Inactive Malware virus won't remove

[stijpn2012]

No browser open. It appears on the desktop screen lower right hand

 

[Broni]

You have some McAfee leftovers.
Run this tool to remove them: http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html

Then....

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKU\S-1-5-21-4127392227-4110423628-1724150597-1392\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
  O4 - HKU\S-1-5-21-4127392227-4110423628-1724150597-1392..\Run: [RegWriteNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS] C:\Users\bbailey\SoftRecovery\RegWrite.lnk ()
  O4 - HKU\S-1-5-21-4127392227-4110423628-1724150597-1392..\Run: [SystemBootNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS] C:\Users\bbailey\UserProfile\SystemBoot.lnk ()
  O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
  @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2CFBE2D1
  @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
  @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5C321E34
  
  :Files
  C:\Users\bbailey\SoftRecovery\RegWrite.lnk
  C:\Users\bbailey\UserProfile\SystemBoot.lnk
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.

 

[stijpn2012]

I got a "Error creating log file" message after running the OTL scan.

Pressed ok and then PC rebooted

After logging back in Notepad came up but with the same error creating log file message then another error message "network path not found"

The notepad remained empty

 

[Broni]

Run the fix from safe mode.

 

[stijpn2012]

Same error message running in safe mode

 

[Broni]

Delete your OTL file, download fresh one and try the fix from safe mode again.

 

[stijpn2012]

Deleted file, downloaded again, ran in safe mode again, but same error message

Also some good news the advertising pop up wasn't there when i started up my PC just FYI

 

[Broni]

Good news

Run OTL 'Quick scan" (no custom script) and post new log.

 

[stijpn2012]

========== Processes (SafeList) ==========

PRC - [2012/01/12 02:29:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\OTL.exe
PRC - [2012/01/08 21:50:51 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2012/01/08 21:50:50 | 000,254,034 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2012/01/08 21:50:50 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/22 12:30:18 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/08/17 14:08:20 | 000,133,176 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
PRC - [2011/08/17 14:07:54 | 002,944,056 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
PRC - [2011/07/05 17:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/06/24 13:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
PRC - [2011/05/27 16:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\Scrybe\scrybe.exe
PRC - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011/02/25 14:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/19 12:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2010/07/16 14:54:06 | 000,300,880 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
PRC - [2010/07/13 14:00:20 | 000,095,800 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP FastLook\HPDayStarterService.exe
PRC - [2010/04/21 12:12:36 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/04/21 12:12:36 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/04/21 12:12:34 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/04/21 12:12:34 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/04/21 12:12:32 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/04/06 02:41:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2010/04/06 02:40:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/11/21 07:10:06 | 000,124,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
PRC - [2009/11/21 06:39:16 | 000,081,920 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
PRC - [2009/11/21 06:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
PRC - [2009/11/21 06:38:56 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
PRC - [2009/11/20 04:01:10 | 003,788,800 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
PRC - [2009/11/20 02:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
PRC - [2009/11/20 02:32:12 | 000,442,368 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
PRC - [2009/11/12 06:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/11/12 00:42:40 | 000,277,096 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009/11/05 06:46:40 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/05 06:46:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/11/05 06:46:30 | 001,098,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
PRC - [2009/09/05 05:43:40 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/09/05 05:43:38 | 002,360,608 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/09/05 05:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/08/04 05:32:22 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/05 14:06:43 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2012/01/05 14:06:32 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/12/29 01:21:31 | 000,092,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
MOD - [2011/12/29 01:21:31 | 000,077,880 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
MOD - [2011/11/28 22:51:51 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2011/11/28 22:50:36 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011/11/25 17:58:35 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/11/25 17:58:34 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
MOD - [2011/11/25 17:58:17 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll
MOD - [2011/11/25 17:58:17 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll
MOD - [2011/11/25 17:58:16 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011/11/25 17:58:08 | 014,339,072 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/11/25 17:57:50 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/11/25 17:57:42 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/11/25 17:57:40 | 012,234,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/11/25 17:57:30 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/11/25 17:57:23 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/11/25 17:57:19 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/11/25 17:57:14 | 007,963,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/11/25 17:56:57 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/26 22:33:02 | 000,877,112 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2011/08/01 11:02:36 | 000,886,272 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.DLL
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/31 19:31:02 | 000,066,856 | ---- | M] () -- C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2010/11/04 17:58:06 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/09/05 05:43:54 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/07/25 05:10:56 | 008,024,064 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtGui4.dll
MOD - [2009/07/25 05:10:28 | 002,199,552 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtCore4.dll
MOD - [2009/06/11 06:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008/01/10 04:10:42 | 000,159,744 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\iceutil32.dll
MOD - [2008/01/10 04:10:00 | 000,167,936 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\icessl32.dll
MOD - [2008/01/10 04:08:00 | 001,245,184 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\ice32.dll
MOD - [2008/01/10 04:06:54 | 000,065,536 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\bzip2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (Hp.Skyroom.Windows.Service)
SRV - [2012/01/08 21:50:50 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2012/01/08 21:50:50 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/17 14:08:20 | 000,133,176 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV - [2011/07/05 17:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2010/10/19 12:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2010/07/16 14:54:06 | 000,300,880 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV - [2010/07/13 14:00:20 | 000,095,800 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP FastLook\HPDayStarterService.exe -- (HPDayStarterService)
SRV - [2010/04/21 12:12:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/04/21 12:12:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/04/21 12:12:34 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/04/21 12:12:34 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/04/21 12:12:32 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/04/06 02:40:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/11/20 02:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe -- (rgsender)
SRV - [2009/11/12 00:42:40 | 000,277,096 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2009/11/05 06:46:40 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/05 06:46:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/22 10:30:46 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2009/09/05 05:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/08/04 05:32:22 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/07/14 10:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 10:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 10:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 10:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - [2012/01/08 21:50:51 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2011/12/29 01:18:36 | 007,435,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel(R)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/08 18:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/08 18:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/18 07:09:40 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120111.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/18 07:09:40 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120111.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/27 16:07:50 | 006,758,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2011/03/15 17:17:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2011/03/15 17:17:20 | 000,026,168 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2011/02/25 13:50:52 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/11/20 04:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 04:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 02:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/06/03 16:55:50 | 001,763,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2010/04/21 12:12:38 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2010/04/21 12:12:36 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/04/21 12:12:36 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/04/21 12:12:36 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/04/21 12:12:34 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2010/04/21 12:12:34 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2010/04/21 12:12:30 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/04/21 12:12:30 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/21 12:12:30 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2010/04/06 00:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel(R)
DRV - [2010/02/27 22:01:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/04 12:06:36 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2009/11/12 00:43:00 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2009/11/12 00:42:52 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2009/11/12 00:42:50 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2009/11/12 00:42:48 | 000,110,520 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009/10/29 09:55:00 | 000,047,616 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\risdpe86.sys -- (risdpcie)
DRV - [2009/10/27 06:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rimspe86.sys -- (rimspci)
DRV - [2009/09/29 06:47:00 | 000,038,912 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rixdpe86.sys -- (rixdpcie)
DRV - [2009/09/18 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/08/04 05:32:22 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/21 07:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
DRV - [2009/07/14 08:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 08:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 08:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/06/26 08:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/26 08:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/26 08:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rimsptsk.sys -- (rimsptsk)
DRV - [2009/04/29 23:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/12/29 01:13:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor


