Inactive Malware virus won't remove

Status
Not open for further replies.
S

stijpn2012

Posts: 39   +0
I'm having issues with a virus that causes a pop up ad when i start up my PC and has slowed the performance as well.


Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.09.06

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421

Protection: Disabled

1/10/2012 1:12:53 AM
mbam-log-2012-01-10 (01-12-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213001
Time elapsed: 2 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SystemBootNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS (Trojan.PMovie) -> Data: C:\Users\bbailey\UserProfile\SystemBoot.lnk -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|RegWriteNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS (Trojan.PMovie) -> Data: C:\Users\bbailey\SoftRecovery\RegWrite.lnk -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\bbailey\UserProfile\SystemBoot.lnk (Trojan.PMovie) -> Quarantined and deleted successfully.
C:\Users\bbailey\SoftRecovery\RegWrite.lnk (Trojan.PMovie) -> Quarantined and deleted successfully.

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-10 01:55:31
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.03.0
Running: gmer.exe; Driver: C:\Users\bbailey\AppData\Local\Temp\fwldrpod.sys


---- System - GMER 1.0.15 ----

SSDT 87CEB330 ZwAlertResumeThread
SSDT 87BEE7F0 ZwAlertThread
SSDT 87BF8FC0 ZwAllocateVirtualMemory
SSDT 87B66E60 ZwConnectPort
SSDT 87BE1CB0 ZwCreateMutant
SSDT 87CC93D0 ZwCreateThread
SSDT 87BEE3A0 ZwFreeVirtualMemory
SSDT 87BE1D80 ZwImpersonateAnonymousToken
SSDT 87C46728 ZwImpersonateThread
SSDT 87DB6C28 ZwMapViewOfSection
SSDT 87BE1BD0 ZwOpenEvent
SSDT 87C4DC10 ZwOpenProcessToken
SSDT 87D5C340 ZwOpenThreadToken
SSDT \??\C:\windows\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory [0x91628880]
SSDT 87C3E6D8 ZwResumeThread
SSDT 87CE8350 ZwSetContextThread
SSDT 87CE8388 ZwSetInformationProcess
SSDT 87BE1638 ZwSetInformationThread
SSDT 87BE1AF0 ZwSuspendProcess
SSDT 87CEB8E0 ZwSuspendThread
SSDT 87CE2E80 ZwTerminateProcess
SSDT 87CEB9A0 ZwTerminateThread
SSDT 87BE8E98 ZwUnmapViewOfSection
SSDT 87BD3C88 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82E91369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82ECAD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 82ED1D90 8 Bytes [30, B3, CE, 87, F0, E7, BE, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82ED1DA8 4 Bytes [C0, 8F, BF, 87]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82ED1E48 4 Bytes [60, 6E, B6, 87] {PUSHA ; OUTSB ; MOV DH, 0x87}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82ED1E84 4 Bytes [B0, 1C, BE, 87]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1203 82ED1EB8 4 Bytes [D0, 93, CC, 87]
.text ...
? System32\drivers\ghacxari.sys The system cannot find the path specified. !
? C:\windows\System32\Drivers\SafeBoot.sys The process cannot access the file because it is being used by another process.
.text peauth.sys BB636C9D 28 Bytes [55, 2F, BC, 71, E9, C7, 2B, ...]
.text peauth.sys BB636CC1 28 Bytes [55, 2F, BC, 71, E9, C7, 2B, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2064] USER32.dll!EnableWindow 76228D02 5 Bytes JMP 68459A14 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2064] USER32.dll!DialogBoxParamW 76243B9B 5 Bytes JMP 683B170B C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2064] USER32.dll!DialogBoxIndirectParamW 76253B7F 5 Bytes JMP 685A62BE C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2064] USER32.dll!DialogBoxParamA 7626CF42 5 Bytes JMP 685A6259 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2064] USER32.dll!DialogBoxIndirectParamA 7626D274 5 Bytes JMP 685A6323 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2064] USER32.dll!MessageBoxIndirectA 7627E869 5 Bytes JMP 685A61E0 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2064] USER32.dll!MessageBoxIndirectW 7627E963 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[2064] USER32.dll!MessageBoxIndirectW 7627E963 5 Bytes JMP 685A6167 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2064] USER32.dll!MessageBoxExA 7627E9C9 5 Bytes JMP 685A6103 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2064] USER32.dll!MessageBoxExW 7627E9ED 5 Bytes JMP 685A609F C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] kernel32.dll!CreateThread 771DDCC2 5 Bytes JMP 68417303 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!EnableWindow 76228D02 5 Bytes JMP 68459A14 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!CallNextHookEx 7622ABE1 5 Bytes JMP 68477BB7 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 6849EB74 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!DefWindowProcA 7622BB1C 7 Bytes JMP 6841952D C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!CreateWindowExA 7622BF40 5 Bytes JMP 68423363 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 68452194 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!CreateWindowExW 7622EC7C 5 Bytes JMP 6847FF8F C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!DefWindowProcW 7623507D 7 Bytes JMP 68477C1A C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!DialogBoxParamW 76243B9B 5 Bytes JMP 683B170B C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!DialogBoxIndirectParamW 76253B7F 5 Bytes JMP 685A62BE C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!DialogBoxParamA 7626CF42 5 Bytes JMP 685A6259 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!DialogBoxIndirectParamA 7626D274 5 Bytes JMP 685A6323 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!MessageBoxIndirectA 7627E869 5 Bytes JMP 685A61E0 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!MessageBoxIndirectW 7627E963 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!MessageBoxIndirectW 7627E963 5 Bytes JMP 685A6167 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!MessageBoxExA 7627E9C9 5 Bytes JMP 685A6103 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] USER32.dll!MessageBoxExW 7627E9ED 5 Bytes JMP 685A609F C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] ole32.dll!OleLoadFromStream 77766143 5 Bytes JMP 685A6A8C C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] WININET.dll!InternetCloseHandle 7601B7C4 5 Bytes JMP 736843D0 c:\progra~1\mcafee\sitead~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] WININET.dll!InternetReadFile 7601EA3A 5 Bytes JMP 736844F0 c:\progra~1\mcafee\sitead~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] WININET.dll!InternetConnectA 76045556 5 Bytes JMP 73684790 c:\progra~1\mcafee\sitead~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2304] WININET.dll!HttpOpenRequestA 76045639 5 Bytes JMP 73684690 c:\progra~1\mcafee\sitead~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] kernel32.dll!CreateThread 771DDCC2 5 Bytes JMP 68417303 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!EnableWindow 76228D02 5 Bytes JMP 68459A14 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!CallNextHookEx 7622ABE1 5 Bytes JMP 68477BB7 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 6849EB74 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!DefWindowProcA 7622BB1C 7 Bytes JMP 6841952D C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!CreateWindowExA 7622BF40 5 Bytes JMP 68423363 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 68452194 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!CreateWindowExW 7622EC7C 5 Bytes JMP 6847FF8F C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!DefWindowProcW 7623507D 7 Bytes JMP 68477C1A C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!DialogBoxParamW 76243B9B 5 Bytes JMP 683B170B C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!DialogBoxIndirectParamW 76253B7F 5 Bytes JMP 685A62BE C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!DialogBoxParamA 7626CF42 5 Bytes JMP 685A6259 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!DialogBoxIndirectParamA 7626D274 5 Bytes JMP 685A6323 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!MessageBoxIndirectA 7627E869 5 Bytes JMP 685A61E0 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!MessageBoxIndirectW 7627E963 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!MessageBoxIndirectW 7627E963 5 Bytes JMP 685A6167 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!MessageBoxExA 7627E9C9 5 Bytes JMP 685A6103 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] USER32.dll!MessageBoxExW 7627E9ED 5 Bytes JMP 685A609F C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] ole32.dll!OleLoadFromStream 77766143 5 Bytes JMP 685A6A8C C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] WININET.dll!InternetCloseHandle 7601B7C4 5 Bytes JMP 736843D0 c:\progra~1\mcafee\sitead~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] WININET.dll!InternetReadFile 7601EA3A 5 Bytes JMP 736844F0 c:\progra~1\mcafee\sitead~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] WININET.dll!InternetConnectA 76045556 5 Bytes JMP 73684790 c:\progra~1\mcafee\sitead~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3812] WININET.dll!HttpOpenRequestA 76045639 5 Bytes JMP 73684690 c:\progra~1\mcafee\sitead~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6000] kernel32.dll!CreateThread 771DDCC2 5 Bytes JMP 68417303 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6000] USER32.dll!EnableWindow 76228D02 5 Bytes JMP 68459A14 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6000] USER32.dll!CallNextHookEx 7622ABE1 5 Bytes JMP 68477BB7 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6000] USER32.dll!UnhookWindowsHookEx 7622ADF9 5 Bytes JMP 6849EB74 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6000] USER32.dll!DefWindowProcA 7622BB1C 7 Bytes JMP 6841952D C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6000] USER32.dll!CreateWindowExA 7622BF40 5 Bytes JMP 68423363 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6000] USER32.dll!SetWindowsHookExW 7622E30C 5 Bytes JMP 68452194 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6000] USER32.dll!CreateWindowExW 7622EC7C 5 Bytes JMP 6847FF8F C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6000] USER32.dll!DefWindowProcW 7623507D 7 Bytes JMP 68477C1A C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6000] USER32.dll!DialogBoxParamW 76243B9B 5 Bytes JMP 683B170B C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6000] USER32.dll!DialogBoxIndirectParamW 76253B7F 5 Bytes JMP 685A62BE C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6000] USER32.dll!DialogBoxParamA 7626CF42 5 Bytes JMP 685A6259 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6000] USER32.dll!DialogBoxIndirectParamA 7626D274 5 Bytes JMP 685A6323 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6000] USER32.dll!MessageBoxIndirectA 7627E869 5 Bytes JMP 685A61E0 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6000] USER32.dll!MessageBoxIndirectW 7627E963 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[6000] USER32.dll!MessageBoxIndirectW 7627E963 5 Bytes JMP 685A6167 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6000] USER32.dll!MessageBoxExA 7627E9C9 5 Bytes JMP 685A6103 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6000] USER32.dll!MessageBoxExW 7627E9ED 5 Bytes JMP 685A609F C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6000] ole32.dll!OleLoadFromStream 77766143 5 Bytes JMP 685A6A8C C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6000] WININET.dll!InternetCloseHandle 7601B7C4 5 Bytes JMP 736843D0 c:\progra~1\mcafee\sitead~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6000] WININET.dll!InternetReadFile 7601EA3A 5 Bytes JMP 736844F0 c:\progra~1\mcafee\sitead~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6000] WININET.dll!InternetConnectA 76045556 5 Bytes JMP 73684790 c:\progra~1\mcafee\sitead~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[6000] WININET.dll!HttpOpenRequestA 76045639 5 Bytes JMP 73684690 c:\progra~1\mcafee\sitead~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\windows\system32\rundll32.exe[2888] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\windows\system32\rundll32.exe[2888] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\windows\system32\rundll32.exe[2888] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\windows\system32\rundll32.exe[2888] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2920] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2920] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2920] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2920] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2920] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2920] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe[2920] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75B2FFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\000000d0 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\000000d2 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\ACPI_HAL \Device\00000098 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a823829c8
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a823829c8 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

WIll post the DDS log in the next post.

