23:19:01 | 000,002,503 | ---- | M] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2012/01/06 23:19:01 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
    [2012/01/06 18:28:46 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
    [2012/01/06 02:58:59 | 000,001,047 | ---- | M] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
    [2012/01/06 02:58:59 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk
    [2012/01/05 13:16:35 | 000,007,426 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012/01/03 08:47:22 | 001,541,924 | ---- | M] () -- C:\windows\System32\drivers\Cat.DB
    [2011/12/31 08:02:40 | 000,002,669 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
    [2011/12/29 20:00:25 | 000,000,328 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForbbailey.job
    [2011/12/29 04:41:27 | 000,002,560 | ---- | M] () -- C:\windows\_MSRSTRT.EXE
    [2011/12/29 02:48:36 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/12/29 01:21:30 | 000,000,178 | ---- | M] () -- C:\windows\System32\HPPA.ini
    [2011/12/28 08:22:57 | 000,001,490 | ---- | M] () -- C:\user.js
    [2011/12/15 15:24:49 | 000,408,488 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2012/01/11 03:57:40 | 000,000,000 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe.6o5k40p.partial
    [2012/01/11 03:12:17 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2012/01/11 03:12:17 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2012/01/11 03:12:17 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2012/01/11 03:12:17 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2012/01/11 03:12:17 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2012/01/10 08:25:55 | 000,055,214 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\bootkit_remover.zip
    [2012/01/10 08:22:05 | 000,000,512 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\MBR.dat
    [2012/01/07 12:49:47 | 000,294,216 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\gmer.zip
    [2012/01/07 08:50:11 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/06 23:25:09 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/01/06 23:20:37 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/01/05 23:21:47 | 000,001,047 | ---- | C] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
    [2012/01/05 23:21:47 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.lnk
    [2012/01/03 08:44:52 | 001,541,924 | ---- | C] () -- C:\windows\System32\drivers\Cat.DB
    [2011/12/31 08:02:40 | 000,002,669 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
    [2011/12/31 04:48:57 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
    [2011/12/29 04:41:26 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
    [2011/12/29 01:15:40 | 000,001,641 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDT HD Audio.lnk
    [2011/12/28 08:22:55 | 000,001,490 | ---- | C] () -- C:\user.js
    [2011/11/24 18:06:02 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
    [2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign
    [2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign
    [2011/02/25 13:20:37 | 000,000,085 | ---- | C] () -- C:\windows\TermReg.ini
    [2011/02/25 13:13:52 | 000,007,426 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/01/03 21:55:50 | 001,763,968 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
    [2011/01/03 21:55:50 | 000,033,280 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
    [2011/01/03 21:55:50 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
    [2011/01/03 21:55:50 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
    [2010/09/15 14:04:14 | 000,000,178 | ---- | C] () -- C:\windows\System32\HPPA.ini
    [2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPSCEL.dll.hpsign
    [2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApi.dll.hpsign
    [2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPClback.dll.hpsign
    [2010/07/15 16:01:46 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApiUI.dll.hpsign
    [2010/06/03 15:05:28 | 000,127,868 | ---- | C] () -- C:\windows\System32\igcompkrng575.bin
    [2010/06/03 15:05:26 | 000,104,636 | ---- | C] () -- C:\windows\System32\igfcg575m.bin
    [2010/06/03 15:05:24 | 000,870,560 | ---- | C] () -- C:\windows\System32\igkrng575.bin
    [2010/06/03 14:19:12 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
    [2010/06/03 14:15:30 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
    [2010/06/03 14:15:28 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
    [2009/11/12 00:42:48 | 000,110,520 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
    [2009/10/23 01:56:00 | 000,000,256 | ---- | C] () -- C:\windows\System32\vcsAPIShared.dll.hpsign
    [2009/07/14 13:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
    [2009/07/14 13:33:53 | 000,408,488 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
    [2009/07/14 11:05:48 | 000,661,410 | ---- | C] () -- C:\windows\System32\perfh009.dat
    [2009/07/14 11:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
    [2009/07/14 11:05:48 | 000,121,296 | ---- | C] () -- C:\windows\System32\perfc009.dat
    [2009/07/14 11:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
    [2009/07/14 11:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
    [2009/07/14 11:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
    [2009/07/14 08:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
    [2009/07/14 08:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
    [2009/07/14 08:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
    [2009/07/14 07:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
    [2009/07/14 07:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
    [2009/07/14 07:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
    [2009/07/14 07:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
    [2009/06/11 06:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

    ========== LOP Check ==========

    [2011/12/28 08:22:49 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\Babylon
    [2011/09/27 10:20:18 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\DigitalPersona
    [2012/01/06 08:47:14 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\GlarySoft
    [2012/01/02 13:14:39 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\IObit
    [2011/10/01 16:57:06 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\redsn0w
    [2011/12/28 08:23:04 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\SumatraPDF
    [2011/12/31 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\Synaptics
    [2012/01/03 12:05:27 | 000,032,636 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
     
  16. Broni

    Broni Malware Annihilator Posts: 47,048   +255

    Looks good :)

    Any current issues?

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  17. stijpn2012

    stijpn2012 TS Rookie Topic Starter Posts: 40

    Was looking good but after the last reboot the pop up ad was back :(

    Results of screen317's Security Check version 0.99.24
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Symantec Endpoint Protection
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 29
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    ``````````End of Log````````````

    Farbar Service Scanner
    Ran by bbailey (administrator) on 12-01-2012 at 04:56:42
    Microsoft Windows 7 Professional Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.