O1 HOSTS File: ([2012/01/11 04:42:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [RegWriteNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS] C:\Users\bbailey\SoftRecovery\RegWrite.lnk ()
O4 - HKCU..\Run: [SystemBootNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS] C:\Users\bbailey\UserProfile\SystemBoot.lnk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games – Matchmaking)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab (WebGameLoader Class)
O16 - DPF: {4E1318B0-53F0-4274-99FB-F5621625340D} http://rdnariw2k302/installOperaPrintCtrl.exe (OperaPrintControl Object)
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} http://zone.msn.com/bingame/amad/default/atomaders.cab (AtlAtomadersCtlAttrib Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAAC8ECF-DB09-4821-8126-E2C9499A20BA} http://rdnariw2k302/installregterm.exe (RegTerminalSrv Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = radisson.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F839DFF8-444A-4499-9279-19F3E7C857C4}: DhcpNameServer = 4.2.2.1
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/12 02:30:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\OTL.exe
[2012/01/12 02:17:04 | 000,000,000 | ---D | C] -- C:\HP_RECOVERY_mountHPSF
[2012/01/11 04:43:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/11 04:43:46 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\temp
[2012/01/11 04:13:22 | 004,376,389 | R--- | C] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix.exe
[2012/01/11 03:58:06 | 004,377,322 | ---- | C] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe
[2012/01/11 03:27:08 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/01/11 03:12:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/01/11 03:12:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/01/11 03:12:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/01/11 03:11:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/10 08:09:58 | 004,713,472 | ---- | C] (AVAST Software) -- \\rn-fs2\Users$\bbailey\Desktop\aswMBR.exe
[2012/01/10 07:48:03 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- \\rn-fs2\Users$\bbailey\Desktop\tdsskiller.exe
[2012/01/08 21:52:05 | 012,705,884 | ---- | C] (IDT, Inc.) -- C:\windows\System32\idtcpl.cpl
[2012/01/08 21:52:05 | 001,953,792 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stlang.dll
[2012/01/08 21:52:05 | 000,495,708 | ---- | C] (IDT, Inc.) -- C:\windows\sttray.exe
[2012/01/08 21:52:00 | 000,179,712 | ---- | C] (IDT, Inc.) -- C:\windows\System32\staco.dll
[2012/01/08 21:51:20 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\windows\System32\drivers\stwrt.sys
[2012/01/08 21:51:18 | 000,934,912 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stapo.dll
[2012/01/08 21:51:18 | 000,531,968 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stapi32.dll
[2012/01/08 21:51:18 | 000,405,504 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stcplx.dll
[2012/01/08 21:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2012/01/07 12:53:14 | 000,000,000 | ---D | C] -- \\rn-fs2\Users$\bbailey\Desktop\gmer
[2012/01/07 12:37:53 | 000,607,260 | R--- | C] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\dds.scr
[2012/01/07 08:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/07 08:50:02 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/01/07 08:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/07 07:24:43 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/01/07 06:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/01/06 23:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/06 23:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/06 23:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/06 23:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/01/06 23:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/01/06 18:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/06 18:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/06 08:47:14 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\GlarySoft
[2012/01/06 08:32:20 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/01/06 08:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\WinASO
[2012/01/06 04:56:33 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Apps
[2012/01/05 23:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
[2012/01/05 13:30:31 | 000,000,000 | ---D | C] -- C:\a4a5b20479313b238579215fc2
[2012/01/03 08:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2012/01/03 08:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/02 12:59:38 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\IObit
[2012/01/02 12:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/01/02 12:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/01/02 10:55:44 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Malwarebytes
[2012/01/02 10:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/31 18:36:11 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Synaptics
[2011/12/31 08:39:52 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\PokerStars
[2011/12/31 08:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2011/12/31 08:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrybe
[2011/12/31 08:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2011/12/31 08:02:27 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\windows\System32\SynTPCo9.dll
[2011/12/29 13:39:41 | 000,000,000 | ---D | C] -- \\rn-fs2\Users$\bbailey\My Documents\Outlook Files
[2011/12/29 12:50:18 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Roxio
[2011/12/29 05:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/29 05:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/12/29 04:57:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Trend Micro
[2011/12/29 04:57:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Panicware
[2011/12/29 04:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panicware
[2011/12/29 04:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Panicware
[2011/12/29 01:24:22 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Downloaded Installations
[2011/12/29 01:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Portrait Displays
[2011/12/29 01:21:13 | 000,000,000 | ---D | C] -- \\rn-fs2\Users$\bbailey\Desktop\RT
[2011/12/29 01:21:09 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Hewlett-Packard Company
[2011/12/29 01:17:31 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\InstallShield
[2011/12/29 01:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2011/12/29 01:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall
[2011/12/29 01:13:52 | 000,000,000 | R--D | C] -- C:\Users\bbailey\Pictures
[2011/12/29 01:13:52 | 000,000,000 | R--D | C] -- C:\Users\bbailey\Desktop
[2011/12/29 01:13:52 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Programs
[2011/12/29 01:13:51 | 000,000,000 | R--D | C] -- C:\Users\bbailey\Videos
[2011/12/29 01:13:51 | 000,000,000 | R--D | C] -- C:\Users\bbailey\Music
[2011/12/29 01:13:38 | 000,000,000 | ---D | C] -- C:\windows\DPDrv
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\zh-Hant
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\zh-Hans
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\ja
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\it
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\fr
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\es
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\de
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\cs
[2011/12/28 23:31:05 | 000,000,000 | ---D | C] --

 

[stijpn2012]

========== Files - Modified Within 30 Days ==========

[2012/01/12 02:45:54 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/12 02:45:54 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/12 02:39:23 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/12 02:38:25 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012/01/12 02:38:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/12 02:37:58 | 2352,513,024 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/12 02:29:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\OTL.exe
[2012/01/12 02:03:03 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/11 04:42:10 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/01/11 04:13:54 | 004,376,389 | R--- | M] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix.exe
[2012/01/11 03:58:50 | 004,377,322 | ---- | M] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe
[2012/01/11 03:57:40 | 000,000,000 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe.6o5k40p.partial
[2012/01/11 02:55:15 | 000,055,214 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\bootkit_remover.zip
[2012/01/10 08:22:05 | 000,000,512 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\MBR.dat
[2012/01/10 08:10:31 | 004,713,472 | ---- | M] (AVAST Software) -- \\rn-fs2\Users$\bbailey\Desktop\aswMBR.exe
[2012/01/10 07:47:56 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- \\rn-fs2\Users$\bbailey\Desktop\tdsskiller.exe
[2012/01/10 07:46:59 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/01/10 07:46:47 | 000,661,410 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/01/10 07:46:47 | 000,121,296 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/01/10 01:05:38 | 585,239,942 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/01/08 21:50:51 | 001,953,792 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stlang.dll
[2012/01/08 21:50:51 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\windows\sttray.exe
[2012/01/08 21:50:51 | 000,431,616 | ---- | M] (IDT, Inc.) -- C:\windows\System32\drivers\stwrt.sys
[2012/01/08 21:50:50 | 012,705,884 | ---- | M] (IDT, Inc.) -- C:\windows\System32\idtcpl.cpl
[2012/01/08 21:50:50 | 000,934,912 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stapo.dll
[2012/01/08 21:50:50 | 000,531,968 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stapi32.dll
[2012/01/08 21:50:50 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stcplx.dll
[2012/01/08 21:50:50 | 000,179,712 | ---- | M] (IDT, Inc.) -- C:\windows\System32\staco.dll
[2012/01/07 12:49:25 | 000,294,216 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\gmer.zip
[2012/01/07 12:36:15 | 000,607,260 | R--- | M] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\dds.scr
[2012/01/07 08:50:11 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/06 23:25:09 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/06 23:20:37 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/06 23:19:01 | 000,002,503 | ---- | M] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/01/06 23:19:01 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/01/06 18:28:46 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2012/01/06 02:58:59 | 000,001,047 | ---- | M] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
[2012/01/06 02:58:59 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2012/01/05 13:16:35 | 000,007,426 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/01/03 08:47:22 | 001,541,924 | ---- | M] () -- C:\windows\System32\drivers\Cat.DB
[2011/12/31 08:02:40 | 000,002,669 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
[2011/12/29 20:00:25 | 000,000,328 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForbbailey.job
[2011/12/29 04:41:27 | 000,002,560 | ---- | M] () -- C:\windows\_MSRSTRT.EXE
[2011/12/29 02:48:36 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/29 01:21:30 | 000,000,178 | ---- | M] () -- C:\windows\System32\HPPA.ini
[2011/12/28 08:22:57 | 000,001,490 | ---- | M] () -- C:\user.js
[2011/12/15 15:24:49 | 000,408,488 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/01/11 03:57:40 | 000,000,000 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe.6o5k40p.partial
[2012/01/11 03:12:17 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/01/11 03:12:17 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/01/11 03:12:17 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/01/11 03:12:17 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/01/11 03:12:17 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/01/10 08:25:55 | 000,055,214 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\bootkit_remover.zip
[2012/01/10 08:22:05 | 000,000,512 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\MBR.dat
[2012/01/07 12:49:47 | 000,294,216 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\gmer.zip
[2012/01/07 08:50:11 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/06 23:25:09 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/06 23:20:37 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/05 23:21:47 | 000,001,047 | ---- | C] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
[2012/01/05 23:21:47 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2012/01/03 08:44:52 | 001,541,924 | ---- | C] () -- C:\windows\System32\drivers\Cat.DB
[2011/12/31 08:02:40 | 000,002,669 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
[2011/12/31 04:48:57 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2011/12/29 04:41:26 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
[2011/12/29 01:15:40 | 000,001,641 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDT HD Audio.lnk
[2011/12/28 08:22:55 | 000,001,490 | ---- | C] () -- C:\user.js
[2011/11/24 18:06:02 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign
[2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign
[2011/02/25 13:20:37 | 000,000,085 | ---- | C] () -- C:\windows\TermReg.ini
[2011/02/25 13:13:52 | 000,007,426 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/03 21:55:50 | 001,763,968 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2011/01/03 21:55:50 | 000,033,280 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2011/01/03 21:55:50 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2011/01/03 21:55:50 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010/09/15 14:04:14 | 000,000,178 | ---- | C] () -- C:\windows\System32\HPPA.ini
[2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPSCEL.dll.hpsign
[2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApi.dll.hpsign
[2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPClback.dll.hpsign
[2010/07/15 16:01:46 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApiUI.dll.hpsign
[2010/06/03 15:05:28 | 000,127,868 | ---- | C] () -- C:\windows\System32\igcompkrng575.bin
[2010/06/03 15:05:26 | 000,104,636 | ---- | C] () -- C:\windows\System32\igfcg575m.bin
[2010/06/03 15:05:24 | 000,870,560 | ---- | C] () -- C:\windows\System32\igkrng575.bin
[2010/06/03 14:19:12 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2010/06/03 14:15:30 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2010/06/03 14:15:28 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
[2009/11/12 00:42:48 | 000,110,520 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2009/10/23 01:56:00 | 000,000,256 | ---- | C] () -- C:\windows\System32\vcsAPIShared.dll.hpsign
[2009/07/14 13:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 13:33:53 | 000,408,488 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 11:05:48 | 000,661,410 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 11:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 11:05:48 | 000,121,296 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 11:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 11:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 11:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 08:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 08:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 08:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 07:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 07:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 07:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 07:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/11 06:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