Hope i can get this removed

Thanks for your help
 
Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by bbailey at 12:38:31 on 2012-01-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2991.1484 [GMT 9:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
c:\Program Files\Hewlett-Packard\HP FastLook\HPDayStarterService.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
C:\windows\system32\conhost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k bthsvcs
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
C:\windows\system32\conhost.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
C:\windows\system32\conhost.exe
C:\windows\system32\taskhost.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\Scrybe\scrybe.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ninemsn.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: HP ProtectTools Security Manager Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\hewlett-packard\hp protecttools security manager\bin\DpOtsPluginIe8.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SystemBootNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS] c:\users\bbailey\userprofile\SystemBoot.lnk
uRun: [RegWriteNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS] c:\users\bbailey\softrecovery\RegWrite.lnk
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HPPowerAssistant] c:\program files\hewlett-packard\hp power assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp power assistant\HPPA_Main.exe /hidden
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\scrybe.lnk - c:\windows\installer\{147dfad8-34c3-4de1-9fca-acefde9ef810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 3 (0x3)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
DPF: {4E1318B0-53F0-4274-99FB-F5621625340D} - hxxp://rdnariw2k302/installOperaPrintCtrl.exe
DPF: {64D01C7F-810D-446E-A07E-16C764235644} - hxxp://zone.msn.com/bingame/amad/default/atomaders.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DAAC8ECF-DB09-4821-8126-E2C9499A20BA} - hxxp://rdnariw2k302/installregterm.exe
TCP: DhcpNameServer = 4.2.2.1
TCP: Interfaces\{888A9A23-66C1-4CA7-A1F1-594ABA3CD94D}\241696C65697 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F839DFF8-444A-4499-9279-19F3E7C857C4} : DhcpNameServer = 4.2.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = DPPassFilter scecli
.
============= SERVICES / DRIVERS ===============
.
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2009-11-12 51800]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2009-11-12 13256]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl4fd6ae79;MpKsl4fd6ae79;c:\programdata\microsoft\microsoft antimalware\definition updates\{8ee70109-a304-411b-9d31-b0513d466f96}\MpKsl4fd6ae79.sys [2012-1-7 29904]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2009-11-12 40088]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\hewlett-packard\hp power assistant\HPPA_Service.exe [2011-8-17 133176]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\2009 password filter for hp protecttools\PTChangeFilterService.exe [2010-10-19 32768]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2011-6-21 85560]
R2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files\hewlett-packard\hp skyroom\Hp.Skyroom.Windows.Service.exe [2009-11-21 124984]
R2 HPDayStarterService;HP DayStarter Service;c:\program files\hewlett-packard\hp fastlook\HPDayStarterService.exe [2010-7-13 95800]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-7-5 227384]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2009-11-12 277096]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-3-15 26168]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-1-6 94880]
R2 rgsender;Remote Graphics Sender Service;c:\program files\hewlett-packard\hp skyroom\remote graphics sender\rgsendersvc.exe [2011-1-3 379904]
R2 ScrybeUpdater;Scrybe Updater;c:\program files\synaptics\scrybe\service\ScrybeUpdater.exe [2011-5-27 1300264]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-4-21 2477304]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-1-3 2320920]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-1-3 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-9-15 228408]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-5-27 224424]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-8 106104]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-27 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-2-4 232960]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-12-29 7435264]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2010-9-15 49152]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-15 136176]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-9-15 48640]
S2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-9-15 47616]
S2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-9-15 38912]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-10-22 1639728]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-15 136176]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2011-5-27 6758912]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-11-24 52224]
.
=============== Created Last 30 ================
.
2012-01-07 02:33:15 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8ee70109-a304-411b-9d31-b0513d466f96}\MpKsl4fd6ae79.sys
2012-01-07 02:33:07 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8ee70109-a304-411b-9d31-b0513d466f96}\offreg.dll
2012-01-07 02:33:00 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8ee70109-a304-411b-9d31-b0513d466f96}\mpengine.dll
2012-01-07 00:25:58 -------- d-----w- c:\program files\ESET
2012-01-06 23:50:02 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-06 23:50:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-06 23:33:47 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-06 21:59:03 -------- d-----w- c:\users\bbailey\appdata\roaming\SUPERAntiSpyware.com
2012-01-06 21:58:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-06 21:58:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-06 21:21:55 703824 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1ce3a957-3bfd-460b-b4f1-11e9c2dbca6d}\gapaengine.dll
2012-01-06 21:20:55 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-06 14:24:08 -------- d-----w- c:\program files\iPod
2012-01-06 14:24:07 -------- d-----w- c:\program files\iTunes
2012-01-06 14:20:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-01-06 14:20:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-01-06 14:20:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-01-06 14:20:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-01-06 14:20:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-01-06 14:20:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-01-06 14:20:47 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-01-06 09:28:18 -------- d-----w- c:\programdata\AVAST Software
2012-01-06 09:28:18 -------- d-----w- c:\program files\AVAST Software
2012-01-05 23:47:14 -------- d-----w- c:\users\bbailey\appdata\roaming\GlarySoft
2012-01-05 23:32:20 -------- d-----w- c:\windows\pss
2012-01-05 23:06:52 -------- d-----w- c:\program files\WinASO
2012-01-05 21:56:10 -------- d-----w- c:\program files\common files\McAfee
2012-01-05 21:56:05 -------- d-----w- c:\program files\McAfee
2012-01-05 19:56:33 -------- d-----w- c:\users\bbailey\appdata\local\Apps
2012-01-05 13:15:46 -------- d-----w- C:\HP_RECOVERY_mountHPSF
2012-01-05 04:30:31 -------- d-----w- C:\a4a5b20479313b238579215fc2
2012-01-02 23:43:29 -------- d-----w- c:\program files\PC Tools Security
2012-01-02 23:41:32 -------- d-----w- c:\programdata\PC Tools
2012-01-02 03:59:38 -------- d-----w- c:\users\bbailey\appdata\roaming\IObit
2012-01-02 03:59:33 -------- d-----w- c:\program files\IObit
2012-01-02 03:35:01 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-01-02 03:34:52 -------- d-----w- c:\program files\SpywareBlaster
2012-01-02 01:55:44 -------- d-----w- c:\users\bbailey\appdata\roaming\Malwarebytes
2012-01-02 01:55:35 -------- d-----w- c:\programdata\Malwarebytes
2011-12-31 09:36:11 -------- d-----w- c:\users\bbailey\appdata\roaming\Synaptics
2011-12-30 23:39:52 -------- d-----w- c:\users\bbailey\appdata\local\PokerStars
2011-12-30 23:38:09 -------- d-----w- c:\program files\PokerStars
2011-12-30 23:02:37 -------- d-----w- c:\programdata\Synaptics
2011-12-30 23:02:28 218408 ----a-w- c:\windows\system32\SynCtrl.dll
2011-12-30 23:02:27 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-12-30 23:02:27 1335472 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-12-30 23:02:27 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
2011-12-29 03:50:18 -------- d-----w- c:\users\bbailey\appdata\local\Roxio
2011-12-28 20:05:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-28 20:05:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-28 19:41:26 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-12-28 19:37:44 -------- d-----w- c:\program files\Panicware
2011-12-28 19:19:05 5943120 ------w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-12-28 19:18:59 6823496 ------w- c:\programdata\microsoft\windows defender\definition updates\{4a3e672d-babd-445d-b812-5178a4ef8919}\mpengine.dll
2011-12-28 19:18:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-28 16:24:22 -------- d-----w- c:\users\bbailey\appdata\local\Downloaded Installations
2011-12-28 16:22:00 -------- d-----w- c:\program files\common files\Portrait Displays
2011-12-28 16:21:09 -------- d-----w- c:\users\bbailey\appdata\roaming\Hewlett-Packard Company
2011-12-28 16:18:37 7435264 ----a-w- c:\windows\system32\drivers\NETwNs32.sys
2011-12-28 16:18:36 684032 ----a-w- c:\windows\system32\NETwNc32.dll
2011-12-28 16:18:36 2760704 ----a-w- c:\windows\system32\NETwNr32.dll
2011-12-28 16:17:03 -------- d-----w- c:\programdata\Uninstall
2011-12-28 14:31:05 -------- d-----w- c:\users\bbailey\appdata\local\ElevatedDiagnostics
2011-12-27 23:23:04 -------- d-----w- c:\users\bbailey\appdata\roaming\SumatraPDF
2011-12-27 23:22:49 -------- d-----w- c:\users\bbailey\appdata\roaming\Babylon
2011-12-27 23:22:49 -------- d-----w- c:\users\bbailey\appdata\local\Babylon
2011-12-27 23:22:49 -------- d-----w- c:\programdata\Babylon
2011-12-27 23:04:58 -------- d--h--w- c:\users\bbailey\UserProfile
2011-12-27 23:04:58 -------- d--h--w- c:\users\bbailey\SoftRecovery
2011-12-15 06:11:44 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 06:10:06 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 06:08:28 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 06:08:28 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
.
==================== Find3M ====================
.
2011-12-05 03:07:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-24 09:28:44 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-11-16 13:32:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-26 04:28:12 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 05:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 05:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD25 rev.03.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x82C3D000]<< >>UNKNOWN [0x8BA66000]<< >>UNKNOWN [0x8C7BE000]<< >>UNKNOWN [0x8C783000]<< >>UNKNOWN [0x82C06000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x82C7452A] -> \Device\Harddisk0\DR0[0x877EB030]
\Driver\Disk[0x877E9A30] -> IRP_MJ_CREATE -> 0x8BA6A39F
3 [0x8BA6A59E] -> ntkrnlpa!IofCallDriver[0x82C7452A] -> [0x877EAC48]
\Driver\hpdskflt[0x8779BAB8] -> IRP_MJ_CREATE -> 0x8C785056
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 12:39:47.60 ===============
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

I still need Attach.txt part of DDS.