    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\windows\system32\nsisvc.dll => MD5 is legit
    C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\windows\system32\dhcpcore.dll => MD5 is legit
    C:\windows\system32\Drivers\afd.sys => MD5 is legit
    C:\windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\windows\system32\dnsrslvr.dll => MD5 is legit
    C:\windows\system32\mpssvc.dll => MD5 is legit
    C:\windows\system32\bfe.dll => MD5 is legit
    C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\windows\system32\SDRSVC.dll => MD5 is legit
    C:\windows\system32\vssvc.exe => MD5 is legit
    C:\windows\system32\wscsvc.dll => MD5 is legit
    C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\windows\system32\wuaueng.dll => MD5 is legit
    C:\windows\system32\qmgr.dll => MD5 is legit
    C:\windows\system32\es.dll => MD5 is legit
    C:\windows\system32\cryptsvc.dll => MD5 is legit
    C:\windows\system32\svchost.exe => MD5 is legit
    C:\windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****

    No threats found on the Eset Scan
     
  18. Broni

    Broni Malware Annihilator Posts: 47,048   +255

    Post new OTL log.
     
  19. stijpn2012

    stijpn2012 TS Rookie Topic Starter Posts: 40

    OTL logfile created on: 1/12/2012 7:06:55 AM - Run 4
    OTL by OldTimer - Version 3.2.31.0 Folder = \\rn-fs2\Users$\bbailey\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.92 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 51.85% Memory free
    5.84 Gb Paging File | 4.00 Gb Available in Paging File | 68.47% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 215.59 Gb Total Space | 156.35 Gb Free Space | 72.52% Space Free | Partition Type: NTFS
    Drive F: | 1.99 Gb Total Space | 1.53 Gb Free Space | 77.24% Space Free | Partition Type: FAT32

    Computer Name: RN-LT1 | User Name: bbailey | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/01/12 02:29:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\OTL.exe
    PRC - [2012/01/08 21:50:51 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2012/01/08 21:50:50 | 000,254,034 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
    PRC - [2012/01/08 21:50:50 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe
    PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/11/22 12:30:18 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    PRC - [2011/08/17 14:08:20 | 000,133,176 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
    PRC - [2011/08/17 14:07:54 | 002,944,056 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
    PRC - [2011/07/05 17:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/06/24 13:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    PRC - [2011/05/27 16:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\Scrybe\scrybe.exe
    PRC - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
    PRC - [2011/02/25 14:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/10/19 12:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
    PRC - [2010/07/16 14:54:06 | 000,300,880 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
    PRC - [2010/07/13 14:00:20 | 000,095,800 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP FastLook\HPDayStarterService.exe
    PRC - [2010/04/21 12:12:36 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2010/04/21 12:12:36 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2010/04/21 12:12:34 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    PRC - [2010/04/21 12:12:34 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    PRC - [2010/04/21 12:12:32 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2010/04/06 02:41:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2010/04/06 02:40:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/11/21 07:10:06 | 000,124,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
    PRC - [2009/11/21 06:39:16 | 000,081,920 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
    PRC - [2009/11/21 06:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
    PRC - [2009/11/21 06:38:56 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
    PRC - [2009/11/20 04:01:10 | 003,788,800 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
    PRC - [2009/11/20 02:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
    PRC - [2009/11/20 02:32:12 | 000,442,368 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
    PRC - [2009/11/12 06:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
    PRC - [2009/11/12 00:42:40 | 000,277,096 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    PRC - [2009/11/05 06:46:40 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/11/05 06:46:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/11/05 06:46:30 | 001,098,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    PRC - [2009/09/05 05:43:40 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2009/09/05 05:43:38 | 002,360,608 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    PRC - [2009/09/05 05:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    PRC - [2009/08/04 05:32:22 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/01/05 14:06:43 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
    MOD - [2012/01/05 14:06:32 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
    MOD - [2011/12/29 01:21:31 | 000,092,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
    MOD - [2011/12/29 01:21:31 | 000,077,880 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
    MOD - [2011/11/28 22:51:51 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
    MOD - [2011/11/28 22:50:36 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
    MOD - [2011/11/25 17:58:35 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
    MOD - [2011/11/25 17:58:34 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
    MOD - [2011/11/25 17:58:17 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll
    MOD - [2011/11/25 17:58:17 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll
    MOD - [2011/11/25 17:58:16 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
    MOD - [2011/11/25 17:58:08 | 014,339,072 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
    MOD - [2011/11/25 17:57:50 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
    MOD - [2011/11/25 17:57:42 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
    MOD - [2011/11/25 17:57:40 | 012,234,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
    MOD - [2011/11/25 17:57:30 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
    MOD - [2011/11/25 17:57:23 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
    MOD - [2011/11/25 17:57:19 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
    MOD - [2011/11/25 17:57:14 | 007,963,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
    MOD - [2011/11/25 17:56:57 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
    MOD - [2011/09/26 22:33:02 | 000,877,112 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
    MOD - [2011/08/01 11:02:36 | 000,886,272 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.DLL
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/03/31 19:31:02 | 000,066,856 | ---- | M] () -- C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
    MOD - [2010/11/04 17:58:06 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2009/09/05 05:43:54 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
    MOD - [2009/07/25 05:10:56 | 008,024,064 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtGui4.dll
    MOD - [2009/07/25 05:10:28 | 002,199,552 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtCore4.dll
    MOD - [2009/06/11 06:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    MOD - [2008/01/10 04:10:42 | 000,159,744 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\iceutil32.dll
    MOD - [2008/01/10 04:10:00 | 000,167,936 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\icessl32.dll
    MOD - [2008/01/10 04:08:00 | 001,245,184 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\ice32.dll
    MOD - [2008/01/10 04:06:54 | 000,065,536 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\bzip2.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Running] -- -- (Hp.Skyroom.Windows.Service)
    SRV - [2012/01/08 21:50:50 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
    SRV - [2012/01/08 21:50:50 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)
    SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/08/17 14:08:20 | 000,133,176 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
    SRV - [2011/07/05 17:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
    SRV - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
    SRV - [2010/10/19 12:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
    SRV - [2010/07/16 14:54:06 | 000,300,880 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
    SRV - [2010/07/13 14:00:20 | 000,095,800 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP FastLook\HPDayStarterService.exe -- (HPDayStarterService)
    SRV - [2010/04/21 12:12:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2010/04/21 12:12:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2010/04/21 12:12:34 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2010/04/21 12:12:34 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
    SRV - [2010/04/21 12:12:32 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2010/04/06 02:40:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2009/11/20 02:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe -- (rgsender)
    SRV - [2009/11/12 00:42:40 | 000,277,096 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
    SRV - [2009/11/05 06:46:40 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2009/11/05 06:46:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2009/10/22 10:30:46 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
    SRV - [2009/09/05 05:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV - [2009/08/04 05:32:22 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2009/07/14 10:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/14 10:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 10:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/14 10:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)