========== LOP Check ==========

[2011/12/28 08:22:49 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\Babylon
[2011/09/27 10:20:18 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\DigitalPersona
[2012/01/06 08:47:14 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\GlarySoft
[2012/01/02 13:14:39 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\IObit
[2011/10/01 16:57:06 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\redsn0w
[2011/12/28 08:23:04 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\SumatraPDF
[2011/12/31 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\Synaptics
[2012/01/03 12:05:27 | 000,032,636 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

 

[Broni]

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\users\bbailey\UserProfile\SystemBoot.lnk
c:\users\bbailey\SoftRecovery\RegWrite.lnk

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemBootNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS"=-
"RegWriteNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS"=-
[-HKLM\~\startupfolder\C:^Users^bbailey^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RegWrite.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[stijpn2012]

ComboFix 12-01-10.02 - bbailey 01/12/2012 3:52.5.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2991.1722 [GMT 9:00]
Running from: c:\combofix\ComboFix.exe
Command switches used :: \\rn-fs2\Users$\bbailey\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\bbailey\SoftRecovery\RegWrite.lnk"
"c:\users\bbailey\UserProfile\SystemBoot.lnk"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\bbailey\SoftRecovery\RegWrite.lnk
c:\users\bbailey\UserProfile\SystemBoot.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 )))))))))))))))))))))))))))))))
.
.
2012-01-11 18:58 . 2012-01-11 18:58 -------- d-----w- c:\users\Radisson\AppData\Local\temp
2012-01-11 18:58 . 2012-01-11 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-11 18:58 . 2012-01-11 18:58 -------- d-----w- c:\users\administrator\AppData\Local\temp
2012-01-11 17:38 . 2012-01-11 17:38 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A3E672D-BABD-445D-B812-5178A4EF8919}\offreg.dll
2012-01-11 17:17 . 2012-01-11 17:17 -------- d-----w- C:\HP_RECOVERY_mountHPSF
2012-01-10 19:43 . 2012-01-11 18:59 -------- d-----w- c:\users\bbailey\AppData\Local\temp
2012-01-06 23:50 . 2011-12-10 06:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-06 23:50 . 2012-01-06 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-06 21:58 . 2012-01-06 21:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-06 14:24 . 2012-01-06 14:24 -------- d-----w- c:\program files\iPod
2012-01-06 14:24 . 2012-01-06 14:25 -------- d-----w- c:\program files\iTunes
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-01-06 14:20 . 2012-01-06 14:20 -------- d-----w- c:\program files\QuickTime
2012-01-06 09:28 . 2012-01-06 09:53 -------- d-----w- c:\programdata\AVAST Software
2012-01-06 09:28 . 2012-01-06 09:28 -------- d-----w- c:\program files\AVAST Software
2012-01-05 23:47 . 2012-01-05 23:47 -------- d-----w- c:\users\bbailey\AppData\Roaming\GlarySoft
2012-01-05 23:06 . 2012-01-05 23:06 -------- d-----w- c:\program files\WinASO
2012-01-05 19:56 . 2012-01-05 19:56 -------- d-----w- c:\users\bbailey\AppData\Local\Apps
2012-01-05 04:45 . 2012-01-05 04:45 -------- d-----w- c:\users\administrator\AppData\Local\Google
2012-01-05 04:40 . 2012-01-05 04:40 -------- d-----w- c:\users\administrator\AppData\Roaming\hpqlog
2012-01-05 04:39 . 2012-01-05 04:39 -------- d-----w- c:\users\administrator\AppData\Roaming\IObit
2012-01-05 04:38 . 2012-01-05 04:38 -------- d-----w- c:\users\administrator\AppData\Roaming\Synaptics
2012-01-05 04:30 . 2012-01-05 04:30 -------- d-----w- C:\a4a5b20479313b238579215fc2
2012-01-02 23:43 . 2012-01-03 03:04 -------- d-----w- c:\program files\PC Tools Security
2012-01-02 23:41 . 2012-01-02 23:52 -------- d-----w- c:\programdata\PC Tools
2012-01-02 03:59 . 2012-01-02 04:14 -------- d-----w- c:\users\bbailey\AppData\Roaming\IObit
2012-01-02 03:59 . 2012-01-02 03:59 -------- d-----w- c:\program files\IObit
2012-01-02 03:35 . 2010-01-10 09:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-01-02 03:34 . 2012-01-05 04:51 -------- d-----w- c:\program files\SpywareBlaster
2012-01-02 01:55 . 2012-01-02 01:55 -------- d-----w- c:\users\bbailey\AppData\Roaming\Malwarebytes
2012-01-02 01:55 . 2012-01-02 01:55 -------- d-----w- c:\programdata\Malwarebytes
2011-12-31 09:36 . 2011-12-31 09:36 -------- d-----w- c:\users\bbailey\AppData\Roaming\Synaptics
2011-12-30 23:39 . 2012-01-10 15:53 -------- d-----w- c:\users\bbailey\AppData\Local\PokerStars
2011-12-30 23:38 . 2012-01-09 13:58 -------- d-----w- c:\program files\PokerStars
2011-12-30 23:02 . 2011-12-30 23:02 -------- d-----w- c:\programdata\Synaptics
2011-12-30 23:02 . 2011-03-31 10:30 218408 ----a-w- c:\windows\system32\SynCtrl.dll
2011-12-30 23:02 . 2011-03-31 10:32 1335472 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-12-30 23:02 . 2011-03-31 10:30 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-12-30 23:02 . 2011-03-31 10:30 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
2011-12-29 03:50 . 2011-12-29 03:50 -------- d-----w- c:\users\bbailey\AppData\Local\Roxio
2011-12-28 20:05 . 2012-01-05 04:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-28 20:05 . 2012-01-05 04:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-28 19:41 . 2011-12-28 19:41 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-12-28 19:37 . 2011-12-28 19:37 -------- d-----w- c:\program files\Panicware
2011-12-28 19:18 . 2011-11-29 17:21 6823496 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A3E672D-BABD-445D-B812-5178A4EF8919}\mpengine.dll
2011-12-28 19:18 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-28 16:24 . 2011-12-28 16:24 -------- d-----w- c:\users\bbailey\AppData\Local\Downloaded Installations
2011-12-28 16:22 . 2011-12-28 16:22 -------- d-----w- c:\program files\Common Files\Portrait Displays
2011-12-28 16:21 . 2011-12-28 16:21 -------- d-----w- c:\users\bbailey\AppData\Roaming\Hewlett-Packard Company
2011-12-28 16:18 . 2011-12-28 16:18 7435264 ----a-w- c:\windows\system32\drivers\NETwNs32.sys
2011-12-28 16:18 . 2011-12-28 16:18 684032 ----a-w- c:\windows\system32\NETwNc32.dll
2011-12-28 16:18 . 2011-12-28 16:18 2760704 ----a-w- c:\windows\system32\NETwNr32.dll
2011-12-28 16:17 . 2011-12-28 16:17 -------- d-----w- c:\users\bbailey\AppData\Roaming\InstallShield
2011-12-28 16:17 . 2011-12-28 16:17 -------- d-----w- c:\program files\Common Files\Roxio Shared
2011-12-28 16:17 . 2011-12-28 16:17 -------- d-----w- c:\programdata\Uninstall
2011-12-28 14:31 . 2012-01-11 17:00 -------- d-----w- c:\users\bbailey\AppData\Local\ElevatedDiagnostics
2011-12-27 23:23 . 2011-12-27 23:23 -------- d-----w- c:\users\bbailey\AppData\Roaming\SumatraPDF
2011-12-27 23:22 . 2011-12-27 23:22 1490 ----a-w- C:\user.js
2011-12-27 23:22 . 2011-12-27 23:22 -------- d-----w- c:\users\bbailey\AppData\Roaming\Babylon
2011-12-27 23:22 . 2011-12-27 23:22 -------- d-----w- c:\users\bbailey\AppData\Local\Babylon
2011-12-27 23:22 . 2011-12-27 23:22 -------- d-----w- c:\programdata\Babylon
2011-12-27 23:04 . 2012-01-11 18:58 -------- d--h--w- c:\users\bbailey\UserProfile
2011-12-27 23:04 . 2012-01-11 18:58 -------- d--h--w- c:\users\bbailey\SoftRecovery
2011-12-15 06:11 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 06:10 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 06:08 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 06:08 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-05 03:07 . 2011-12-05 03:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-24 09:28 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-11-16 13:32 . 2011-11-16 13:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 05:29 . 2011-10-24 05:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 05:29 . 2011-10-24 05:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-03 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-03 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-03 170008]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-04-21 115560]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-01 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-08-17 14904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-07 421736]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2012-01-08 495708]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-5 795936]
Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2011-12-31 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 MpKsl32e3c7cb;MpKsl32e3c7cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6839C83D-EE69-41E2-8E4C-DC7FAF42A1F5}\MpKsl32e3c7cb.sys [x]
R1 MpKsl3dcb8ff4;MpKsl3dcb8ff4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{531D348C-33A2-48BA-9CCF-50D0BD38BBC9}\MpKsl3dcb8ff4.sys [x]
R1 MpKsl5fad6417;MpKsl5fad6417;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A65FA436-245B-432A-A60E-5123D8B17809}\MpKsl5fad6417.sys [x]
R1 MpKsl6a02d7a0;MpKsl6a02d7a0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6839C83D-EE69-41E2-8E4C-DC7FAF42A1F5}\MpKsl6a02d7a0.sys [x]
R1 MpKsleba0c0bf;MpKsleba0c0bf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{39DB4C9C-805A-4EAE-AA68-B09ABDA1B971}\MpKsleba0c0bf.sys [x]
R1 MpKsledfc84ef;MpKsledfc84ef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{972F4AEC-8798-434E-BA50-9C931C86E223}\MpKsledfc84ef.sys [x]
R1 MpKsleee50011;MpKsleee50011;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9765E7B4-97F9-4B37-A695-C6A31DA655D1}\MpKsleee50011.sys [x]
R1 MpKslf6bcd812;MpKslf6bcd812;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A65FA436-245B-432A-A60E-5123D8B17809}\MpKslf6bcd812.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 136176]
R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-10-29 47616]
R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-09-28 38912]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-10-22 1639728]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 136176]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2011-05-27 6758912]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-19 52224]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2012-01-08 81920]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-08-17 133176]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-10-19 32768]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP FastLook\HPDayStarterService.exe [2010-07-13 95800]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-05 227384]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-11-11 277096]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-03-15 26168]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 rgsender;Remote Graphics Sender Service;c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2009-11-19 379904]
S2 ScrybeUpdater;Scrybe Updater;c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-04-05 224424]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-08 106104]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-04 232960]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-12-28 7435264]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 05:39]
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 05:39]
.
2011-12-29 c:\windows\Tasks\HPCeeScheduleForbbailey.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ninemsn.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 4.2.2.1
DPF: {4E1318B0-53F0-4274-99FB-F5621625340D} - hxxp://rdnariw2k302/installOperaPrintCtrl.exe
DPF: {DAAC8ECF-DB09-4821-8126-E2C9499A20BA} - hxxp://rdnariw2k302/installregterm.exe
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(644)
c:\windows\system32\DPFPApi.DLL
.
Completion time: 2012-01-12 04:00:36
ComboFix-quarantined-files.txt 2012-01-11 19:00
ComboFix2.txt 2012-01-10 19:43
ComboFix3.txt 2012-01-10 18:27
.
Pre-Run: 168,461,557,760 bytes free
Post-Run: 168,294,821,888 bytes free
.
- - End Of File - - 5E4281EB1BA332D0DA9F84112C741C2C