You're running two AV programs, MSE and Norton.
One of them has to go.
If Norton use this tool to uninstall it: https://www-secure.symantec.com/nor...&version=1&pvid=f-home&entsrc=redirect_pubweb

Then.....

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Thank you very much for your help

Here's the attach.txt info:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/25/2011 12:58:44 PM
System Uptime: 1/7/2012 11:19:00 AM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 172A
Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz | CPU 1 | 2400/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 216 GiB total, 161.154 GiB free.
F: is FIXED (FAT32) - 2 GiB total, 1.535 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl3dcb8ff4
Device ID: ROOT\LEGACY_MPKSL3DCB8FF4\0000
Manufacturer:
Name: MpKsl3dcb8ff4
PNP Device ID: ROOT\LEGACY_MPKSL3DCB8FF4\0000
Service: MpKsl3dcb8ff4
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl5fad6417
Device ID: ROOT\LEGACY_MPKSL5FAD6417\0000
Manufacturer:
Name: MpKsl5fad6417
PNP Device ID: ROOT\LEGACY_MPKSL5FAD6417\0000
Service: MpKsl5fad6417
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsleba0c0bf
Device ID: ROOT\LEGACY_MPKSLEBA0C0BF\0000
Manufacturer:
Name: MpKsleba0c0bf
PNP Device ID: ROOT\LEGACY_MPKSLEBA0C0BF\0000
Service: MpKsleba0c0bf
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsledfc84ef
Device ID: ROOT\LEGACY_MPKSLEDFC84EF\0000
Manufacturer:
Name: MpKsledfc84ef
PNP Device ID: ROOT\LEGACY_MPKSLEDFC84EF\0000
Service: MpKsledfc84ef
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsleee50011
Device ID: ROOT\LEGACY_MPKSLEEE50011\0000
Manufacturer:
Name: MpKsleee50011
PNP Device ID: ROOT\LEGACY_MPKSLEEE50011\0000
Service: MpKsleee50011
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslf6bcd812
Device ID: ROOT\LEGACY_MPKSLF6BCD812\0000
Manufacturer:
Name: MpKslf6bcd812
PNP Device ID: ROOT\LEGACY_MPKSLF6BCD812\0000
Service: MpKslf6bcd812
.
==== System Restore Points ===================
.
RP108: 1/7/2012 11:16:30 AM - ComboFix created restore point
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.7
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Drive Encryption for HP ProtectTools
Google Toolbar for Internet Explorer
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.1.0
HP 3D DriveGuard
HP Business Card Reader
HP Customer Experience Enhancements
HP Documentation
HP ESU for Microsoft Windows 7
HP FastLook
HP Integrated Module with Bluetooth wireless technology
HP Power Assistant
HP Power Data
HP ProtectTools Security Manager
HP Quick Launch Buttons
HP QuickWeb
HP Setup
HP SkyRoom
HP SoftPaq Download Manager
HP Software Framework
HP Software Setup
HP Wallpaper
HP Web Camera
HP Webcam
HP Webcam Driver
iCloud
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Network Connections Drivers
Intel® Matrix Storage Manager
iTunes
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 29
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.60.0.1800
McAfee SiteAdvisor
Micros Fidelio Opera Print Control
Micros Fidelio Opera Print Utility
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Antimalware
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Standard 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MobileMe Control Panel
Opera JinitCheck Control
Opera Register Terminal
Oracle JInitiator 1.3.1.25
PokerStars
Pre-Boot Security for HP ProtectTools
QLBCASL
QuickTime
Remote Graphics Receiver
Remote Graphics Sender
RICOH Media Driver
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
SUPERAntiSpyware
Symantec Endpoint Protection
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
Synaptics Pointing Device Driver
Theft Recovery
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Validity Fingerprint Driver
Windows 7 Default Setting
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
WinRAR 4.01 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
12/31/2011 9:22:18 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/31/2011 8:02:40 AM, Error: Service Control Manager [7030] - The Scrybe Updater service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/31/2011 6:45:27 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/31/2011 6:34:50 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/7/2012 8:58:40 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/7/2012 8:58:40 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/7/2012 8:58:40 AM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
1/7/2012 8:58:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
1/7/2012 8:33:20 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
1/7/2012 8:33:08 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/7/2012 8:28:48 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/7/2012 8:22:26 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/7/2012 11:22:30 AM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
1/7/2012 11:20:48 AM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
1/7/2012 11:19:52 AM, Error: Service Control Manager [7000] - The rixdpcie service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/7/2012 11:19:52 AM, Error: Service Control Manager [7000] - The risdpcie service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/7/2012 11:19:52 AM, Error: Service Control Manager [7000] - The rimsptsk service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/7/2012 11:19:52 AM, Error: Service Control Manager [7000] - The rimspci service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/7/2012 11:19:52 AM, Error: Service Control Manager [7000] - The Ricoh xD-Picture Card Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/7/2012 11:19:48 AM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
1/7/2012 11:19:45 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain RADISSON due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
1/7/2012 11:15:20 AM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
1/6/2012 8:58:49 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user RADISSON\bbailey SID (S-1-5-21-4127392227-4110423628-1724150597-1392) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/5/2012 4:59:18 PM, Error: Microsoft-Windows-GroupPolicy [1058] - The processing of Group Policy failed. Windows attempted to read the file \\radisson.local\SysVol\radisson.local\Policies\{80A37EFF-E9D9-406D-9755-A14211868943}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled.
1/5/2012 12:17:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
1/5/2012 1:56:16 PM, Error: Service Control Manager [7034] - The HP Wireless Assistant Service service terminated unexpectedly. It has done this 1 time(s).
1/5/2012 1:37:04 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/5/2012 1:36:57 PM, Error: Service Control Manager [7024] - The Remote Graphics Sender Service service terminated with service-specific error Incorrect function..
1/5/2012 1:35:53 PM, Error: volsnap [20] - The shadow copies of volume C: were aborted because of a failed free space computation.
1/5/2012 1:17:06 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/4/2012 12:35:33 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/4/2012 12:16:18 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/4/2012 11:23:34 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/4/2012 11:08:20 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/3/2012 8:52:34 AM, Error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
1/3/2012 8:52:06 AM, Error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
1/3/2012 8:52:06 AM, Error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
1/3/2012 12:05:55 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/2/2012 6:51:51 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/2/2012 12:00:44 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/2/2012 10:15:34 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
1/2/2012 1:10:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================
 
I also uninstalled MSE

Here's the TDSSKILLER log:

07:49:15.0970 12084 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
07:49:16.0000 12084 ============================================================
07:49:16.0000 12084 Current date / time: 2012/01/10 07:49:16.0000
07:49:16.0000 12084 SystemInfo:
07:49:16.0000 12084
07:49:16.0000 12084 OS Version: 6.1.7601 ServicePack: 1.0
07:49:16.0000 12084 Product type: Workstation
07:49:16.0000 12084 ComputerName: RN-LT1
07:49:16.0001 12084 UserName: bbailey
07:49:16.0001 12084 Windows directory: C:\windows
07:49:16.0001 12084 System windows directory: C:\windows
07:49:16.0001 12084 Processor architecture: Intel x86
07:49:16.0001 12084 Number of processors: 4
07:49:16.0001 12084 Page size: 0x1000
07:49:16.0001 12084 Boot type: Normal boot
07:49:16.0001 12084 ============================================================
07:49:17.0135 12084 Initialize success
07:49:21.0919 10908 ============================================================
07:49:21.0919 10908 Scan started
07:49:21.0919 10908 Mode: Manual;
07:49:21.0919 10908 ============================================================
07:49:24.0354 10908 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
07:49:24.0356 10908 1394ohci - ok
07:49:24.0496 10908 Accelerometer (10dd847c196782b0a5f05f6cdd91872e) C:\windows\system32\DRIVERS\Accelerometer.sys
07:49:24.0498 10908 Accelerometer - ok
07:49:24.0614 10908 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
07:49:24.0618 10908 ACPI - ok
07:49:24.0737 10908 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
07:49:24.0738 10908 AcpiPmi - ok
07:49:24.0842 10908 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
07:49:24.0848 10908 adp94xx - ok
07:49:24.0960 10908 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
07:49:24.0966 10908 adpahci - ok
07:49:25.0070 10908 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
07:49:25.0072 10908 adpu320 - ok
07:49:25.0220 10908 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
07:49:25.0224 10908 AFD - ok
07:49:25.0370 10908 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\windows\system32\DRIVERS\AGRSM.sys
07:49:25.0395 10908 AgereSoftModem - ok
07:49:25.0465 10908 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
07:49:25.0467 10908 agp440 - ok
07:49:25.0495 10908 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
07:49:25.0497 10908 aic78xx - ok
07:49:25.0521 10908 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
07:49:25.0522 10908 aliide - ok
07:49:25.0540 10908 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
07:49:25.0542 10908 amdagp - ok
07:49:25.0590 10908 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
07:49:25.0591 10908 amdide - ok
07:49:25.0635 10908 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
07:49:25.0637 10908 AmdK8 - ok
07:49:25.0661 10908 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
07:49:25.0663 10908 AmdPPM - ok
07:49:25.0694 10908 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
07:49:25.0696 10908 amdsata - ok
07:49:25.0717 10908 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
07:49:25.0720 10908 amdsbs - ok
07:49:25.0776 10908 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
07:49:25.0777 10908 amdxata - ok
07:49:25.0819 10908 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
07:49:25.0820 10908 AppID - ok
07:49:25.0873 10908 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
07:49:25.0874 10908 arc - ok
07:49:25.0895 10908 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
07:49:25.0897 10908 arcsas - ok
07:49:25.0967 10908 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
07:49:25.0968 10908 AsyncMac - ok
07:49:25.0994 10908 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
07:49:25.0994 10908 atapi - ok
07:49:26.0069 10908 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
07:49:26.0076 10908 b06bdrv - ok
07:49:26.0514 10908 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
07:49:26.0518 10908 b57nd60x - ok
07:49:26.0699 10908 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
07:49:26.0700 10908 Beep - ok
07:49:26.0764 10908 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
07:49:26.0766 10908 blbdrive - ok
07:49:26.0804 10908 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
07:49:26.0806 10908 bowser - ok
07:49:26.0826 10908 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
07:49:26.0827 10908 BrFiltLo - ok
07:49:26.0842 10908 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
07:49:26.0844 10908 BrFiltUp - ok
07:49:26.0908 10908 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
07:49:26.0910 10908 BridgeMP - ok
07:49:26.0956 10908 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
07:49:26.0961 10908 Brserid - ok
07:49:26.0987 10908 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
07:49:26.0988 10908 BrSerWdm - ok
07:49:27.0007 10908 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
07:49:27.0014 10908 BrUsbMdm - ok
07:49:27.0027 10908 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
07:49:27.0029 10908 BrUsbSer - ok
07:49:27.0056 10908 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
07:49:27.0057 10908 BthEnum - ok
07:49:27.0071 10908 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
07:49:27.0073 10908 BTHMODEM - ok
07:49:27.0092 10908 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
07:49:27.0094 10908 BthPan - ok
07:49:27.0130 10908 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
07:49:27.0135 10908 BTHPORT - ok
07:49:27.0157 10908 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
07:49:27.0158 10908 BTHUSB - ok
07:49:27.0179 10908 btwaudio (ce5833c144ca6623bcbde93b188aa850) C:\windows\system32\drivers\btwaudio.sys
07:49:27.0180 10908 btwaudio - ok
07:49:27.0200 10908 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\windows\system32\DRIVERS\btwavdt.sys
07:49:27.0200 10908 btwavdt - ok
07:49:27.0226 10908 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
07:49:27.0227 10908 btwl2cap - ok
07:49:27.0247 10908 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\windows\system32\DRIVERS\btwrchid.sys
07:49:27.0247 10908 btwrchid - ok
07:49:27.0283 10908 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
07:49:27.0285 10908 cdfs - ok
07:49:27.0313 10908 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
07:49:27.0315 10908 cdrom - ok
07:49:27.0333 10908 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
07:49:27.0335 10908 circlass - ok
07:49:27.0372 10908 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
07:49:27.0376 10908 CLFS - ok
07:49:27.0407 10908 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
07:49:27.0408 10908 CmBatt - ok
07:49:27.0443 10908 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
07:49:27.0444 10908 cmdide - ok
07:49:27.0472 10908 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
07:49:27.0477 10908 CNG - ok
07:49:27.0491 10908 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
07:49:27.0491 10908 Compbatt - ok
07:49:27.0555 10908 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
07:49:27.0557 10908 CompositeBus - ok
07:49:27.0582 10908 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
07:49:27.0584 10908 crcdisk - ok
07:49:27.0646 10908 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\windows\system32\drivers\csc.sys
07:49:27.0652 10908 CSC - ok
07:49:27.0706 10908 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
07:49:27.0707 10908 DfsC - ok
07:49:27.0736 10908 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
07:49:27.0737 10908 discache - ok
07:49:27.0758 10908 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
07:49:27.0759 10908 Disk - ok
07:49:27.0792 10908 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
07:49:27.0801 10908 drmkaud - ok
07:49:27.0845 10908 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
07:49:27.0857 10908 DXGKrnl - ok
07:49:27.0886 10908 e1kexpress (19e30c3c80d8ce29944b3f30ff9c8b76) C:\windows\system32\DRIVERS\e1k6232.sys
07:49:27.0890 10908 e1kexpress - ok
07:49:27.0985 10908 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
07:49:28.0063 10908 ebdrv - ok
07:49:28.0172 10908 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
07:49:28.0177 10908 eeCtrl - ok
07:49:28.0215 10908 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
07:49:28.0221 10908 elxstor - ok
07:49:28.0248 10908 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
07:49:28.0250 10908 EraserUtilRebootDrv - ok
07:49:28.0283 10908 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
07:49:28.0284 10908 ErrDev - ok
07:49:28.0356 10908 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
07:49:28.0370 10908 exfat - ok
07:49:28.0399 10908 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
07:49:28.0401 10908 fastfat - ok
07:49:28.0422 10908 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
07:49:28.0423 10908 fdc - ok
07:49:28.0448 10908 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
07:49:28.0450 10908 FileInfo - ok
07:49:28.0466 10908 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
07:49:28.0468 10908 Filetrace - ok
07:49:28.0484 10908 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
07:49:28.0485 10908 flpydisk - ok
07:49:28.0505 10908 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
07:49:28.0507 10908 FltMgr - ok
07:49:28.0539 10908 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
07:49:28.0540 10908 FsDepends - ok
07:49:28.0569 10908 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
07:49:28.0569 10908 Fs_Rec - ok
07:49:28.0611 10908 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
07:49:28.0614 10908 fvevol - ok
07:49:28.0631 10908 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
07:49:28.0633 10908 gagp30kx - ok
07:49:28.0656 10908 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
07:49:28.0657 10908 GEARAspiWDM - ok
07:49:28.0689 10908 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
07:49:28.0690 10908 hcw85cir - ok
07:49:28.0729 10908 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
07:49:28.0734 10908 HdAudAddService - ok
07:49:28.0764 10908 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
07:49:28.0767 10908 HDAudBus - ok
07:49:28.0788 10908 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys
07:49:28.0790 10908 HECI - ok
07:49:28.0832 10908 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
07:49:28.0842 10908 HidBatt - ok
07:49:28.0868 10908 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
07:49:28.0869 10908 HidBth - ok
07:49:28.0902 10908 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
07:49:28.0903 10908 HidIr - ok
07:49:28.0936 10908 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
07:49:28.0938 10908 HidUsb - ok
07:49:28.0999 10908 hpdskflt (ba57cfd48e79da9cbcd708ef98683da6) C:\windows\system32\DRIVERS\hpdskflt.sys
07:49:29.0000 10908 hpdskflt - ok
07:49:29.0034 10908 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
07:49:29.0035 10908 HpqKbFiltr - ok
07:49:29.0059 10908 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
07:49:29.0061 10908 HpSAMD - ok
07:49:29.0098 10908 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
07:49:29.0103 10908 HTTP - ok
07:49:29.0125 10908 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
07:49:29.0126 10908 hwpolicy - ok
07:49:29.0157 10908 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
07:49:29.0158 10908 i8042prt - ok
07:49:29.0199 10908 iaStor (592a0b130ff567a1725f96ad1510d551) C:\windows\system32\DRIVERS\iaStor.sys
07:49:29.0201 10908 iaStor - ok
07:49:29.0235 10908 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
07:49:29.0239 10908 iaStorV - ok
07:49:29.0429 10908 igfx (8e9da2e49347af49901526dcd4d0f397) C:\windows\system32\DRIVERS\igdkmd32.sys
07:49:29.0605 10908 igfx - ok
07:49:29.0636 10908 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
07:49:29.0637 10908 iirsp - ok
07:49:29.0656 10908 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\windows\system32\DRIVERS\Impcd.sys
07:49:29.0658 10908 Impcd - ok
07:49:29.0682 10908 IntcDAud (bf31740828a26ab451803e3b35432651) C:\windows\system32\DRIVERS\IntcDAud.sys
07:49:29.0684 10908 IntcDAud - ok
07:49:29.0700 10908 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
07:49:29.0701 10908 intelide - ok
07:49:29.0717 10908 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
07:49:29.0718 10908 intelppm - ok
07:49:29.0746 10908 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
07:49:29.0748 10908 IpFilterDriver - ok
07:49:29.0781 10908 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
07:49:29.0783 10908 IPMIDRV - ok
07:49:29.0795 10908 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
07:49:29.0796 10908 IPNAT - ok
07:49:29.0866 10908 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
07:49:29.0867 10908 IRENUM - ok
07:49:29.0897 10908 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
07:49:29.0898 10908 isapnp - ok
07:49:29.0937 10908 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
07:49:29.0941 10908 iScsiPrt - ok
07:49:29.0976 10908 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
07:49:29.0977 10908 kbdclass - ok