    ========== Driver Services (SafeList) ==========

    DRV - [2012/01/08 21:50:51 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2011/12/29 01:18:36 | 007,435,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel(R)
    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/11/08 18:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011/11/08 18:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/10/18 07:09:40 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120111.002\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/10/18 07:09:40 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120111.002\NAVENG.SYS -- (NAVENG)
    DRV - [2011/05/27 16:07:50 | 006,758,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
    DRV - [2011/03/15 17:17:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
    DRV - [2011/03/15 17:17:20 | 000,026,168 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
    DRV - [2011/02/25 13:50:52 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/11/20 04:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
    DRV - [2010/11/20 04:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
    DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 02:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
    DRV - [2010/11/20 02:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
    DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
    DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
    DRV - [2010/06/03 16:55:50 | 001,763,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV - [2010/04/21 12:12:38 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
    DRV - [2010/04/21 12:12:36 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2010/04/21 12:12:36 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2010/04/21 12:12:36 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2010/04/21 12:12:34 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
    DRV - [2010/04/21 12:12:34 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
    DRV - [2010/04/21 12:12:30 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2010/04/21 12:12:30 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2010/04/21 12:12:30 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2010/04/06 00:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel(R)
    DRV - [2010/02/27 22:01:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
    DRV - [2010/02/04 12:06:36 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV - [2009/11/12 00:43:00 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
    DRV - [2009/11/12 00:42:52 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
    DRV - [2009/11/12 00:42:50 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
    DRV - [2009/11/12 00:42:48 | 000,110,520 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
    DRV - [2009/10/29 09:55:00 | 000,047,616 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\risdpe86.sys -- (risdpcie)
    DRV - [2009/10/27 06:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rimspe86.sys -- (rimspci)
    DRV - [2009/09/29 06:47:00 | 000,038,912 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rixdpe86.sys -- (rixdpcie)
    DRV - [2009/09/18 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
    DRV - [2009/08/04 05:32:22 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009/07/21 07:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
    DRV - [2009/07/14 08:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/14 08:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
    DRV - [2009/07/14 08:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
    DRV - [2009/06/26 08:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2009/06/26 08:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rixdptsk.sys -- (rismxdp)
    DRV - [2009/06/26 08:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rimsptsk.sys -- (rimsptsk)
    DRV - [2009/04/29 23:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com/
    IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/12/29 01:13:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor


    O1 HOSTS File: ([2012/01/12 03:58:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
    O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - HKCU..\Run: [RegWriteNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS] C:\Users\bbailey\SoftRecovery\RegWrite.lnk ()
    O4 - HKCU..\Run: [SystemBootNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS] C:\Users\bbailey\UserProfile\SystemBoot.lnk ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games – Matchmaking)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab (WebGameLoader Class)
    O16 - DPF: {4E1318B0-53F0-4274-99FB-F5621625340D} http://rdnariw2k302/installOperaPrintCtrl.exe (OperaPrintControl Object)
    O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} http://zone.msn.com/bingame/amad/default/atomaders.cab (AtlAtomadersCtlAttrib Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab (MSN Games – Hearts)
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab (MSN Games – Texas Holdem Poker)
    O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {DAAC8ECF-DB09-4821-8126-E2C9499A20BA} http://rdnariw2k302/installregterm.exe (RegTerminalSrv Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 4.2.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = radisson.local
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F839DFF8-444A-4499-9279-19F3E7C857C4}: DhcpNameServer = 4.2.2.1
    O18 - Protocol\Handler\dssrequest - No CLSID value found
    O18 - Protocol\Handler\sacore - No CLSID value found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
  20. stijpn2012