 

[Broni]

Post new OTL log.

 

[stijpn2012]

OTL logfile created on: 1/12/2012 4:38:58 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = \\rn-fs2\Users$\bbailey\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.92 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 53.47% Memory free
5.84 Gb Paging File | 4.01 Gb Available in Paging File | 68.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 215.59 Gb Total Space | 156.55 Gb Free Space | 72.61% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.53 Gb Free Space | 77.24% Space Free | Partition Type: FAT32

Computer Name: RN-LT1 | User Name: bbailey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/12 02:29:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\OTL.exe
PRC - [2012/01/08 21:50:51 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2012/01/08 21:50:50 | 000,254,034 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2012/01/08 21:50:50 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/22 12:30:18 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/10/09 11:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/08/17 14:08:20 | 000,133,176 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
PRC - [2011/08/17 14:07:54 | 002,944,056 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
PRC - [2011/07/05 17:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/06/24 13:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
PRC - [2011/05/27 16:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\Scrybe\scrybe.exe
PRC - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011/02/25 14:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/19 12:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2010/07/16 14:54:06 | 000,300,880 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
PRC - [2010/07/13 14:00:20 | 000,095,800 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP FastLook\HPDayStarterService.exe
PRC - [2010/04/21 12:12:36 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/04/21 12:12:36 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/04/21 12:12:34 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/04/21 12:12:34 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/04/21 12:12:32 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/04/06 02:41:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2010/04/06 02:40:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/11/21 07:10:06 | 000,124,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
PRC - [2009/11/21 06:39:16 | 000,081,920 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
PRC - [2009/11/21 06:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
PRC - [2009/11/21 06:38:56 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
PRC - [2009/11/20 04:01:10 | 003,788,800 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
PRC - [2009/11/20 02:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
PRC - [2009/11/20 02:32:12 | 000,442,368 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
PRC - [2009/11/12 06:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/11/12 00:42:40 | 000,277,096 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009/11/05 06:46:40 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/05 06:46:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/11/05 06:46:30 | 001,098,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
PRC - [2009/09/05 05:43:40 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/09/05 05:43:38 | 002,360,608 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/09/05 05:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/08/04 05:32:22 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/05 14:06:43 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2012/01/05 14:06:32 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/12/29 01:21:31 | 000,092,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
MOD - [2011/12/29 01:21:31 | 000,077,880 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
MOD - [2011/11/28 22:51:51 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2011/11/28 22:50:36 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011/11/25 17:58:35 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/11/25 17:58:34 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
MOD - [2011/11/25 17:58:17 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll
MOD - [2011/11/25 17:58:17 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll
MOD - [2011/11/25 17:58:16 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011/11/25 17:58:08 | 014,339,072 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/11/25 17:57:50 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/11/25 17:57:42 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/11/25 17:57:40 | 012,234,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/11/25 17:57:30 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/11/25 17:57:23 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/11/25 17:57:19 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/11/25 17:57:14 | 007,963,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/11/25 17:56:57 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/26 22:33:02 | 000,877,112 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2011/08/01 11:02:36 | 000,886,272 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.DLL
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/31 19:31:02 | 000,066,856 | ---- | M] () -- C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2010/11/04 17:58:06 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/09/05 05:43:54 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/07/25 05:10:56 | 008,024,064 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtGui4.dll
MOD - [2009/07/25 05:10:28 | 002,199,552 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtCore4.dll
MOD - [2009/06/11 06:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008/01/10 04:10:42 | 000,159,744 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\iceutil32.dll
MOD - [2008/01/10 04:10:00 | 000,167,936 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\icessl32.dll
MOD - [2008/01/10 04:08:00 | 001,245,184 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\ice32.dll
MOD - [2008/01/10 04:06:54 | 000,065,536 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\bzip2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (Hp.Skyroom.Windows.Service)
SRV - [2012/01/08 21:50:50 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2012/01/08 21:50:50 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/17 14:08:20 | 000,133,176 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV - [2011/07/05 17:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2010/10/19 12:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2010/07/16 14:54:06 | 000,300,880 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV - [2010/07/13 14:00:20 | 000,095,800 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP FastLook\HPDayStarterService.exe -- (HPDayStarterService)
SRV - [2010/04/21 12:12:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/04/21 12:12:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/04/21 12:12:34 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/04/21 12:12:34 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/04/21 12:12:32 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/04/06 02:40:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/11/20 02:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe -- (rgsender)
SRV - [2009/11/12 00:42:40 | 000,277,096 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2009/11/05 06:46:40 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/05 06:46:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/22 10:30:46 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2009/09/05 05:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/08/04 05:32:22 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/07/14 10:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 10:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 10:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 10:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - [2012/01/08 21:50:51 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2011/12/29 01:18:36 | 007,435,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel(R)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/08 18:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/08 18:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/18 07:09:40 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120111.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/18 07:09:40 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120111.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/27 16:07:50 | 006,758,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2011/03/15 17:17:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2011/03/15 17:17:20 | 000,026,168 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2011/02/25 13:50:52 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/11/20 04:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 04:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 02:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/06/03 16:55:50 | 001,763,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2010/04/21 12:12:38 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2010/04/21 12:12:36 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/04/21 12:12:36 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/04/21 12:12:36 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/04/21 12:12:34 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2010/04/21 12:12:34 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2010/04/21 12:12:30 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/04/21 12:12:30 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/21 12:12:30 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2010/04/06 00:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel(R)
DRV - [2010/02/27 22:01:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/04 12:06:36 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2009/11/12 00:43:00 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2009/11/12 00:42:52 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2009/11/12 00:42:50 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2009/11/12 00:42:48 | 000,110,520 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009/10/29 09:55:00 | 000,047,616 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\risdpe86.sys -- (risdpcie)
DRV - [2009/10/27 06:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rimspe86.sys -- (rimspci)
DRV - [2009/09/29 06:47:00 | 000,038,912 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rixdpe86.sys -- (rixdpcie)
DRV - [2009/09/18 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/08/04 05:32:22 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/21 07:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
DRV - [2009/07/14 08:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 08:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 08:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/06/26 08:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/26 08:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/26 08:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rimsptsk.sys -- (rimsptsk)
DRV - [2009/04/29 23:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/12/29 01:13:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor


O1 HOSTS File: ([2012/01/12 03:58:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games – Matchmaking)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab (WebGameLoader Class)
O16 - DPF: {4E1318B0-53F0-4274-99FB-F5621625340D} http://rdnariw2k302/installOperaPrintCtrl.exe (OperaPrintControl Object)
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} http://zone.msn.com/bingame/amad/default/atomaders.cab (AtlAtomadersCtlAttrib Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAAC8ECF-DB09-4821-8126-E2C9499A20BA} http://rdnariw2k302/installregterm.exe (RegTerminalSrv Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = radisson.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F839DFF8-444A-4499-9279-19F3E7C857C4}: DhcpNameServer = 4.2.2.1
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

[stijpn2012]