07:49:30.0012 10908 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
07:49:30.0014 10908 kbdhid - ok
07:49:30.0058 10908 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
07:49:30.0060 10908 KSecDD - ok
07:49:30.0094 10908 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
07:49:30.0097 10908 KSecPkg - ok
07:49:30.0148 10908 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
07:49:30.0150 10908 lltdio - ok
07:49:30.0195 10908 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
07:49:30.0197 10908 LSI_FC - ok
07:49:30.0248 10908 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
07:49:30.0250 10908 LSI_SAS - ok
07:49:30.0273 10908 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
07:49:30.0274 10908 LSI_SAS2 - ok
07:49:30.0311 10908 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
07:49:30.0313 10908 LSI_SCSI - ok
07:49:30.0367 10908 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
07:49:30.0370 10908 luafv - ok
07:49:30.0428 10908 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\windows\system32\drivers\mbam.sys
07:49:30.0429 10908 MBAMProtector - ok
07:49:30.0497 10908 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
07:49:30.0498 10908 megasas - ok
07:49:30.0551 10908 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
07:49:30.0555 10908 MegaSR - ok
07:49:30.0605 10908 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
07:49:30.0606 10908 Modem - ok
07:49:30.0620 10908 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
07:49:30.0621 10908 monitor - ok
07:49:30.0659 10908 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
07:49:30.0660 10908 mouclass - ok
07:49:30.0678 10908 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
07:49:30.0680 10908 mouhid - ok
07:49:30.0742 10908 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
07:49:30.0743 10908 mountmgr - ok
07:49:30.0775 10908 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
07:49:30.0776 10908 mpio - ok
07:49:30.0855 10908 MpKsl3170edb2 - ok
07:49:30.0862 10908 MpKsl32e3c7cb - ok
07:49:30.0869 10908 MpKsl3dcb8ff4 - ok
07:49:30.0876 10908 MpKsl5fad6417 - ok
07:49:30.0899 10908 MpKsl6a02d7a0 - ok
07:49:30.0916 10908 MpKslb37c8f55 - ok
07:49:30.0927 10908 MpKsleba0c0bf - ok
07:49:30.0931 10908 MpKsledfc84ef - ok
07:49:30.0935 10908 MpKsleee50011 - ok
07:49:30.0939 10908 MpKslf6bcd812 - ok
07:49:30.0980 10908 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
07:49:30.0981 10908 mpsdrv - ok
07:49:31.0048 10908 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
07:49:31.0050 10908 MRxDAV - ok
07:49:31.0081 10908 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
07:49:31.0084 10908 mrxsmb - ok
07:49:31.0115 10908 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
07:49:31.0117 10908 mrxsmb10 - ok
07:49:31.0140 10908 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
07:49:31.0143 10908 mrxsmb20 - ok
07:49:31.0159 10908 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
07:49:31.0160 10908 msahci - ok
07:49:31.0182 10908 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
07:49:31.0184 10908 msdsm - ok
07:49:31.0211 10908 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
07:49:31.0212 10908 Msfs - ok
07:49:31.0230 10908 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
07:49:31.0236 10908 mshidkmdf - ok
07:49:31.0258 10908 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
07:49:31.0258 10908 msisadrv - ok
07:49:31.0283 10908 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
07:49:31.0284 10908 MSKSSRV - ok
07:49:31.0306 10908 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
07:49:31.0306 10908 MSPCLOCK - ok
07:49:31.0318 10908 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
07:49:31.0319 10908 MSPQM - ok
07:49:31.0341 10908 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
07:49:31.0343 10908 MsRPC - ok
07:49:31.0363 10908 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
07:49:31.0364 10908 mssmbios - ok
07:49:31.0376 10908 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
07:49:31.0377 10908 MSTEE - ok
07:49:31.0408 10908 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
07:49:31.0408 10908 MTConfig - ok
07:49:31.0426 10908 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
07:49:31.0427 10908 Mup - ok
07:49:31.0486 10908 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
07:49:31.0489 10908 NativeWifiP - ok
07:49:31.0562 10908 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120109.002\NAVENG.SYS
07:49:31.0565 10908 NAVENG - ok
07:49:31.0608 10908 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120109.002\NAVEX15.SYS
07:49:31.0652 10908 NAVEX15 - ok
07:49:31.0707 10908 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
07:49:31.0716 10908 NDIS - ok
07:49:31.0738 10908 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
07:49:31.0739 10908 NdisCap - ok
07:49:31.0760 10908 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
07:49:31.0761 10908 NdisTapi - ok
07:49:31.0797 10908 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
07:49:31.0799 10908 Ndisuio - ok
07:49:31.0823 10908 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
07:49:31.0826 10908 NdisWan - ok
07:49:31.0868 10908 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
07:49:31.0870 10908 NDProxy - ok
07:49:31.0888 10908 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
07:49:31.0889 10908 NetBIOS - ok
07:49:31.0933 10908 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
07:49:31.0936 10908 NetBT - ok
07:49:32.0084 10908 NETw5s32 (3577b851e59da59e6d65419a057c9914) C:\windows\system32\DRIVERS\NETw5s32.sys
07:49:32.0225 10908 NETw5s32 - ok
07:49:32.0396 10908 NETwNs32 (5c531e96643a74ce8bd9ab16b6c7ead7) C:\windows\system32\DRIVERS\NETwNs32.sys
07:49:32.0549 10908 NETwNs32 - ok
07:49:32.0590 10908 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
07:49:32.0591 10908 nfrd960 - ok
07:49:32.0609 10908 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
07:49:32.0610 10908 Npfs - ok
07:49:32.0630 10908 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
07:49:32.0631 10908 nsiproxy - ok
07:49:32.0692 10908 Ntfs (a7266d82db9675afbded39695b69edac) C:\windows\system32\drivers\Ntfs.sys
07:49:32.0727 10908 Ntfs - ok
07:49:32.0757 10908 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
07:49:32.0758 10908 Null - ok
07:49:32.0785 10908 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
07:49:32.0787 10908 nvraid - ok
07:49:32.0821 10908 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
07:49:32.0823 10908 nvstor - ok
07:49:32.0852 10908 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
07:49:32.0855 10908 nv_agp - ok
07:49:32.0889 10908 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
07:49:32.0890 10908 ohci1394 - ok
07:49:32.0920 10908 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
07:49:32.0922 10908 Parport - ok
07:49:32.0969 10908 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
07:49:32.0971 10908 partmgr - ok
07:49:32.0991 10908 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
07:49:32.0992 10908 Parvdm - ok
07:49:33.0022 10908 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
07:49:33.0023 10908 pci - ok
07:49:33.0039 10908 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
07:49:33.0040 10908 pciide - ok
07:49:33.0061 10908 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
07:49:33.0062 10908 pcmcia - ok
07:49:33.0082 10908 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
07:49:33.0083 10908 pcw - ok
07:49:33.0109 10908 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
07:49:33.0114 10908 PEAUTH - ok
07:49:33.0153 10908 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
07:49:33.0155 10908 PptpMiniport - ok
07:49:33.0177 10908 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
07:49:33.0179 10908 Processor - ok
07:49:33.0198 10908 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
07:49:33.0200 10908 Psched - ok
07:49:33.0238 10908 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
07:49:33.0256 10908 ql2300 - ok
07:49:33.0279 10908 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
07:49:33.0281 10908 ql40xx - ok
07:49:33.0300 10908 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
07:49:33.0301 10908 QWAVEdrv - ok
07:49:33.0322 10908 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
07:49:33.0324 10908 RasAcd - ok
07:49:33.0348 10908 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
07:49:33.0349 10908 RasAgileVpn - ok
07:49:33.0367 10908 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
07:49:33.0369 10908 Rasl2tp - ok
07:49:33.0386 10908 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
07:49:33.0388 10908 RasPppoe - ok
07:49:33.0411 10908 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
07:49:33.0412 10908 RasSstp - ok
07:49:33.0454 10908 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
07:49:33.0457 10908 rdbss - ok
07:49:33.0469 10908 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
07:49:33.0470 10908 rdpbus - ok
07:49:33.0504 10908 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
07:49:33.0504 10908 RDPCDD - ok
07:49:33.0542 10908 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\windows\system32\drivers\rdpdr.sys
07:49:33.0546 10908 RDPDR - ok
07:49:33.0562 10908 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
07:49:33.0563 10908 RDPENCDD - ok
07:49:33.0582 10908 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
07:49:33.0583 10908 RDPREFMP - ok
07:49:33.0624 10908 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
07:49:33.0628 10908 RDPWD - ok
07:49:33.0675 10908 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
07:49:33.0679 10908 rdyboost - ok
07:49:33.0734 10908 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
07:49:33.0736 10908 RFCOMM - ok
07:49:33.0753 10908 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\windows\system32\DRIVERS\rimmptsk.sys
07:49:33.0755 10908 rimmptsk - ok
07:49:33.0767 10908 rimspci (e891f07815af88075705ef6a248711f6) C:\windows\system32\DRIVERS\rimspe86.sys
07:49:33.0768 10908 rimspci - ok
07:49:33.0785 10908 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\windows\system32\DRIVERS\rimsptsk.sys
07:49:33.0787 10908 rimsptsk - ok
07:49:33.0800 10908 risdpcie (d853d35f792a3a44726a794bf9a0bbc3) C:\windows\system32\DRIVERS\risdpe86.sys
07:49:33.0803 10908 risdpcie - ok
07:49:33.0826 10908 rismc32 (470fc46e2989f6606043c1c5365b15fd) C:\windows\system32\DRIVERS\rismc32.sys
07:49:33.0828 10908 rismc32 - ok
07:49:33.0847 10908 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\windows\system32\DRIVERS\rixdptsk.sys
07:49:33.0848 10908 rismxdp - ok
07:49:33.0870 10908 rixdpcie (6a60626412129c713cc30c81870a8095) C:\windows\system32\DRIVERS\rixdpe86.sys
07:49:33.0882 10908 rixdpcie - ok
07:49:33.0904 10908 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
07:49:33.0906 10908 rspndr - ok
07:49:33.0947 10908 RsvLock (c44ca55601f0a19a505f10bfefb66cf5) C:\windows\system32\drivers\RsvLock.sys
07:49:33.0948 10908 RsvLock - ok
07:49:33.0984 10908 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\windows\system32\drivers\vms3cap.sys
07:49:33.0986 10908 s3cap - ok
07:49:34.0019 10908 SafeBoot (906c08952889cffe83df15d53da1137c) C:\windows\system32\drivers\SafeBoot.sys
07:49:34.0019 10908 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 906c08952889cffe83df15d53da1137c
07:49:34.0020 10908 SafeBoot ( LockedFile.Multi.Generic ) - warning
07:49:34.0020 10908 SafeBoot - detected LockedFile.Multi.Generic (1)
07:49:34.0080 10908 SbAlg (1ddc99d066d4b704a63287975dec9dd4) C:\windows\system32\drivers\SbAlg.sys
07:49:34.0082 10908 SbAlg - ok
07:49:34.0105 10908 SbFsLock (120eda2066893d0246357d3551f2c6c1) C:\windows\system32\drivers\SbFsLock.sys
07:49:34.0106 10908 SbFsLock - ok
07:49:34.0137 10908 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
07:49:34.0139 10908 sbp2port - ok
07:49:34.0187 10908 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
07:49:34.0188 10908 scfilter - ok
07:49:34.0229 10908 sdbus (0328be1c7f1cba23848179f8762e391c) C:\windows\system32\drivers\sdbus.sys
07:49:34.0231 10908 sdbus - ok
07:49:34.0252 10908 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
07:49:34.0252 10908 secdrv - ok
07:49:34.0270 10908 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
07:49:34.0271 10908 Serenum - ok
07:49:34.0287 10908 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
07:49:34.0289 10908 Serial - ok
07:49:34.0317 10908 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
07:49:34.0318 10908 sermouse - ok
07:49:34.0352 10908 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
07:49:34.0353 10908 sffdisk - ok
07:49:34.0374 10908 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
07:49:34.0376 10908 sffp_mmc - ok
07:49:34.0391 10908 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
07:49:34.0392 10908 sffp_sd - ok
07:49:34.0412 10908 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
07:49:34.0413 10908 sfloppy - ok
07:49:34.0479 10908 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
07:49:34.0479 10908 sisagp - ok