    stijpn2012 TS Rookie Topic Starter Posts: 40

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/12 05:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/01/12 04:58:34 | 000,446,464 | ---- | C] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\TFC.exe
    [2012/01/12 04:00:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/01/12 04:00:43 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2012/01/12 02:30:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\OTL.exe
    [2012/01/12 02:17:04 | 000,000,000 | ---D | C] -- C:\HP_RECOVERY_mountHPSF
    [2012/01/11 04:43:46 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\temp
    [2012/01/11 04:13:22 | 004,376,389 | R--- | C] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix.exe
    [2012/01/11 03:58:06 | 004,377,322 | ---- | C] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe
    [2012/01/11 03:12:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2012/01/11 03:12:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2012/01/11 03:12:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2012/01/11 03:11:29 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/10 08:09:58 | 004,713,472 | ---- | C] (AVAST Software) -- \\rn-fs2\Users$\bbailey\Desktop\aswMBR.exe
    [2012/01/10 07:48:03 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- \\rn-fs2\Users$\bbailey\Desktop\tdsskiller.exe
    [2012/01/08 21:52:05 | 012,705,884 | ---- | C] (IDT, Inc.) -- C:\windows\System32\idtcpl.cpl
    [2012/01/08 21:52:05 | 001,953,792 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stlang.dll
    [2012/01/08 21:52:05 | 000,495,708 | ---- | C] (IDT, Inc.) -- C:\windows\sttray.exe
    [2012/01/08 21:52:00 | 000,179,712 | ---- | C] (IDT, Inc.) -- C:\windows\System32\staco.dll
    [2012/01/08 21:51:20 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\windows\System32\drivers\stwrt.sys
    [2012/01/08 21:51:18 | 000,934,912 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stapo.dll
    [2012/01/08 21:51:18 | 000,531,968 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stapi32.dll
    [2012/01/08 21:51:18 | 000,405,504 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stcplx.dll
    [2012/01/08 21:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
    [2012/01/07 12:53:14 | 000,000,000 | ---D | C] -- \\rn-fs2\Users$\bbailey\Desktop\gmer
    [2012/01/07 12:37:53 | 000,607,260 | R--- | C] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\dds.scr
    [2012/01/07 08:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/07 08:50:02 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
    [2012/01/07 08:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/01/07 07:24:43 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
    [2012/01/07 06:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/01/06 23:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/01/06 23:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/01/06 23:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/01/06 23:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012/01/06 23:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2012/01/06 18:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/01/06 18:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/01/06 08:47:14 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\GlarySoft
    [2012/01/06 08:32:20 | 000,000,000 | ---D | C] -- C:\windows\pss
    [2012/01/06 08:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\WinASO
    [2012/01/06 04:56:33 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Apps
    [2012/01/05 23:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
    [2012/01/05 13:30:31 | 000,000,000 | ---D | C] -- C:\a4a5b20479313b238579215fc2
    [2012/01/03 08:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
    [2012/01/03 08:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2012/01/02 12:59:38 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\IObit
    [2012/01/02 12:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
    [2012/01/02 12:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
    [2012/01/02 10:55:44 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Malwarebytes
    [2012/01/02 10:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/12/31 18:36:11 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Synaptics
    [2011/12/31 08:39:52 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\PokerStars
    [2011/12/31 08:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
    [2011/12/31 08:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrybe
    [2011/12/31 08:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
    [2011/12/31 08:02:27 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\windows\System32\SynTPCo9.dll
    [2011/12/29 13:39:41 | 000,000,000 | ---D | C] -- \\rn-fs2\Users$\bbailey\My Documents\Outlook Files
    [2011/12/29 12:50:18 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Roxio
    [2011/12/29 05:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/12/29 05:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/12/29 04:57:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Trend Micro
    [2011/12/29 04:57:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Panicware
    [2011/12/29 04:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panicware
    [2011/12/29 04:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Panicware
    [2011/12/29 01:24:22 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Downloaded Installations
    [2011/12/29 01:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Portrait Displays
    [2011/12/29 01:21:13 | 000,000,000 | ---D | C] -- \\rn-fs2\Users$\bbailey\Desktop\RT
    [2011/12/29 01:21:09 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Hewlett-Packard Company
    [2011/12/29 01:17:31 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\InstallShield
    [2011/12/29 01:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
    [2011/12/29 01:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall
    [2011/12/29 01:13:52 | 000,000,000 | R--D | C] -- C:\Users\bbailey\Pictures
    [2011/12/29 01:13:52 | 000,000,000 | R--D | C] -- C:\Users\bbailey\Desktop
    [2011/12/29 01:13:52 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Programs
    [2011/12/29 01:13:51 | 000,000,000 | R--D | C] -- C:\Users\bbailey\Videos
    [2011/12/29 01:13:51 | 000,000,000 | R--D | C] -- C:\Users\bbailey\Music
    [2011/12/29 01:13:38 | 000,000,000 | ---D | C] -- C:\windows\DPDrv
    [2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\zh-Hant
    [2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\zh-Hans
    [2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\ja
    [2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\it
    [2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\fr
    [2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\es
    [2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\de
    [2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\cs
    [2011/12/28 23:31:05 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\ElevatedDiagnostics
    [2011/12/28 08:23:04 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\SumatraPDF
    [2011/12/28 08:22:49 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Babylon
    [2011/12/28 08:22:49 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Babylon
    [2011/12/28 08:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2011/12/28 08:22:48 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Reader
    [2011/12/28 08:04:58 | 000,000,000 | -H-D | C] -- C:\Users\bbailey\UserProfile
    [2011/12/28 08:04:58 | 000,000,000 | -H-D | C] -- C:\Users\bbailey\SoftRecovery
    [2011/12/15 15:11:07 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/01/03 21:55:50 | 000,255,360 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
    [2011/01/03 21:55:50 | 000,211,840 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
    [2010/06/03 14:21:18 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/01/12 07:03:05 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/01/12 05:09:14 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/01/12 05:09:14 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/01/12 05:02:44 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/01/12 05:01:42 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
    [2012/01/12 05:01:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/01/12 05:01:19 | 2352,513,024 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/12 04:58:15 | 000,446,464 | ---- | M] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\TFC.exe