========== Files - Modified Within 30 Days ==========

[2012/01/12 04:15:26 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/12 04:15:26 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/12 04:09:06 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/12 04:07:59 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012/01/12 04:07:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/12 04:07:29 | 2352,513,024 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/12 04:03:00 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/12 03:58:50 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/01/12 02:29:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\OTL.exe
[2012/01/11 04:13:54 | 004,376,389 | R--- | M] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix.exe
[2012/01/11 03:58:50 | 004,377,322 | ---- | M] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe
[2012/01/11 03:57:40 | 000,000,000 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe.6o5k40p.partial
[2012/01/11 02:55:15 | 000,055,214 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\bootkit_remover.zip
[2012/01/10 08:22:05 | 000,000,512 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\MBR.dat
[2012/01/10 08:10:31 | 004,713,472 | ---- | M] (AVAST Software) -- \\rn-fs2\Users$\bbailey\Desktop\aswMBR.exe
[2012/01/10 07:47:56 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- \\rn-fs2\Users$\bbailey\Desktop\tdsskiller.exe
[2012/01/10 07:46:59 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/01/10 07:46:47 | 000,661,410 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/01/10 07:46:47 | 000,121,296 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/01/10 01:05:38 | 585,239,942 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/01/08 21:50:51 | 001,953,792 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stlang.dll
[2012/01/08 21:50:51 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\windows\sttray.exe
[2012/01/08 21:50:51 | 000,431,616 | ---- | M] (IDT, Inc.) -- C:\windows\System32\drivers\stwrt.sys
[2012/01/08 21:50:50 | 012,705,884 | ---- | M] (IDT, Inc.) -- C:\windows\System32\idtcpl.cpl
[2012/01/08 21:50:50 | 000,934,912 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stapo.dll
[2012/01/08 21:50:50 | 000,531,968 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stapi32.dll
[2012/01/08 21:50:50 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stcplx.dll
[2012/01/08 21:50:50 | 000,179,712 | ---- | M] (IDT, Inc.) -- C:\windows\System32\staco.dll
[2012/01/07 12:49:25 | 000,294,216 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\gmer.zip
[2012/01/07 12:36:15 | 000,607,260 | R--- | M] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\dds.scr
[2012/01/07 08:50:11 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/06 23:25:09 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/06 23:20:37 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/06 23:19:01 | 000,002,503 | ---- | M] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/01/06 23:19:01 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/01/06 18:28:46 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2012/01/06 02:58:59 | 000,001,047 | ---- | M] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
[2012/01/06 02:58:59 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2012/01/05 13:16:35 | 000,007,426 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/01/03 08:47:22 | 001,541,924 | ---- | M] () -- C:\windows\System32\drivers\Cat.DB
[2011/12/31 08:02:40 | 000,002,669 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
[2011/12/29 20:00:25 | 000,000,328 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForbbailey.job
[2011/12/29 04:41:27 | 000,002,560 | ---- | M] () -- C:\windows\_MSRSTRT.EXE
[2011/12/29 02:48:36 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/29 01:21:30 | 000,000,178 | ---- | M] () -- C:\windows\System32\HPPA.ini
[2011/12/28 08:22:57 | 000,001,490 | ---- | M] () -- C:\user.js
[2011/12/15 15:24:49 | 000,408,488 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/01/11 03:57:40 | 000,000,000 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe.6o5k40p.partial
[2012/01/11 03:12:17 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/01/11 03:12:17 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/01/11 03:12:17 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/01/11 03:12:17 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/01/11 03:12:17 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/01/10 08:25:55 | 000,055,214 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\bootkit_remover.zip
[2012/01/10 08:22:05 | 000,000,512 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\MBR.dat
[2012/01/07 12:49:47 | 000,294,216 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\gmer.zip
[2012/01/07 08:50:11 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/06 23:25:09 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/06 23:20:37 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/05 23:21:47 | 000,001,047 | ---- | C] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
[2012/01/05 23:21:47 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2012/01/03 08:44:52 | 001,541,924 | ---- | C] () -- C:\windows\System32\drivers\Cat.DB
[2011/12/31 08:02:40 | 000,002,669 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
[2011/12/31 04:48:57 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2011/12/29 04:41:26 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
[2011/12/29 01:15:40 | 000,001,641 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDT HD Audio.lnk
[2011/12/28 08:22:55 | 000,001,490 | ---- | C] () -- C:\user.js
[2011/11/24 18:06:02 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign
[2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign
[2011/02/25 13:20:37 | 000,000,085 | ---- | C] () -- C:\windows\TermReg.ini
[2011/02/25 13:13:52 | 000,007,426 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/03 21:55:50 | 001,763,968 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2011/01/03 21:55:50 | 000,033,280 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2011/01/03 21:55:50 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2011/01/03 21:55:50 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010/09/15 14:04:14 | 000,000,178 | ---- | C] () -- C:\windows\System32\HPPA.ini
[2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPSCEL.dll.hpsign
[2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApi.dll.hpsign
[2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPClback.dll.hpsign
[2010/07/15 16:01:46 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApiUI.dll.hpsign
[2010/06/03 15:05:28 | 000,127,868 | ---- | C] () -- C:\windows\System32\igcompkrng575.bin
[2010/06/03 15:05:26 | 000,104,636 | ---- | C] () -- C:\windows\System32\igfcg575m.bin
[2010/06/03 15:05:24 | 000,870,560 | ---- | C] () -- C:\windows\System32\igkrng575.bin
[2010/06/03 14:19:12 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2010/06/03 14:15:30 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2010/06/03 14:15:28 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
[2009/11/12 00:42:48 | 000,110,520 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2009/10/23 01:56:00 | 000,000,256 | ---- | C] () -- C:\windows\System32\vcsAPIShared.dll.hpsign
[2009/07/14 13:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 13:33:53 | 000,408,488 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 11:05:48 | 000,661,410 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 11:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 11:05:48 | 000,121,296 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 11:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 11:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 11:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 08:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 08:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 08:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 07:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 07:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 07:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 07:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/11 06:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

========== LOP Check ==========

[2011/12/28 08:22:49 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\Babylon
[2011/09/27 10:20:18 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\DigitalPersona
[2012/01/06 08:47:14 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\GlarySoft
[2012/01/02 13:14:39 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\IObit
[2011/10/01 16:57:06 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\redsn0w
[2011/12/28 08:23:04 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\SumatraPDF
[2011/12/31 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\Synaptics
[2012/01/03 12:05:27 | 000,032,636 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

 

[Broni]

Looks good

Any current issues?

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[stijpn2012]

Was looking good but after the last reboot the pop up ad was back

Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Symantec Endpoint Protection
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 29
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

Farbar Service Scanner
Ran by bbailey (administrator) on 12-01-2012 at 04:56:42
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

No threats found on the Eset Scan

 

[Broni]

Post new OTL log.

 

[stijpn2012]

OTL logfile created on: 1/12/2012 7:06:55 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = \\rn-fs2\Users$\bbailey\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.92 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 51.85% Memory free
5.84 Gb Paging File | 4.00 Gb Available in Paging File | 68.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 215.59 Gb Total Space | 156.35 Gb Free Space | 72.52% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.53 Gb Free Space | 77.24% Space Free | Partition Type: FAT32