07:49:34.0500 10908 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
07:49:34.0501 10908 SiSRaid2 - ok
07:49:34.0525 10908 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
07:49:34.0526 10908 SiSRaid4 - ok
07:49:34.0563 10908 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
07:49:34.0565 10908 Smb - ok
07:49:34.0639 10908 SNP2UVC (67e598beee2f301c5df348578cda08ae) C:\windows\system32\DRIVERS\snp2uvc.sys
07:49:34.0685 10908 SNP2UVC - ok
07:49:34.0776 10908 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
07:49:34.0784 10908 SPBBCDrv - ok
07:49:34.0805 10908 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
07:49:34.0806 10908 spldr - ok
07:49:34.0840 10908 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\windows\system32\Drivers\SRTSP.SYS
07:49:34.0844 10908 SRTSP - ok
07:49:34.0873 10908 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\windows\system32\Drivers\SRTSPL.SYS
07:49:34.0877 10908 SRTSPL - ok
07:49:34.0890 10908 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\windows\system32\Drivers\SRTSPX.SYS
07:49:34.0892 10908 SRTSPX - ok
07:49:34.0933 10908 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
07:49:34.0937 10908 srv - ok
07:49:34.0957 10908 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
07:49:34.0961 10908 srv2 - ok
07:49:34.0986 10908 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
07:49:34.0988 10908 srvnet - ok
07:49:35.0040 10908 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
07:49:35.0041 10908 stexstor - ok
07:49:35.0081 10908 STHDA (8a8246f40792956e957f3e8d0c188963) C:\windows\system32\DRIVERS\stwrt.sys
07:49:35.0087 10908 STHDA - ok
07:49:35.0114 10908 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\windows\system32\drivers\vmstorfl.sys
07:49:35.0115 10908 storflt - ok
07:49:35.0130 10908 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\windows\system32\drivers\storvsc.sys
07:49:35.0131 10908 storvsc - ok
07:49:35.0158 10908 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
07:49:35.0159 10908 swenum - ok
07:49:35.0186 10908 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\windows\system32\Drivers\SYMEVENT.SYS
07:49:35.0187 10908 SymEvent - ok
07:49:35.0206 10908 SYMREDRV (394b2368212114d538316812af60fddd) C:\windows\System32\Drivers\SYMREDRV.SYS
07:49:35.0207 10908 SYMREDRV - ok
07:49:35.0233 10908 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\windows\System32\Drivers\SYMTDI.SYS
07:49:35.0236 10908 SYMTDI - ok
07:49:35.0294 10908 SynTP (2185cc5be9922562108cf87f42e4bbaf) C:\windows\system32\DRIVERS\SynTP.sys
07:49:35.0321 10908 SynTP - ok
07:49:35.0344 10908 SysPlant (1295b1da3e2a2c24c7d176f6e97afbd1) C:\windows\SYSTEM32\Drivers\SysPlant.sys
07:49:35.0357 10908 SysPlant - ok
07:49:35.0412 10908 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
07:49:35.0436 10908 Tcpip - ok
07:49:35.0467 10908 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
07:49:35.0476 10908 TCPIP6 - ok
07:49:35.0514 10908 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
07:49:35.0516 10908 tcpipreg - ok
07:49:35.0553 10908 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
07:49:35.0554 10908 TDPIPE - ok
07:49:35.0572 10908 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
07:49:35.0573 10908 TDTCP - ok
07:49:35.0611 10908 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
07:49:35.0613 10908 tdx - ok
07:49:35.0635 10908 Teefer2 (1de2e1357552a79f39bff003a11c533e) C:\windows\system32\DRIVERS\teefer2.sys
07:49:35.0636 10908 Teefer2 - ok
07:49:35.0650 10908 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
07:49:35.0651 10908 TermDD - ok
07:49:35.0667 10908 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\windows\system32\drivers\tpm.sys
07:49:35.0669 10908 TPM - ok
07:49:35.0696 10908 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
07:49:35.0697 10908 tssecsrv - ok
07:49:35.0731 10908 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
07:49:35.0732 10908 TsUsbFlt - ok
07:49:35.0770 10908 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
07:49:35.0771 10908 tunnel - ok
07:49:35.0790 10908 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
07:49:35.0791 10908 uagp35 - ok
07:49:35.0812 10908 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
07:49:35.0816 10908 udfs - ok
07:49:35.0834 10908 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
07:49:35.0835 10908 uliagpkx - ok
07:49:35.0868 10908 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
07:49:35.0869 10908 umbus - ok
07:49:35.0892 10908 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
07:49:35.0895 10908 UmPass - ok
07:49:35.0960 10908 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
07:49:35.0962 10908 USBAAPL - ok
07:49:35.0982 10908 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
07:49:35.0984 10908 usbccgp - ok
07:49:36.0019 10908 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
07:49:36.0022 10908 usbcir - ok
07:49:36.0055 10908 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
07:49:36.0057 10908 usbehci - ok
07:49:36.0084 10908 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
07:49:36.0088 10908 usbhub - ok
07:49:36.0105 10908 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
07:49:36.0107 10908 usbohci - ok
07:49:36.0142 10908 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
07:49:36.0143 10908 usbprint - ok
07:49:36.0165 10908 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\drivers\USBSTOR.SYS
07:49:36.0167 10908 USBSTOR - ok
07:49:36.0191 10908 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
07:49:36.0193 10908 usbuhci - ok
07:49:36.0227 10908 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\system32\Drivers\usbvideo.sys
07:49:36.0230 10908 usbvideo - ok
07:49:36.0273 10908 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
07:49:36.0275 10908 vdrvroot - ok
07:49:36.0324 10908 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
07:49:36.0325 10908 vga - ok
07:49:36.0361 10908 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
07:49:36.0362 10908 VgaSave - ok
07:49:36.0388 10908 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
07:49:36.0390 10908 vhdmp - ok
07:49:36.0411 10908 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
07:49:36.0412 10908 viaagp - ok
07:49:36.0430 10908 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
07:49:36.0432 10908 ViaC7 - ok
07:49:36.0462 10908 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
07:49:36.0463 10908 viaide - ok
07:49:36.0490 10908 vmbus (c2f2911156fdc7817c52829c86da494e) C:\windows\system32\drivers\vmbus.sys
07:49:36.0492 10908 vmbus - ok
07:49:36.0513 10908 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\windows\system32\drivers\VMBusHID.sys
07:49:36.0515 10908 VMBusHID - ok
07:49:36.0532 10908 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
07:49:36.0534 10908 volmgr - ok
07:49:36.0559 10908 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
07:49:36.0563 10908 volmgrx - ok
07:49:36.0602 10908 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
07:49:36.0607 10908 volsnap - ok
07:49:36.0626 10908 vpcbus (b26536add1d748cda104d856c979ae79) C:\windows\system32\DRIVERS\vpchbus.sys
07:49:36.0629 10908 vpcbus - ok
07:49:36.0672 10908 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\windows\system32\DRIVERS\vpcnfltr.sys
07:49:36.0673 10908 vpcnfltr - ok
07:49:36.0705 10908 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\windows\system32\DRIVERS\vpcusb.sys
07:49:36.0706 10908 vpcusb - ok
07:49:36.0756 10908 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\windows\system32\drivers\vpcvmm.sys
07:49:36.0760 10908 vpcvmm - ok
07:49:36.0784 10908 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
07:49:36.0786 10908 vsmraid - ok
07:49:36.0817 10908 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
07:49:36.0818 10908 vwifibus - ok
07:49:36.0854 10908 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
07:49:36.0855 10908 vwififlt - ok
07:49:36.0873 10908 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
07:49:36.0874 10908 vwifimp - ok
07:49:36.0895 10908 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
07:49:36.0896 10908 WacomPen - ok
07:49:36.0927 10908 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
07:49:36.0928 10908 WANARP - ok
07:49:36.0938 10908 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
07:49:36.0939 10908 Wanarpv6 - ok
07:49:36.0981 10908 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
07:49:36.0982 10908 Wd - ok
07:49:37.0007 10908 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
07:49:37.0011 10908 Wdf01000 - ok
07:49:37.0039 10908 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
07:49:37.0040 10908 WfpLwf - ok
07:49:37.0056 10908 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
07:49:37.0064 10908 WIMMount - ok
07:49:37.0092 10908 WinUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUSB.sys
07:49:37.0093 10908 WinUSB - ok
07:49:37.0125 10908 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
07:49:37.0126 10908 WmiAcpi - ok
07:49:37.0159 10908 WPS (c1620ebb375d3b02e31fd311c44fedeb) C:\windows\system32\drivers\wpsdrvnt.sys
07:49:37.0166 10908 WPS - ok
07:49:37.0183 10908 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\windows\system32\drivers\WpsHelper.sys
07:49:37.0195 10908 WpsHelper - ok
07:49:37.0209 10908 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
07:49:37.0209 10908 ws2ifsl - ok
07:49:37.0253 10908 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
07:49:37.0255 10908 WudfPf - ok
07:49:37.0292 10908 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
07:49:37.0293 10908 WUDFRd - ok
07:49:37.0318 10908 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
07:49:37.0378 10908 \Device\Harddisk0\DR0 - ok
07:49:37.0383 10908 Boot (0x1200) (50e063501d0f9692b3e1504a72d5d836) \Device\Harddisk0\DR0\Partition0
07:49:37.0384 10908 \Device\Harddisk0\DR0\Partition0 - ok
07:49:37.0395 10908 Boot (0x1200) (8ac6e5fd1b2835635acfff0a97fc07cc) \Device\Harddisk0\DR0\Partition1
07:49:37.0397 10908 \Device\Harddisk0\DR0\Partition1 - ok
07:49:37.0428 10908 Boot (0x1200) (65bae055b947681164545a662f81dfaf) \Device\Harddisk0\DR0\Partition2
07:49:37.0429 10908 \Device\Harddisk0\DR0\Partition2 - ok
07:49:37.0442 10908 Boot (0x1200) (8e119abcc8871649bc3b7389e826dd9a) \Device\Harddisk0\DR0\Partition3
07:49:37.0443 10908 \Device\Harddisk0\DR0\Partition3 - ok
07:49:37.0444 10908 ============================================================
07:49:37.0444 10908 Scan finished
07:49:37.0444 10908 ============================================================
07:49:37.0460 11208 Detected object count: 1
07:49:37.0460 11208 Actual detected object count: 1
07:50:26.0091 11208 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
07:50:26.0091 11208 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
aswMBR log file:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-10 08:10:53
-----------------------------
08:10:53.574 OS Version: Windows 6.1.7601 Service Pack 1
08:10:53.574 Number of processors: 4 586 0x2505
08:10:53.578 ComputerName: RN-LT1 UserName:
08:10:55.542 Initialize success
08:11:51.102 AVAST engine download error: 0
08:12:16.456 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:12:16.458 Disk 0 Vendor: WDC_WD25 03.0 Size: 238475MB BusType: 3
08:12:16.630 Disk 0 MBR read successfully
08:12:16.635 Disk 0 MBR scan
08:12:16.639 Disk 0 Windows 7 default MBR code
08:12:16.708 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
08:12:16.776 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 220763 MB offset 616448
08:12:16.808 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15360 MB offset 452739072
08:12:16.881 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 2043 MB offset 484196352
08:12:16.981 Disk 0 scanning sectors +488380416
08:12:17.484 Disk 0 scanning C:\windows\system32\drivers
08:14:15.398 Service scanning
08:14:16.057 Service SafeBoot C:\windows\System32\Drivers\SafeBoot.sys **LOCKED** 32
08:14:16.088 Service SysPlant C:\windows\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
08:14:16.098 Service Teefer2 C:\windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
08:14:16.130 Service WPS C:\windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
08:14:16.136 Service WpsHelper C:\windows\system32\drivers\WpsHelper.sys **LOCKED** 32
08:14:16.657 Modules scanning
08:17:24.585 Disk 0 trace - called modules:
08:17:24.624 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys iaStor.sys
08:17:24.629 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x877f1ac8]
08:17:24.634 3 CLASSPNP.SYS[8bc4559e] -> nt!IofCallDriver -> [0x877f03b8]
08:17:24.639 5 hpdskflt.sys[8c9b8136] -> nt!IofCallDriver -> [0x86cfd900]
08:17:24.644 7 ACPI.sys[8babd3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86cb2028]
08:17:24.649 Scan finished successfully
08:22:05.745 Disk 0 MBR has been saved successfully to "\\rn-fs2\Users$\bbailey\Desktop\MBR.dat"
08:22:05.762 The log file has been saved successfully to "\\rn-fs2\Users$\bbailey\Desktop\aswMBR.txt"