    [2012/01/12 04:51:47 | 000,869,194 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\SecurityCheck.exe
    [2012/01/12 03:58:50 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
    [2012/01/12 02:29:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\OTL.exe
    [2012/01/11 04:13:54 | 004,376,389 | R--- | M] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix.exe
    [2012/01/11 03:58:50 | 004,377,322 | ---- | M] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe
    [2012/01/11 03:57:40 | 000,000,000 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe.6o5k40p.partial
    [2012/01/11 02:55:15 | 000,055,214 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\bootkit_remover.zip
    [2012/01/10 08:22:05 | 000,000,512 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\MBR.dat
    [2012/01/10 08:10:31 | 004,713,472 | ---- | M] (AVAST Software) -- \\rn-fs2\Users$\bbailey\Desktop\aswMBR.exe
    [2012/01/10 07:47:56 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- \\rn-fs2\Users$\bbailey\Desktop\tdsskiller.exe
    [2012/01/10 07:46:59 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
    [2012/01/10 07:46:47 | 000,661,410 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2012/01/10 07:46:47 | 000,121,296 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2012/01/10 01:05:38 | 585,239,942 | ---- | M] () -- C:\windows\MEMORY.DMP
    [2012/01/08 21:50:51 | 001,953,792 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stlang.dll
    [2012/01/08 21:50:51 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\windows\sttray.exe
    [2012/01/08 21:50:51 | 000,431,616 | ---- | M] (IDT, Inc.) -- C:\windows\System32\drivers\stwrt.sys
    [2012/01/08 21:50:50 | 012,705,884 | ---- | M] (IDT, Inc.) -- C:\windows\System32\idtcpl.cpl
    [2012/01/08 21:50:50 | 000,934,912 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stapo.dll
    [2012/01/08 21:50:50 | 000,531,968 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stapi32.dll
    [2012/01/08 21:50:50 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stcplx.dll
    [2012/01/08 21:50:50 | 000,179,712 | ---- | M] (IDT, Inc.) -- C:\windows\System32\staco.dll
    [2012/01/07 12:49:25 | 000,294,216 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\gmer.zip
    [2012/01/07 12:36:15 | 000,607,260 | R--- | M] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\dds.scr
    [2012/01/07 08:50:11 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/06 23:25:09 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/01/06 23:20:37 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/01/06 23:19:01 | 000,002,503 | ---- | M] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2012/01/06 23:19:01 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
    [2012/01/06 18:28:46 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
    [2012/01/06 02:58:59 | 000,001,047 | ---- | M] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
    [2012/01/06 02:58:59 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk
    [2012/01/05 13:16:35 | 000,007,426 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012/01/03 08:47:22 | 001,541,924 | ---- | M] () -- C:\windows\System32\drivers\Cat.DB
    [2011/12/31 08:02:40 | 000,002,669 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
    [2011/12/29 20:00:25 | 000,000,328 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForbbailey.job
    [2011/12/29 04:41:27 | 000,002,560 | ---- | M] () -- C:\windows\_MSRSTRT.EXE
    [2011/12/29 02:48:36 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/12/29 01:21:30 | 000,000,178 | ---- | M] () -- C:\windows\System32\HPPA.ini
    [2011/12/28 08:22:57 | 000,001,490 | ---- | M] () -- C:\user.js
    [2011/12/15 15:24:49 | 000,408,488 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2012/01/12 04:51:50 | 000,869,194 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\SecurityCheck.exe
    [2012/01/11 03:57:40 | 000,000,000 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe.6o5k40p.partial
    [2012/01/11 03:12:17 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2012/01/11 03:12:17 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2012/01/11 03:12:17 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2012/01/11 03:12:17 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2012/01/11 03:12:17 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2012/01/10 08:25:55 | 000,055,214 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\bootkit_remover.zip
    [2012/01/10 08:22:05 | 000,000,512 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\MBR.dat
    [2012/01/07 12:49:47 | 000,294,216 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\gmer.zip
    [2012/01/07 08:50:11 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/06 23:25:09 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/01/06 23:20:37 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/01/05 23:21:47 | 000,001,047 | ---- | C] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
    [2012/01/05 23:21:47 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.lnk
    [2012/01/03 08:44:52 | 001,541,924 | ---- | C] () -- C:\windows\System32\drivers\Cat.DB
    [2011/12/31 08:02:40 | 000,002,669 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
    [2011/12/31 04:48:57 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
    [2011/12/29 04:41:26 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
    [2011/12/29 01:15:40 | 000,001,641 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDT HD Audio.lnk
    [2011/12/28 08:22:55 | 000,001,490 | ---- | C] () -- C:\user.js
    [2011/11/24 18:06:02 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
    [2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign
    [2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign
    [2011/02/25 13:20:37 | 000,000,085 | ---- | C] () -- C:\windows\TermReg.ini
    [2011/02/25 13:13:52 | 000,007,426 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/01/03 21:55:50 | 001,763,968 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
    [2011/01/03 21:55:50 | 000,033,280 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
    [2011/01/03 21:55:50 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
    [2011/01/03 21:55:50 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
    [2010/09/15 14:04:14 | 000,000,178 | ---- | C] () -- C:\windows\System32\HPPA.ini
    [2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPSCEL.dll.hpsign
    [2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApi.dll.hpsign
    [2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPClback.dll.hpsign
    [2010/07/15 16:01:46 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApiUI.dll.hpsign
    [2010/06/03 15:05:28 | 000,127,868 | ---- | C] () -- C:\windows\System32\igcompkrng575.bin
    [2010/06/03 15:05:26 | 000,104,636 | ---- | C] () -- C:\windows\System32\igfcg575m.bin
    [2010/06/03 15:05:24 | 000,870,560 | ---- | C] () -- C:\windows\System32\igkrng575.bin
    [2010/06/03 14:19:12 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
    [2010/06/03 14:15:30 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
    [2010/06/03 14:15:28 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
    [2009/11/12 00:42:48 | 000,110,520 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
    [2009/10/23 01:56:00 | 000,000,256 | ---- | C] () -- C:\windows\System32\vcsAPIShared.dll.hpsign
    [2009/07/14 13:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
    [2009/07/14 13:33:53 | 000,408,488 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
    [2009/07/14 11:05:48 | 000,661,410 | ---- | C] () -- C:\windows\System32\perfh009.dat
    [2009/07/14 11:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
    [2009/07/14 11:05:48 | 000,121,296 | ---- | C] () -- C:\windows\System32\perfc009.dat
    [2009/07/14 11:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
    [2009/07/14 11:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
    [2009/07/14 11:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
    [2009/07/14 08:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
    [2009/07/14 08:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
    [2009/07/14 08:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
    [2009/07/14 07:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
    [2009/07/14 07:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
    [2009/07/14 07:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
    [2009/07/14 07:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
    [2009/06/11 06:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