Computer Name: RN-LT1 | User Name: bbailey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/12 02:29:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\OTL.exe
PRC - [2012/01/08 21:50:51 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2012/01/08 21:50:50 | 000,254,034 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2012/01/08 21:50:50 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/22 12:30:18 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/08/17 14:08:20 | 000,133,176 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
PRC - [2011/08/17 14:07:54 | 002,944,056 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
PRC - [2011/07/05 17:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/06/24 13:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
PRC - [2011/05/27 16:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\Scrybe\scrybe.exe
PRC - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011/02/25 14:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/19 12:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2010/07/16 14:54:06 | 000,300,880 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
PRC - [2010/07/13 14:00:20 | 000,095,800 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP FastLook\HPDayStarterService.exe
PRC - [2010/04/21 12:12:36 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/04/21 12:12:36 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/04/21 12:12:34 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/04/21 12:12:34 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/04/21 12:12:32 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/04/06 02:41:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2010/04/06 02:40:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/11/21 07:10:06 | 000,124,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
PRC - [2009/11/21 06:39:16 | 000,081,920 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
PRC - [2009/11/21 06:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
PRC - [2009/11/21 06:38:56 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
PRC - [2009/11/20 04:01:10 | 003,788,800 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
PRC - [2009/11/20 02:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
PRC - [2009/11/20 02:32:12 | 000,442,368 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
PRC - [2009/11/12 06:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/11/12 00:42:40 | 000,277,096 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009/11/05 06:46:40 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/05 06:46:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/11/05 06:46:30 | 001,098,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
PRC - [2009/09/05 05:43:40 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/09/05 05:43:38 | 002,360,608 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/09/05 05:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/08/04 05:32:22 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/05 14:06:43 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2012/01/05 14:06:32 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/12/29 01:21:31 | 000,092,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
MOD - [2011/12/29 01:21:31 | 000,077,880 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
MOD - [2011/11/28 22:51:51 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2011/11/28 22:50:36 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011/11/25 17:58:35 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/11/25 17:58:34 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
MOD - [2011/11/25 17:58:17 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll
MOD - [2011/11/25 17:58:17 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll
MOD - [2011/11/25 17:58:16 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011/11/25 17:58:08 | 014,339,072 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/11/25 17:57:50 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/11/25 17:57:42 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/11/25 17:57:40 | 012,234,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/11/25 17:57:30 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/11/25 17:57:23 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/11/25 17:57:19 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/11/25 17:57:14 | 007,963,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/11/25 17:56:57 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/26 22:33:02 | 000,877,112 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2011/08/01 11:02:36 | 000,886,272 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.DLL
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/31 19:31:02 | 000,066,856 | ---- | M] () -- C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2010/11/04 17:58:06 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/09/05 05:43:54 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/07/25 05:10:56 | 008,024,064 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtGui4.dll
MOD - [2009/07/25 05:10:28 | 002,199,552 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtCore4.dll
MOD - [2009/06/11 06:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008/01/10 04:10:42 | 000,159,744 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\iceutil32.dll
MOD - [2008/01/10 04:10:00 | 000,167,936 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\icessl32.dll
MOD - [2008/01/10 04:08:00 | 001,245,184 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\ice32.dll
MOD - [2008/01/10 04:06:54 | 000,065,536 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\bzip2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (Hp.Skyroom.Windows.Service)
SRV - [2012/01/08 21:50:50 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2012/01/08 21:50:50 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/17 14:08:20 | 000,133,176 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV - [2011/07/05 17:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2010/10/19 12:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2010/07/16 14:54:06 | 000,300,880 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV - [2010/07/13 14:00:20 | 000,095,800 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP FastLook\HPDayStarterService.exe -- (HPDayStarterService)
SRV - [2010/04/21 12:12:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/04/21 12:12:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/04/21 12:12:34 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/04/21 12:12:34 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/04/21 12:12:32 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/04/06 02:40:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/11/20 02:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe -- (rgsender)
SRV - [2009/11/12 00:42:40 | 000,277,096 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2009/11/05 06:46:40 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/05 06:46:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/22 10:30:46 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2009/09/05 05:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/08/04 05:32:22 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/07/14 10:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 10:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 10:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 10:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - [2012/01/08 21:50:51 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2011/12/29 01:18:36 | 007,435,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel(R)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/08 18:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/08 18:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/18 07:09:40 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120111.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/18 07:09:40 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120111.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/27 16:07:50 | 006,758,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2011/03/15 17:17:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2011/03/15 17:17:20 | 000,026,168 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2011/02/25 13:50:52 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/11/20 04:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 04:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 02:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/06/03 16:55:50 | 001,763,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2010/04/21 12:12:38 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2010/04/21 12:12:36 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/04/21 12:12:36 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/04/21 12:12:36 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/04/21 12:12:34 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2010/04/21 12:12:34 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2010/04/21 12:12:30 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/04/21 12:12:30 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/21 12:12:30 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2010/04/06 00:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel(R)
DRV - [2010/02/27 22:01:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/04 12:06:36 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2009/11/12 00:43:00 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2009/11/12 00:42:52 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2009/11/12 00:42:50 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2009/11/12 00:42:48 | 000,110,520 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009/10/29 09:55:00 | 000,047,616 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\risdpe86.sys -- (risdpcie)
DRV - [2009/10/27 06:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rimspe86.sys -- (rimspci)
DRV - [2009/09/29 06:47:00 | 000,038,912 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rixdpe86.sys -- (rixdpcie)
DRV - [2009/09/18 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/08/04 05:32:22 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/21 07:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
DRV - [2009/07/14 08:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 08:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 08:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/06/26 08:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/26 08:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/26 08:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rimsptsk.sys -- (rimsptsk)
DRV - [2009/04/29 23:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/12/29 01:13:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor


O1 HOSTS File: ([2012/01/12 03:58:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [RegWriteNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS] C:\Users\bbailey\SoftRecovery\RegWrite.lnk ()
O4 - HKCU..\Run: [SystemBootNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS] C:\Users\bbailey\UserProfile\SystemBoot.lnk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games – Matchmaking)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab (WebGameLoader Class)
O16 - DPF: {4E1318B0-53F0-4274-99FB-F5621625340D} http://rdnariw2k302/installOperaPrintCtrl.exe (OperaPrintControl Object)
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} http://zone.msn.com/bingame/amad/default/atomaders.cab (AtlAtomadersCtlAttrib Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAAC8ECF-DB09-4821-8126-E2C9499A20BA} http://rdnariw2k302/installregterm.exe (RegTerminalSrv Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = radisson.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F839DFF8-444A-4499-9279-19F3E7C857C4}: DhcpNameServer = 4.2.2.1
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

[stijpn2012]