And here is the boot cleaner file

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-10 08:10:53
-----------------------------
08:10:53.574 OS Version: Windows 6.1.7601 Service Pack 1
08:10:53.574 Number of processors: 4 586 0x2505
08:10:53.578 ComputerName: RN-LT1 UserName:
08:10:55.542 Initialize success
08:11:51.102 AVAST engine download error: 0
08:12:16.456 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:12:16.458 Disk 0 Vendor: WDC_WD25 03.0 Size: 238475MB BusType: 3
08:12:16.630 Disk 0 MBR read successfully
08:12:16.635 Disk 0 MBR scan
08:12:16.639 Disk 0 Windows 7 default MBR code
08:12:16.708 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
08:12:16.776 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 220763 MB offset 616448
08:12:16.808 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15360 MB offset 452739072
08:12:16.881 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 2043 MB offset 484196352
08:12:16.981 Disk 0 scanning sectors +488380416
08:12:17.484 Disk 0 scanning C:\windows\system32\drivers
08:14:15.398 Service scanning
08:14:16.057 Service SafeBoot C:\windows\System32\Drivers\SafeBoot.sys **LOCKED** 32
08:14:16.088 Service SysPlant C:\windows\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
08:14:16.098 Service Teefer2 C:\windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
08:14:16.130 Service WPS C:\windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
08:14:16.136 Service WpsHelper C:\windows\system32\drivers\WpsHelper.sys **LOCKED** 32
08:14:16.657 Modules scanning
08:17:24.585 Disk 0 trace - called modules:
08:17:24.624 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys iaStor.sys
08:17:24.629 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x877f1ac8]
08:17:24.634 3 CLASSPNP.SYS[8bc4559e] -> nt!IofCallDriver -> [0x877f03b8]
08:17:24.639 5 hpdskflt.sys[8c9b8136] -> nt!IofCallDriver -> [0x86cfd900]
08:17:24.644 7 ACPI.sys[8babd3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86cb2028]
08:17:24.649 Scan finished successfully
08:22:05.745 Disk 0 MBR has been saved successfully to "\\rn-fs2\Users$\bbailey\Desktop\MBR.dat"
08:22:05.762 The log file has been saved successfully to "\\rn-fs2\Users$\bbailey\Desktop\aswMBR.txt"
 
oops sorry :)

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Service Pack 1 (build 7601), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`12d00000
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-01-10.02 - bbailey 01/11/2012 3:14.3.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2991.1486 [GMT 9:00]
Running from: c:\users\bbailey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HA8X7BMQ\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))))
.
.
2012-01-10 18:23 . 2012-01-10 18:23 -------- d-----w- c:\users\Radisson\AppData\Local\temp
2012-01-10 18:23 . 2012-01-10 18:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-10 18:23 . 2012-01-10 18:23 -------- d-----w- c:\users\administrator\AppData\Local\temp
2012-01-10 02:58 . 2012-01-10 02:58 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A3E672D-BABD-445D-B812-5178A4EF8919}\offreg.dll
2012-01-09 17:28 . 2012-01-09 17:28 -------- d-----w- C:\HP_RECOVERY_mountHPSF
2012-01-06 23:50 . 2011-12-10 06:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-06 23:50 . 2012-01-06 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-06 21:58 . 2012-01-06 21:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-06 14:24 . 2012-01-06 14:24 -------- d-----w- c:\program files\iPod
2012-01-06 14:24 . 2012-01-06 14:25 -------- d-----w- c:\program files\iTunes
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-01-06 14:20 . 2012-01-06 14:20 -------- d-----w- c:\program files\QuickTime
2012-01-06 09:28 . 2012-01-06 09:53 -------- d-----w- c:\programdata\AVAST Software
2012-01-06 09:28 . 2012-01-06 09:28 -------- d-----w- c:\program files\AVAST Software
2012-01-05 23:47 . 2012-01-05 23:47 -------- d-----w- c:\users\bbailey\AppData\Roaming\GlarySoft
2012-01-05 23:06 . 2012-01-05 23:06 -------- d-----w- c:\program files\WinASO
2012-01-05 21:56 . 2012-01-05 21:56 -------- d-----w- c:\program files\Common Files\McAfee
2012-01-05 21:56 . 2012-01-05 22:43 -------- d-----w- c:\program files\McAfee
2012-01-05 19:56 . 2012-01-05 19:56 -------- d-----w- c:\users\bbailey\AppData\Local\Apps
2012-01-05 04:45 . 2012-01-05 04:45 -------- d-----w- c:\users\administrator\AppData\Local\Google
2012-01-05 04:40 . 2012-01-05 04:40 -------- d-----w- c:\users\administrator\AppData\Roaming\hpqlog
2012-01-05 04:39 . 2012-01-05 04:39 -------- d-----w- c:\users\administrator\AppData\Roaming\IObit
2012-01-05 04:38 . 2012-01-05 04:38 -------- d-----w- c:\users\administrator\AppData\Roaming\Synaptics
2012-01-05 04:30 . 2012-01-05 04:30 -------- d-----w- C:\a4a5b20479313b238579215fc2
2012-01-02 23:43 . 2012-01-03 03:04 -------- d-----w- c:\program files\PC Tools Security
2012-01-02 23:41 . 2012-01-02 23:52 -------- d-----w- c:\programdata\PC Tools
2012-01-02 03:59 . 2012-01-02 04:14 -------- d-----w- c:\users\bbailey\AppData\Roaming\IObit
2012-01-02 03:59 . 2012-01-02 03:59 -------- d-----w- c:\program files\IObit
2012-01-02 03:35 . 2010-01-10 09:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-01-02 03:34 . 2012-01-05 04:51 -------- d-----w- c:\program files\SpywareBlaster
2012-01-02 01:55 . 2012-01-02 01:55 -------- d-----w- c:\users\bbailey\AppData\Roaming\Malwarebytes
2012-01-02 01:55 . 2012-01-02 01:55 -------- d-----w- c:\programdata\Malwarebytes
2011-12-31 09:36 . 2011-12-31 09:36 -------- d-----w- c:\users\bbailey\AppData\Roaming\Synaptics
2011-12-30 23:39 . 2012-01-10 15:53 -------- d-----w- c:\users\bbailey\AppData\Local\PokerStars
2011-12-30 23:38 . 2012-01-09 13:58 -------- d-----w- c:\program files\PokerStars
2011-12-30 23:02 . 2011-12-30 23:02 -------- d-----w- c:\programdata\Synaptics
2011-12-30 23:02 . 2011-03-31 10:30 218408 ----a-w- c:\windows\system32\SynCtrl.dll
2011-12-30 23:02 . 2011-03-31 10:32 1335472 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-12-30 23:02 . 2011-03-31 10:30 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-12-30 23:02 . 2011-03-31 10:30 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
2011-12-29 03:50 . 2011-12-29 03:50 -------- d-----w- c:\users\bbailey\AppData\Local\Roxio
2011-12-28 20:05 . 2012-01-05 04:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-28 20:05 . 2012-01-05 04:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-28 19:41 . 2011-12-28 19:41 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-12-28 19:37 . 2011-12-28 19:37 -------- d-----w- c:\program files\Panicware
2011-12-28 19:18 . 2011-11-29 17:21 6823496 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A3E672D-BABD-445D-B812-5178A4EF8919}\mpengine.dll
2011-12-28 19:18 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-28 16:24 . 2011-12-28 16:24 -------- d-----w- c:\users\bbailey\AppData\Local\Downloaded Installations
2011-12-28 16:22 . 2011-12-28 16:22 -------- d-----w- c:\program files\Common Files\Portrait Displays
2011-12-28 16:21 . 2011-12-28 16:21 -------- d-----w- c:\users\bbailey\AppData\Roaming\Hewlett-Packard Company
2011-12-28 16:18 . 2011-12-28 16:18 7435264 ----a-w- c:\windows\system32\drivers\NETwNs32.sys
2011-12-28 16:18 . 2011-12-28 16:18 684032 ----a-w- c:\windows\system32\NETwNc32.dll
2011-12-28 16:18 . 2011-12-28 16:18 2760704 ----a-w- c:\windows\system32\NETwNr32.dll
2011-12-28 16:17 . 2011-12-28 16:17 -------- d-----w- c:\users\bbailey\AppData\Roaming\InstallShield
2011-12-28 16:17 . 2011-12-28 16:17 -------- d-----w- c:\program files\Common Files\Roxio Shared
2011-12-28 16:17 . 2011-12-28 16:17 -------- d-----w- c:\programdata\Uninstall
2011-12-28 14:31 . 2012-01-05 19:34 -------- d-----w- c:\users\bbailey\AppData\Local\ElevatedDiagnostics
2011-12-27 23:23 . 2011-12-27 23:23 -------- d-----w- c:\users\bbailey\AppData\Roaming\SumatraPDF
2011-12-27 23:22 . 2011-12-27 23:22 1490 ----a-w- C:\user.js
2011-12-27 23:22 . 2011-12-27 23:22 -------- d-----w- c:\users\bbailey\AppData\Roaming\Babylon
2011-12-27 23:22 . 2011-12-27 23:22 -------- d-----w- c:\users\bbailey\AppData\Local\Babylon
2011-12-27 23:22 . 2011-12-27 23:22 -------- d-----w- c:\programdata\Babylon
2011-12-27 23:04 . 2012-01-09 16:53 -------- d--h--w- c:\users\bbailey\UserProfile
2011-12-27 23:04 . 2012-01-09 16:53 -------- d--h--w- c:\users\bbailey\SoftRecovery
2011-12-15 06:11 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 06:10 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 06:08 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 06:08 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-05 03:07 . 2011-12-05 03:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-24 09:28 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-11-16 13:32 . 2011-11-16 13:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 05:29 . 2011-10-24 05:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 05:29 . 2011-10-24 05:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-15 39408]
"SystemBootNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS"="c:\users\bbailey\UserProfile\SystemBoot.lnk" [2012-01-10 882]
"RegWriteNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS"="c:\users\bbailey\SoftRecovery\RegWrite.lnk" [2012-01-10 990]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-03 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-03 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-03 170008]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-04-21 115560]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-01 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-08-17 14904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-07 421736]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2012-01-08 495708]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-5 795936]
Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2011-12-31 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^bbailey^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RegWrite.lnk]
backup=c:\windows\pss\RegWrite.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl32e3c7cb;MpKsl32e3c7cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6839C83D-EE69-41E2-8E4C-DC7FAF42A1F5}\MpKsl32e3c7cb.sys [x]
R1 MpKsl3dcb8ff4;MpKsl3dcb8ff4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{531D348C-33A2-48BA-9CCF-50D0BD38BBC9}\MpKsl3dcb8ff4.sys [x]
R1 MpKsl5fad6417;MpKsl5fad6417;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A65FA436-245B-432A-A60E-5123D8B17809}\MpKsl5fad6417.sys [x]
R1 MpKsl6a02d7a0;MpKsl6a02d7a0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6839C83D-EE69-41E2-8E4C-DC7FAF42A1F5}\MpKsl6a02d7a0.sys [x]
R1 MpKsleba0c0bf;MpKsleba0c0bf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{39DB4C9C-805A-4EAE-AA68-B09ABDA1B971}\MpKsleba0c0bf.sys [x]
R1 MpKsledfc84ef;MpKsledfc84ef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{972F4AEC-8798-434E-BA50-9C931C86E223}\MpKsledfc84ef.sys [x]
R1 MpKsleee50011;MpKsleee50011;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9765E7B4-97F9-4B37-A695-C6A31DA655D1}\MpKsleee50011.sys [x]
R1 MpKslf6bcd812;MpKslf6bcd812;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A65FA436-245B-432A-A60E-5123D8B17809}\MpKslf6bcd812.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 136176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 94880]
R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-10-29 47616]
R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-09-28 38912]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-10-22 1639728]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 136176]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2011-05-27 6758912]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-19 52224]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2012-01-08 81920]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-08-17 133176]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-10-19 32768]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP FastLook\HPDayStarterService.exe [2010-07-13 95800]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-05 227384]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-11-11 277096]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-03-15 26168]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 rgsender;Remote Graphics Sender Service;c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2009-11-19 379904]
S2 ScrybeUpdater;Scrybe Updater;c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-04-05 224424]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-08 106104]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-04 232960]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-12-28 7435264]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 05:39]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 05:39]
.
2011-12-29 c:\windows\Tasks\HPCeeScheduleForbbailey.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ninemsn.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 4.2.2.1
DPF: {4E1318B0-53F0-4274-99FB-F5621625340D} - hxxp://rdnariw2k302/installOperaPrintCtrl.exe
DPF: {DAAC8ECF-DB09-4821-8126-E2C9499A20BA} - hxxp://rdnariw2k302/installregterm.exe
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(684)
c:\windows\system32\DPFPApi.DLL
.
- - - - - - - > 'Explorer.exe'(4176)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2012-01-11 03:27:01
ComboFix-quarantined-files.txt 2012-01-10 18:27
.
Pre-Run: 168,941,330,432 bytes free
Post-Run: 169,390,718,976 bytes free
.
- - End Of File - - F51C0E894FDD7733BC66D7FD75C209B1
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\users\bbailey\UserProfile\SystemBoot.lnk
c:\users\bbailey\SoftRecovery\RegWrite.lnk