    ========== LOP Check ==========

    [2011/12/28 08:22:49 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\Babylon
    [2011/09/27 10:20:18 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\DigitalPersona
    [2012/01/06 08:47:14 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\GlarySoft
    [2012/01/02 13:14:39 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\IObit
    [2011/10/01 16:57:06 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\redsn0w
    [2011/12/28 08:23:04 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\SumatraPDF
    [2011/12/31 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\Synaptics
    [2012/01/03 12:05:27 | 000,032,636 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
     
  21. Broni

    Broni Malware Annihilator Posts: 47,048   +255

    Yeah, those entries are getting recreated....

    Please download and run ListParts by Farbar

    Please download and run ListParts64 by Farbar

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
     
  22. stijpn2012

    stijpn2012 TS Rookie Topic Starter Posts: 40

    here's the first log. The second scan wouldn't won't said i have to check if 64 or 32 bit. I'm on 32 bit right?

    ListParts by Farbar
    Ran by bbailey on 12-01-2012 at 07:30:31
    Windows 7 (X86)
    Running From: C:\Users\bbailey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0BKU2F8
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 49%
    Total physical RAM: 2991.38 MB
    Available physical RAM: 1513.06 MB
    Total Pagefile: 5981.04 MB
    Available Pagefile: 4001.11 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1956.19 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:215.59 GB) (Free:156.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.53 GB) FAT32

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 232 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 300 MB 1024 KB
    Partition 2 Primary 215 GB 301 MB
    Partition 3 Primary 15 GB 215 GB
    Partition 4 Primary 2043 MB 230 GB

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 SYSTEM NTFS Partition 300 MB Healthy System (partition with boot components)

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 215 GB Healthy Boot

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 HP_RECOVERY NTFS Partition 15 GB Healthy

    Disk: 0
    Partition 4
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F HP_TOOLS FAT32 Partition 2043 MB Healthy



    ****** End Of Log ******
     
  23. stijpn2012

    stijpn2012 TS Rookie Topic Starter Posts: 40

    sorry typo meant it said it wouldn't work as 64 bit
     
  24. Broni

    Broni Malware Annihilator Posts: 47,048   +255

    Sorry about it .
    Yes you're on 32-bit system.

    It looks good.

    Delete your Combofix file, download new one and post its log.
     