========== Files/Folders - Created Within 30 Days ==========

[2012/01/12 05:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/12 04:58:34 | 000,446,464 | ---- | C] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\TFC.exe
[2012/01/12 04:00:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/12 04:00:43 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/01/12 02:30:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\OTL.exe
[2012/01/12 02:17:04 | 000,000,000 | ---D | C] -- C:\HP_RECOVERY_mountHPSF
[2012/01/11 04:43:46 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\temp
[2012/01/11 04:13:22 | 004,376,389 | R--- | C] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix.exe
[2012/01/11 03:58:06 | 004,377,322 | ---- | C] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe
[2012/01/11 03:12:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/01/11 03:12:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/01/11 03:12:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/01/11 03:11:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/10 08:09:58 | 004,713,472 | ---- | C] (AVAST Software) -- \\rn-fs2\Users$\bbailey\Desktop\aswMBR.exe
[2012/01/10 07:48:03 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- \\rn-fs2\Users$\bbailey\Desktop\tdsskiller.exe
[2012/01/08 21:52:05 | 012,705,884 | ---- | C] (IDT, Inc.) -- C:\windows\System32\idtcpl.cpl
[2012/01/08 21:52:05 | 001,953,792 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stlang.dll
[2012/01/08 21:52:05 | 000,495,708 | ---- | C] (IDT, Inc.) -- C:\windows\sttray.exe
[2012/01/08 21:52:00 | 000,179,712 | ---- | C] (IDT, Inc.) -- C:\windows\System32\staco.dll
[2012/01/08 21:51:20 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\windows\System32\drivers\stwrt.sys
[2012/01/08 21:51:18 | 000,934,912 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stapo.dll
[2012/01/08 21:51:18 | 000,531,968 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stapi32.dll
[2012/01/08 21:51:18 | 000,405,504 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stcplx.dll
[2012/01/08 21:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2012/01/07 12:53:14 | 000,000,000 | ---D | C] -- \\rn-fs2\Users$\bbailey\Desktop\gmer
[2012/01/07 12:37:53 | 000,607,260 | R--- | C] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\dds.scr
[2012/01/07 08:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/07 08:50:02 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/01/07 08:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/07 07:24:43 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/01/07 06:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/01/06 23:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/06 23:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/06 23:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/06 23:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/01/06 23:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/01/06 18:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/06 18:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/06 08:47:14 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\GlarySoft
[2012/01/06 08:32:20 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/01/06 08:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\WinASO
[2012/01/06 04:56:33 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Apps
[2012/01/05 23:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
[2012/01/05 13:30:31 | 000,000,000 | ---D | C] -- C:\a4a5b20479313b238579215fc2
[2012/01/03 08:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2012/01/03 08:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/02 12:59:38 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\IObit
[2012/01/02 12:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/01/02 12:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/01/02 10:55:44 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Malwarebytes
[2012/01/02 10:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/31 18:36:11 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Synaptics
[2011/12/31 08:39:52 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\PokerStars
[2011/12/31 08:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2011/12/31 08:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrybe
[2011/12/31 08:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2011/12/31 08:02:27 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\windows\System32\SynTPCo9.dll
[2011/12/29 13:39:41 | 000,000,000 | ---D | C] -- \\rn-fs2\Users$\bbailey\My Documents\Outlook Files
[2011/12/29 12:50:18 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Roxio
[2011/12/29 05:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/29 05:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/12/29 04:57:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Trend Micro
[2011/12/29 04:57:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Panicware
[2011/12/29 04:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panicware
[2011/12/29 04:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Panicware
[2011/12/29 01:24:22 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Downloaded Installations
[2011/12/29 01:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Portrait Displays
[2011/12/29 01:21:13 | 000,000,000 | ---D | C] -- \\rn-fs2\Users$\bbailey\Desktop\RT
[2011/12/29 01:21:09 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Hewlett-Packard Company
[2011/12/29 01:17:31 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\InstallShield
[2011/12/29 01:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2011/12/29 01:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall
[2011/12/29 01:13:52 | 000,000,000 | R--D | C] -- C:\Users\bbailey\Pictures
[2011/12/29 01:13:52 | 000,000,000 | R--D | C] -- C:\Users\bbailey\Desktop
[2011/12/29 01:13:52 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Programs
[2011/12/29 01:13:51 | 000,000,000 | R--D | C] -- C:\Users\bbailey\Videos
[2011/12/29 01:13:51 | 000,000,000 | R--D | C] -- C:\Users\bbailey\Music
[2011/12/29 01:13:38 | 000,000,000 | ---D | C] -- C:\windows\DPDrv
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\zh-Hant
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\zh-Hans
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\ja
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\it
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\fr
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\es
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\de
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\cs
[2011/12/28 23:31:05 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\ElevatedDiagnostics
[2011/12/28 08:23:04 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\SumatraPDF
[2011/12/28 08:22:49 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Babylon
[2011/12/28 08:22:49 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Babylon
[2011/12/28 08:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011/12/28 08:22:48 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Reader
[2011/12/28 08:04:58 | 000,000,000 | -H-D | C] -- C:\Users\bbailey\UserProfile
[2011/12/28 08:04:58 | 000,000,000 | -H-D | C] -- C:\Users\bbailey\SoftRecovery
[2011/12/15 15:11:07 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/01/03 21:55:50 | 000,255,360 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2011/01/03 21:55:50 | 000,211,840 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
[2010/06/03 14:21:18 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2012/01/12 07:03:05 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/12 05:09:14 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/12 05:09:14 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/12 05:02:44 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/12 05:01:42 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012/01/12 05:01:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/12 05:01:19 | 2352,513,024 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/12 04:58:15 | 000,446,464 | ---- | M] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\TFC.exe
[2012/01/12 04:51:47 | 000,869,194 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\SecurityCheck.exe
[2012/01/12 03:58:50 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/01/12 02:29:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\OTL.exe
[2012/01/11 04:13:54 | 004,376,389 | R--- | M] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix.exe
[2012/01/11 03:58:50 | 004,377,322 | ---- | M] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe
[2012/01/11 03:57:40 | 000,000,000 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe.6o5k40p.partial
[2012/01/11 02:55:15 | 000,055,214 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\bootkit_remover.zip
[2012/01/10 08:22:05 | 000,000,512 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\MBR.dat
[2012/01/10 08:10:31 | 004,713,472 | ---- | M] (AVAST Software) -- \\rn-fs2\Users$\bbailey\Desktop\aswMBR.exe
[2012/01/10 07:47:56 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- \\rn-fs2\Users$\bbailey\Desktop\tdsskiller.exe
[2012/01/10 07:46:59 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/01/10 07:46:47 | 000,661,410 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/01/10 07:46:47 | 000,121,296 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/01/10 01:05:38 | 585,239,942 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/01/08 21:50:51 | 001,953,792 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stlang.dll
[2012/01/08 21:50:51 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\windows\sttray.exe
[2012/01/08 21:50:51 | 000,431,616 | ---- | M] (IDT, Inc.) -- C:\windows\System32\drivers\stwrt.sys
[2012/01/08 21:50:50 | 012,705,884 | ---- | M] (IDT, Inc.) -- C:\windows\System32\idtcpl.cpl
[2012/01/08 21:50:50 | 000,934,912 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stapo.dll
[2012/01/08 21:50:50 | 000,531,968 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stapi32.dll
[2012/01/08 21:50:50 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stcplx.dll
[2012/01/08 21:50:50 | 000,179,712 | ---- | M] (IDT, Inc.) -- C:\windows\System32\staco.dll
[2012/01/07 12:49:25 | 000,294,216 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\gmer.zip
[2012/01/07 12:36:15 | 000,607,260 | R--- | M] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\dds.scr
[2012/01/07 08:50:11 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/06 23:25:09 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/06 23:20:37 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/06 23:19:01 | 000,002,503 | ---- | M] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/01/06 23:19:01 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/01/06 18:28:46 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2012/01/06 02:58:59 | 000,001,047 | ---- | M] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
[2012/01/06 02:58:59 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2012/01/05 13:16:35 | 000,007,426 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/01/03 08:47:22 | 001,541,924 | ---- | M] () -- C:\windows\System32\drivers\Cat.DB
[2011/12/31 08:02:40 | 000,002,669 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
[2011/12/29 20:00:25 | 000,000,328 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForbbailey.job
[2011/12/29 04:41:27 | 000,002,560 | ---- | M] () -- C:\windows\_MSRSTRT.EXE
[2011/12/29 02:48:36 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/29 01:21:30 | 000,000,178 | ---- | M] () -- C:\windows\System32\HPPA.ini
[2011/12/28 08:22:57 | 000,001,490 | ---- | M] () -- C:\user.js
[2011/12/15 15:24:49 | 000,408,488 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/01/12 04:51:50 | 000,869,194 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\SecurityCheck.exe
[2012/01/11 03:57:40 | 000,000,000 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe.6o5k40p.partial
[2012/01/11 03:12:17 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/01/11 03:12:17 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/01/11 03:12:17 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/01/11 03:12:17 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/01/11 03:12:17 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/01/10 08:25:55 | 000,055,214 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\bootkit_remover.zip
[2012/01/10 08:22:05 | 000,000,512 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\MBR.dat
[2012/01/07 12:49:47 | 000,294,216 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\gmer.zip
[2012/01/07 08:50:11 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/06 23:25:09 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/06 23:20:37 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/05 23:21:47 | 000,001,047 | ---- | C] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
[2012/01/05 23:21:47 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2012/01/03 08:44:52 | 001,541,924 | ---- | C] () -- C:\windows\System32\drivers\Cat.DB
[2011/12/31 08:02:40 | 000,002,669 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
[2011/12/31 04:48:57 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2011/12/29 04:41:26 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
[2011/12/29 01:15:40 | 000,001,641 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDT HD Audio.lnk
[2011/12/28 08:22:55 | 000,001,490 | ---- | C] () -- C:\user.js
[2011/11/24 18:06:02 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign
[2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign
[2011/02/25 13:20:37 | 000,000,085 | ---- | C] () -- C:\windows\TermReg.ini
[2011/02/25 13:13:52 | 000,007,426 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/03 21:55:50 | 001,763,968 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2011/01/03 21:55:50 | 000,033,280 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2011/01/03 21:55:50 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2011/01/03 21:55:50 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010/09/15 14:04:14 | 000,000,178 | ---- | C] () -- C:\windows\System32\HPPA.ini
[2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPSCEL.dll.hpsign
[2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApi.dll.hpsign
[2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPClback.dll.hpsign
[2010/07/15 16:01:46 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApiUI.dll.hpsign
[2010/06/03 15:05:28 | 000,127,868 | ---- | C] () -- C:\windows\System32\igcompkrng575.bin
[2010/06/03 15:05:26 | 000,104,636 | ---- | C] () -- C:\windows\System32\igfcg575m.bin
[2010/06/03 15:05:24 | 000,870,560 | ---- | C] () -- C:\windows\System32\igkrng575.bin
[2010/06/03 14:19:12 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2010/06/03 14:15:30 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2010/06/03 14:15:28 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
[2009/11/12 00:42:48 | 000,110,520 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2009/10/23 01:56:00 | 000,000,256 | ---- | C] () -- C:\windows\System32\vcsAPIShared.dll.hpsign
[2009/07/14 13:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 13:33:53 | 000,408,488 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 11:05:48 | 000,661,410 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 11:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 11:05:48 | 000,121,296 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 11:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 11:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 11:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 08:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 08:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 08:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 07:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 07:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 07:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 07:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/11 06:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

========== LOP Check ==========

[2011/12/28 08:22:49 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\Babylon
[2011/09/27 10:20:18 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\DigitalPersona
[2012/01/06 08:47:14 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\GlarySoft
[2012/01/02 13:14:39 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\IObit
[2011/10/01 16:57:06 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\redsn0w
[2011/12/28 08:23:04 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\SumatraPDF
[2011/12/31 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\Synaptics
[2012/01/03 12:05:27 | 000,032,636 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

 

[Broni]

Yeah, those entries are getting recreated....

Please download and run ListParts by Farbar

Please download and run ListParts64 by Farbar

Click on Scan button.

Scan result will open in Notepad.
Post it in your next reply.

 

[stijpn2012]

here's the first log. The second scan wouldn't won't said i have to check if 64 or 32 bit. I'm on 32 bit right?

ListParts by Farbar
Ran by bbailey on 12-01-2012 at 07:30:31
Windows 7 (X86)
Running From: C:\Users\bbailey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0BKU2F8
************************************************************

========================= Memory info ======================

Percentage of memory in use: 49%
Total physical RAM: 2991.38 MB
Available physical RAM: 1513.06 MB
Total Pagefile: 5981.04 MB
Available Pagefile: 4001.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1956.19 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:215.59 GB) (Free:156.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.53 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 300 MB 1024 KB
Partition 2 Primary 215 GB 301 MB
Partition 3 Primary 15 GB 215 GB
Partition 4 Primary 2043 MB 230 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM NTFS Partition 300 MB Healthy System (partition with boot components)

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 215 GB Healthy Boot

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 HP_RECOVERY NTFS Partition 15 GB Healthy

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 2043 MB Healthy



****** End Of Log ******

 

[stijpn2012]

sorry typo meant it said it wouldn't work as 64 bit

 

[Broni]

Sorry about it .
Yes you're on 32-bit system.

It looks good.

Delete your Combofix file, download new one and post its log.

 

[stijpn2012]