  25. stijpn2012

    stijpn2012 TS Rookie Topic Starter Posts: 40

    ComboFix 12-01-10.02 - bbailey 01/12/2012 7:49.6.4 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2991.1588 [GMT 9:00]
    Running from: c:\combofix\ComboFix.exe
    AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-11 22:55 . 2012-01-11 22:55 -------- d-----w- c:\users\Radisson\AppData\Local\temp
    2012-01-11 22:55 . 2012-01-11 22:55 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-11 22:55 . 2012-01-11 22:55 -------- d-----w- c:\users\administrator\AppData\Local\temp
    2012-01-11 20:07 . 2012-01-11 20:07 -------- d-----w- c:\program files\ESET
    2012-01-11 20:02 . 2012-01-11 20:02 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A3E672D-BABD-445D-B812-5178A4EF8919}\offreg.dll
    2012-01-11 17:17 . 2012-01-11 17:17 -------- d-----w- C:\HP_RECOVERY_mountHPSF
    2012-01-10 19:43 . 2012-01-11 22:55 -------- d-----w- c:\users\bbailey\AppData\Local\temp
    2012-01-06 23:50 . 2011-12-10 06:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-06 23:50 . 2012-01-06 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-06 21:58 . 2012-01-06 21:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-01-06 14:24 . 2012-01-06 14:24 -------- d-----w- c:\program files\iPod
    2012-01-06 14:24 . 2012-01-06 14:25 -------- d-----w- c:\program files\iTunes
    2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
    2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
    2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2012-01-06 14:20 . 2012-01-06 14:20 -------- d-----w- c:\program files\QuickTime
    2012-01-06 09:28 . 2012-01-06 09:53 -------- d-----w- c:\programdata\AVAST Software
    2012-01-06 09:28 . 2012-01-06 09:28 -------- d-----w- c:\program files\AVAST Software
    2012-01-05 23:47 . 2012-01-05 23:47 -------- d-----w- c:\users\bbailey\AppData\Roaming\GlarySoft
    2012-01-05 23:06 . 2012-01-05 23:06 -------- d-----w- c:\program files\WinASO
    2012-01-05 19:56 . 2012-01-05 19:56 -------- d-----w- c:\users\bbailey\AppData\Local\Apps
    2012-01-05 04:45 . 2012-01-05 04:45 -------- d-----w- c:\users\administrator\AppData\Local\Google
    2012-01-05 04:40 . 2012-01-05 04:40 -------- d-----w- c:\users\administrator\AppData\Roaming\hpqlog
    2012-01-05 04:39 . 2012-01-05 04:39 -------- d-----w- c:\users\administrator\AppData\Roaming\IObit
    2012-01-05 04:38 . 2012-01-05 04:38 -------- d-----w- c:\users\administrator\AppData\Roaming\Synaptics
    2012-01-05 04:30 . 2012-01-05 04:30 -------- d-----w- C:\a4a5b20479313b238579215fc2
    2012-01-02 23:43 . 2012-01-03 03:04 -------- d-----w- c:\program files\PC Tools Security
    2012-01-02 23:41 . 2012-01-02 23:52 -------- d-----w- c:\programdata\PC Tools
    2012-01-02 03:59 . 2012-01-02 04:14 -------- d-----w- c:\users\bbailey\AppData\Roaming\IObit
    2012-01-02 03:59 . 2012-01-02 03:59 -------- d-----w- c:\program files\IObit
    2012-01-02 03:35 . 2010-01-10 09:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
    2012-01-02 03:34 . 2012-01-05 04:51 -------- d-----w- c:\program files\SpywareBlaster
    2012-01-02 01:55 . 2012-01-02 01:55 -------- d-----w- c:\users\bbailey\AppData\Roaming\Malwarebytes
    2012-01-02 01:55 . 2012-01-02 01:55 -------- d-----w- c:\programdata\Malwarebytes
    2011-12-31 09:36 . 2011-12-31 09:36 -------- d-----w- c:\users\bbailey\AppData\Roaming\Synaptics
    2011-12-30 23:39 . 2012-01-11 21:29 -------- d-----w- c:\users\bbailey\AppData\Local\PokerStars
    2011-12-30 23:38 . 2012-01-09 13:58 -------- d-----w- c:\program files\PokerStars
    2011-12-30 23:02 . 2011-12-30 23:02 -------- d-----w- c:\programdata\Synaptics
    2011-12-30 23:02 . 2011-03-31 10:30 218408 ----a-w- c:\windows\system32\SynCtrl.dll
    2011-12-30 23:02 . 2011-03-31 10:32 1335472 ----a-w- c:\windows\system32\drivers\SynTP.sys
    2011-12-30 23:02 . 2011-03-31 10:30 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
    2011-12-30 23:02 . 2011-03-31 10:30 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
    2011-12-29 03:50 . 2011-12-29 03:50 -------- d-----w- c:\users\bbailey\AppData\Local\Roxio
    2011-12-28 20:05 . 2012-01-05 04:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-12-28 20:05 . 2012-01-05 04:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-12-28 19:41 . 2011-12-28 19:41 2560 ----a-w- c:\windows\_MSRSTRT.EXE
    2011-12-28 19:37 . 2011-12-28 19:37 -------- d-----w- c:\program files\Panicware
    2011-12-28 19:18 . 2011-11-29 17:21 6823496 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A3E672D-BABD-445D-B812-5178A4EF8919}\mpengine.dll
    2011-12-28 19:18 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-12-28 16:24 . 2011-12-28 16:24 -------- d-----w- c:\users\bbailey\AppData\Local\Downloaded Installations
    2011-12-28 16:22 . 2011-12-28 16:22 -------- d-----w- c:\program files\Common Files\Portrait Displays
    2011-12-28 16:21 . 2011-12-28 16:21 -------- d-----w- c:\users\bbailey\AppData\Roaming\Hewlett-Packard Company
    2011-12-28 16:18 . 2011-12-28 16:18 7435264 ----a-w- c:\windows\system32\drivers\NETwNs32.sys
    2011-12-28 16:18 . 2011-12-28 16:18 684032 ----a-w- c:\windows\system32\NETwNc32.dll
    2011-12-28 16:18 . 2011-12-28 16:18 2760704 ----a-w- c:\windows\system32\NETwNr32.dll
    2011-12-28 16:17 . 2011-12-28 16:17 -------- d-----w- c:\users\bbailey\AppData\Roaming\InstallShield
    2011-12-28 16:17 . 2011-12-28 16:17 -------- d-----w- c:\program files\Common Files\Roxio Shared
    2011-12-28 16:17 . 2011-12-28 16:17 -------- d-----w- c:\programdata\Uninstall
    2011-12-28 14:31 . 2012-01-11 17:00 -------- d-----w- c:\users\bbailey\AppData\Local\ElevatedDiagnostics
    2011-12-27 23:23 . 2011-12-27 23:23 -------- d-----w- c:\users\bbailey\AppData\Roaming\SumatraPDF
    2011-12-27 23:22 . 2011-12-27 23:22 1490 ----a-w- C:\user.js
    2011-12-27 23:22 . 2011-12-27 23:22 -------- d-----w- c:\users\bbailey\AppData\Roaming\Babylon
    2011-12-27 23:22 . 2011-12-27 23:22 -------- d-----w- c:\users\bbailey\AppData\Local\Babylon