ComboFix 12-01-10.02 - bbailey 01/12/2012 7:49.6.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2991.1588 [GMT 9:00]
Running from: c:\combofix\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 )))))))))))))))))))))))))))))))
.
.
2012-01-11 22:55 . 2012-01-11 22:55 -------- d-----w- c:\users\Radisson\AppData\Local\temp
2012-01-11 22:55 . 2012-01-11 22:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-11 22:55 . 2012-01-11 22:55 -------- d-----w- c:\users\administrator\AppData\Local\temp
2012-01-11 20:07 . 2012-01-11 20:07 -------- d-----w- c:\program files\ESET
2012-01-11 20:02 . 2012-01-11 20:02 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A3E672D-BABD-445D-B812-5178A4EF8919}\offreg.dll
2012-01-11 17:17 . 2012-01-11 17:17 -------- d-----w- C:\HP_RECOVERY_mountHPSF
2012-01-10 19:43 . 2012-01-11 22:55 -------- d-----w- c:\users\bbailey\AppData\Local\temp
2012-01-06 23:50 . 2011-12-10 06:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-06 23:50 . 2012-01-06 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-06 21:58 . 2012-01-06 21:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-06 14:24 . 2012-01-06 14:24 -------- d-----w- c:\program files\iPod
2012-01-06 14:24 . 2012-01-06 14:25 -------- d-----w- c:\program files\iTunes
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-01-06 14:20 . 2012-01-06 14:20 -------- d-----w- c:\program files\QuickTime
2012-01-06 09:28 . 2012-01-06 09:53 -------- d-----w- c:\programdata\AVAST Software
2012-01-06 09:28 . 2012-01-06 09:28 -------- d-----w- c:\program files\AVAST Software
2012-01-05 23:47 . 2012-01-05 23:47 -------- d-----w- c:\users\bbailey\AppData\Roaming\GlarySoft
2012-01-05 23:06 . 2012-01-05 23:06 -------- d-----w- c:\program files\WinASO
2012-01-05 19:56 . 2012-01-05 19:56 -------- d-----w- c:\users\bbailey\AppData\Local\Apps
2012-01-05 04:45 . 2012-01-05 04:45 -------- d-----w- c:\users\administrator\AppData\Local\Google
2012-01-05 04:40 . 2012-01-05 04:40 -------- d-----w- c:\users\administrator\AppData\Roaming\hpqlog
2012-01-05 04:39 . 2012-01-05 04:39 -------- d-----w- c:\users\administrator\AppData\Roaming\IObit
2012-01-05 04:38 . 2012-01-05 04:38 -------- d-----w- c:\users\administrator\AppData\Roaming\Synaptics
2012-01-05 04:30 . 2012-01-05 04:30 -------- d-----w- C:\a4a5b20479313b238579215fc2
2012-01-02 23:43 . 2012-01-03 03:04 -------- d-----w- c:\program files\PC Tools Security
2012-01-02 23:41 . 2012-01-02 23:52 -------- d-----w- c:\programdata\PC Tools
2012-01-02 03:59 . 2012-01-02 04:14 -------- d-----w- c:\users\bbailey\AppData\Roaming\IObit
2012-01-02 03:59 . 2012-01-02 03:59 -------- d-----w- c:\program files\IObit
2012-01-02 03:35 . 2010-01-10 09:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-01-02 03:34 . 2012-01-05 04:51 -------- d-----w- c:\program files\SpywareBlaster
2012-01-02 01:55 . 2012-01-02 01:55 -------- d-----w- c:\users\bbailey\AppData\Roaming\Malwarebytes
2012-01-02 01:55 . 2012-01-02 01:55 -------- d-----w- c:\programdata\Malwarebytes
2011-12-31 09:36 . 2011-12-31 09:36 -------- d-----w- c:\users\bbailey\AppData\Roaming\Synaptics
2011-12-30 23:39 . 2012-01-11 21:29 -------- d-----w- c:\users\bbailey\AppData\Local\PokerStars
2011-12-30 23:38 . 2012-01-09 13:58 -------- d-----w- c:\program files\PokerStars
2011-12-30 23:02 . 2011-12-30 23:02 -------- d-----w- c:\programdata\Synaptics
2011-12-30 23:02 . 2011-03-31 10:30 218408 ----a-w- c:\windows\system32\SynCtrl.dll
2011-12-30 23:02 . 2011-03-31 10:32 1335472 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-12-30 23:02 . 2011-03-31 10:30 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-12-30 23:02 . 2011-03-31 10:30 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
2011-12-29 03:50 . 2011-12-29 03:50 -------- d-----w- c:\users\bbailey\AppData\Local\Roxio
2011-12-28 20:05 . 2012-01-05 04:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-28 20:05 . 2012-01-05 04:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-28 19:41 . 2011-12-28 19:41 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-12-28 19:37 . 2011-12-28 19:37 -------- d-----w- c:\program files\Panicware
2011-12-28 19:18 . 2011-11-29 17:21 6823496 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A3E672D-BABD-445D-B812-5178A4EF8919}\mpengine.dll
2011-12-28 19:18 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-28 16:24 . 2011-12-28 16:24 -------- d-----w- c:\users\bbailey\AppData\Local\Downloaded Installations
2011-12-28 16:22 . 2011-12-28 16:22 -------- d-----w- c:\program files\Common Files\Portrait Displays
2011-12-28 16:21 . 2011-12-28 16:21 -------- d-----w- c:\users\bbailey\AppData\Roaming\Hewlett-Packard Company
2011-12-28 16:18 . 2011-12-28 16:18 7435264 ----a-w- c:\windows\system32\drivers\NETwNs32.sys
2011-12-28 16:18 . 2011-12-28 16:18 684032 ----a-w- c:\windows\system32\NETwNc32.dll
2011-12-28 16:18 . 2011-12-28 16:18 2760704 ----a-w- c:\windows\system32\NETwNr32.dll
2011-12-28 16:17 . 2011-12-28 16:17 -------- d-----w- c:\users\bbailey\AppData\Roaming\InstallShield
2011-12-28 16:17 . 2011-12-28 16:17 -------- d-----w- c:\program files\Common Files\Roxio Shared
2011-12-28 16:17 . 2011-12-28 16:17 -------- d-----w- c:\programdata\Uninstall
2011-12-28 14:31 . 2012-01-11 17:00 -------- d-----w- c:\users\bbailey\AppData\Local\ElevatedDiagnostics
2011-12-27 23:23 . 2011-12-27 23:23 -------- d-----w- c:\users\bbailey\AppData\Roaming\SumatraPDF
2011-12-27 23:22 . 2011-12-27 23:22 1490 ----a-w- C:\user.js
2011-12-27 23:22 . 2011-12-27 23:22 -------- d-----w- c:\users\bbailey\AppData\Roaming\Babylon
2011-12-27 23:22 . 2011-12-27 23:22 -------- d-----w- c:\users\bbailey\AppData\Local\Babylon
2011-12-27 23:22 . 2011-12-27 23:22 -------- d-----w- c:\programdata\Babylon
2011-12-27 23:04 . 2012-01-11 19:53 -------- d--h--w- c:\users\bbailey\UserProfile
2011-12-27 23:04 . 2012-01-11 19:53 -------- d--h--w- c:\users\bbailey\SoftRecovery
2011-12-15 06:11 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 06:10 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 06:08 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 06:08 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-05 03:07 . 2011-12-05 03:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-24 09:28 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-11-16 13:32 . 2011-11-16 13:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 05:29 . 2011-10-24 05:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 05:29 . 2011-10-24 05:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-15 39408]
"SystemBootNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS"="c:\users\bbailey\UserProfile\SystemBoot.lnk" [2012-01-11 882]
"RegWriteNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS"="c:\users\bbailey\SoftRecovery\RegWrite.lnk" [2012-01-11 990]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-03 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-03 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-03 170008]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-04-21 115560]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-01 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-08-17 14904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-07 421736]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2012-01-08 495708]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-5 795936]
Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2011-12-31 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl32e3c7cb;MpKsl32e3c7cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6839C83D-EE69-41E2-8E4C-DC7FAF42A1F5}\MpKsl32e3c7cb.sys [x]
R1 MpKsl3dcb8ff4;MpKsl3dcb8ff4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{531D348C-33A2-48BA-9CCF-50D0BD38BBC9}\MpKsl3dcb8ff4.sys [x]
R1 MpKsl5fad6417;MpKsl5fad6417;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A65FA436-245B-432A-A60E-5123D8B17809}\MpKsl5fad6417.sys [x]
R1 MpKsl6a02d7a0;MpKsl6a02d7a0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6839C83D-EE69-41E2-8E4C-DC7FAF42A1F5}\MpKsl6a02d7a0.sys [x]
R1 MpKsleba0c0bf;MpKsleba0c0bf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{39DB4C9C-805A-4EAE-AA68-B09ABDA1B971}\MpKsleba0c0bf.sys [x]
R1 MpKsledfc84ef;MpKsledfc84ef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{972F4AEC-8798-434E-BA50-9C931C86E223}\MpKsledfc84ef.sys [x]
R1 MpKsleee50011;MpKsleee50011;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9765E7B4-97F9-4B37-A695-C6A31DA655D1}\MpKsleee50011.sys [x]
R1 MpKslf6bcd812;MpKslf6bcd812;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A65FA436-245B-432A-A60E-5123D8B17809}\MpKslf6bcd812.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 136176]
R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-10-29 47616]
R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-09-28 38912]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-10-22 1639728]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 136176]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2011-05-27 6758912]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-19 52224]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2012-01-08 81920]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-08-17 133176]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-10-19 32768]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP FastLook\HPDayStarterService.exe [2010-07-13 95800]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-05 227384]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-11-11 277096]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-03-15 26168]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 rgsender;Remote Graphics Sender Service;c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2009-11-19 379904]
S2 ScrybeUpdater;Scrybe Updater;c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-04-05 224424]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-08 106104]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-04 232960]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-12-28 7435264]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 05:39]
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 05:39]
.
2011-12-29 c:\windows\Tasks\HPCeeScheduleForbbailey.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ninemsn.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 4.2.2.1
DPF: {4E1318B0-53F0-4274-99FB-F5621625340D} - hxxp://rdnariw2k302/installOperaPrintCtrl.exe
DPF: {DAAC8ECF-DB09-4821-8126-E2C9499A20BA} - hxxp://rdnariw2k302/installregterm.exe
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(640)
c:\windows\system32\DPFPApi.DLL
.
- - - - - - - > 'Explorer.exe'(6988)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2012-01-12 07:57:32
ComboFix-quarantined-files.txt 2012-01-11 22:57
ComboFix2.txt 2012-01-11 19:00
ComboFix3.txt 2012-01-10 19:43
ComboFix4.txt 2012-01-10 18:27
.
Pre-Run: 167,618,416,640 bytes free
Post-Run: 167,575,613,440 bytes free
.
- - End Of File - - E8FD0A572E5B30B6233D93B4C2B83962