    2011-12-27 23:22 . 2011-12-27 23:22 -------- d-----w- c:\programdata\Babylon
    2011-12-27 23:04 . 2012-01-11 19:53 -------- d--h--w- c:\users\bbailey\UserProfile
    2011-12-27 23:04 . 2012-01-11 19:53 -------- d--h--w- c:\users\bbailey\SoftRecovery
    2011-12-15 06:11 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
    2011-12-15 06:10 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-15 06:08 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-12-15 06:08 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-05 03:07 . 2011-12-05 03:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-24 09:28 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-11-16 13:32 . 2011-11-16 13:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-24 05:29 . 2011-10-24 05:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 05:29 . 2011-10-24 05:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-15 39408]
    "SystemBootNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS"="c:\users\bbailey\UserProfile\SystemBoot.lnk" [2012-01-11 882]
    "RegWriteNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS"="c:\users\bbailey\SoftRecovery\RegWrite.lnk" [2012-01-11 990]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-03 136216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-03 171032]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-03 170008]
    "IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-04-21 115560]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-01 59240]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-08-17 14904]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-07 421736]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2012-01-08 495708]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-5 795936]
    Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2011-12-31 45056]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ DPPassFilter scecli
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R1 MpKsl32e3c7cb;MpKsl32e3c7cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6839C83D-EE69-41E2-8E4C-DC7FAF42A1F5}\MpKsl32e3c7cb.sys [x]
    R1 MpKsl3dcb8ff4;MpKsl3dcb8ff4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{531D348C-33A2-48BA-9CCF-50D0BD38BBC9}\MpKsl3dcb8ff4.sys [x]
    R1 MpKsl5fad6417;MpKsl5fad6417;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A65FA436-245B-432A-A60E-5123D8B17809}\MpKsl5fad6417.sys [x]
    R1 MpKsl6a02d7a0;MpKsl6a02d7a0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6839C83D-EE69-41E2-8E4C-DC7FAF42A1F5}\MpKsl6a02d7a0.sys [x]
    R1 MpKsleba0c0bf;MpKsleba0c0bf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{39DB4C9C-805A-4EAE-AA68-B09ABDA1B971}\MpKsleba0c0bf.sys [x]
    R1 MpKsledfc84ef;MpKsledfc84ef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{972F4AEC-8798-434E-BA50-9C931C86E223}\MpKsledfc84ef.sys [x]
    R1 MpKsleee50011;MpKsleee50011;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9765E7B4-97F9-4B37-A695-C6A31DA655D1}\MpKsleee50011.sys [x]
    R1 MpKslf6bcd812;MpKslf6bcd812;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A65FA436-245B-432A-A60E-5123D8B17809}\MpKslf6bcd812.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 136176]
    R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
    R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-10-29 47616]
    R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-09-28 38912]
    R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-10-22 1639728]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 136176]
    R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2011-05-27 6758912]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-19 52224]
    S0 SafeBoot;SafeBoot; [x]
    S0 SbAlg;SbAlg; [x]
    S0 SbFsLock;SbFsLock; [x]
    S1 RsvLock;RsvLock; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2012-01-08 81920]
    S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-08-17 133176]
    S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-10-19 32768]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
    S2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984]
    S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP FastLook\HPDayStarterService.exe [2010-07-13 95800]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-05 227384]
    S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-11-11 277096]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-03-15 26168]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
    S2 rgsender;Remote Graphics Sender Service;c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2009-11-19 379904]
    S2 ScrybeUpdater;Scrybe Updater;c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-04-05 224424]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-08 106104]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-04 232960]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
    S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-12-28 7435264]
    S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 05:39]
    .
    2012-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 05:39]
    .
    2011-12-29 c:\windows\Tasks\HPCeeScheduleForbbailey.job
    - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ninemsn.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 4.2.2.1
    DPF: {4E1318B0-53F0-4274-99FB-F5621625340D} - hxxp://rdnariw2k302/installOperaPrintCtrl.exe
    DPF: {DAAC8ECF-DB09-4821-8126-E2C9499A20BA} - hxxp://rdnariw2k302/installregterm.exe
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(640)
    c:\windows\system32\DPFPApi.DLL
    .
    - - - - - - - > 'Explorer.exe'(6988)
    c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
    .
    Completion time: 2012-01-12 07:57:32
    ComboFix-quarantined-files.txt 2012-01-11 22:57
    ComboFix2.txt 2012-01-11 19:00
    ComboFix3.txt 2012-01-10 19:43
    ComboFix4.txt 2012-01-10 18:27
    .
    Pre-Run: 167,618,416,640 bytes free
    Post-Run: 167,575,613,440 bytes free
    .
    - - End Of File - - E8FD0A572E5B30B6233D93B4C2B83962
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.