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemBootNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS"=-
"RegWriteNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS"=-
[-HKLM\~\startupfolder\C:^Users^bbailey^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RegWrite.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Combofix.txt log

ComboFix 12-01-10.02 - bbailey 01/11/2012 4:21.4.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2991.1901 [GMT 9:00]
Running from: c:\combofix\ComboFix.exe
Command switches used :: \\rn-fs2\Users$\bbailey\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\bbailey\SoftRecovery\RegWrite.lnk"
"c:\users\bbailey\UserProfile\SystemBoot.lnk"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\bbailey\SoftRecovery\RegWrite.lnk
c:\users\bbailey\UserProfile\SystemBoot.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))))
.
.
2012-01-10 19:42 . 2012-01-10 19:42 -------- d-----w- c:\users\bbailey\AppData\Local\temp
2012-01-10 19:42 . 2012-01-10 19:42 -------- d-----w- c:\users\Radisson\AppData\Local\temp
2012-01-10 19:42 . 2012-01-10 19:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-10 19:42 . 2012-01-10 19:42 -------- d-----w- c:\users\administrator\AppData\Local\temp
2012-01-10 19:05 . 2012-01-10 19:05 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A3E672D-BABD-445D-B812-5178A4EF8919}\offreg.dll
2012-01-09 17:28 . 2012-01-09 17:28 -------- d-----w- C:\HP_RECOVERY_mountHPSF
2012-01-06 23:50 . 2011-12-10 06:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-06 23:50 . 2012-01-06 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-06 21:58 . 2012-01-06 21:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-06 14:24 . 2012-01-06 14:24 -------- d-----w- c:\program files\iPod
2012-01-06 14:24 . 2012-01-06 14:25 -------- d-----w- c:\program files\iTunes
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-01-06 14:20 . 2012-01-06 14:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-01-06 14:20 . 2012-01-06 14:20 -------- d-----w- c:\program files\QuickTime
2012-01-06 09:28 . 2012-01-06 09:53 -------- d-----w- c:\programdata\AVAST Software
2012-01-06 09:28 . 2012-01-06 09:28 -------- d-----w- c:\program files\AVAST Software
2012-01-05 23:47 . 2012-01-05 23:47 -------- d-----w- c:\users\bbailey\AppData\Roaming\GlarySoft
2012-01-05 23:06 . 2012-01-05 23:06 -------- d-----w- c:\program files\WinASO
2012-01-05 21:56 . 2012-01-05 21:56 -------- d-----w- c:\program files\Common Files\McAfee
2012-01-05 21:56 . 2012-01-05 22:43 -------- d-----w- c:\program files\McAfee
2012-01-05 19:56 . 2012-01-05 19:56 -------- d-----w- c:\users\bbailey\AppData\Local\Apps
2012-01-05 04:45 . 2012-01-05 04:45 -------- d-----w- c:\users\administrator\AppData\Local\Google
2012-01-05 04:40 . 2012-01-05 04:40 -------- d-----w- c:\users\administrator\AppData\Roaming\hpqlog
2012-01-05 04:39 . 2012-01-05 04:39 -------- d-----w- c:\users\administrator\AppData\Roaming\IObit
2012-01-05 04:38 . 2012-01-05 04:38 -------- d-----w- c:\users\administrator\AppData\Roaming\Synaptics
2012-01-05 04:30 . 2012-01-05 04:30 -------- d-----w- C:\a4a5b20479313b238579215fc2
2012-01-02 23:43 . 2012-01-03 03:04 -------- d-----w- c:\program files\PC Tools Security
2012-01-02 23:41 . 2012-01-02 23:52 -------- d-----w- c:\programdata\PC Tools
2012-01-02 03:59 . 2012-01-02 04:14 -------- d-----w- c:\users\bbailey\AppData\Roaming\IObit
2012-01-02 03:59 . 2012-01-02 03:59 -------- d-----w- c:\program files\IObit
2012-01-02 03:35 . 2010-01-10 09:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-01-02 03:34 . 2012-01-05 04:51 -------- d-----w- c:\program files\SpywareBlaster
2012-01-02 01:55 . 2012-01-02 01:55 -------- d-----w- c:\users\bbailey\AppData\Roaming\Malwarebytes
2012-01-02 01:55 . 2012-01-02 01:55 -------- d-----w- c:\programdata\Malwarebytes
2011-12-31 09:36 . 2011-12-31 09:36 -------- d-----w- c:\users\bbailey\AppData\Roaming\Synaptics
2011-12-30 23:39 . 2012-01-10 15:53 -------- d-----w- c:\users\bbailey\AppData\Local\PokerStars
2011-12-30 23:38 . 2012-01-09 13:58 -------- d-----w- c:\program files\PokerStars
2011-12-30 23:02 . 2011-12-30 23:02 -------- d-----w- c:\programdata\Synaptics
2011-12-30 23:02 . 2011-03-31 10:30 218408 ----a-w- c:\windows\system32\SynCtrl.dll
2011-12-30 23:02 . 2011-03-31 10:32 1335472 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-12-30 23:02 . 2011-03-31 10:30 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-12-30 23:02 . 2011-03-31 10:30 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
2011-12-29 03:50 . 2011-12-29 03:50 -------- d-----w- c:\users\bbailey\AppData\Local\Roxio
2011-12-28 20:05 . 2012-01-05 04:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-28 20:05 . 2012-01-05 04:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-28 19:41 . 2011-12-28 19:41 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-12-28 19:37 . 2011-12-28 19:37 -------- d-----w- c:\program files\Panicware
2011-12-28 19:18 . 2011-11-29 17:21 6823496 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A3E672D-BABD-445D-B812-5178A4EF8919}\mpengine.dll
2011-12-28 19:18 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-28 16:24 . 2011-12-28 16:24 -------- d-----w- c:\users\bbailey\AppData\Local\Downloaded Installations
2011-12-28 16:22 . 2011-12-28 16:22 -------- d-----w- c:\program files\Common Files\Portrait Displays
2011-12-28 16:21 . 2011-12-28 16:21 -------- d-----w- c:\users\bbailey\AppData\Roaming\Hewlett-Packard Company
2011-12-28 16:18 . 2011-12-28 16:18 7435264 ----a-w- c:\windows\system32\drivers\NETwNs32.sys
2011-12-28 16:18 . 2011-12-28 16:18 684032 ----a-w- c:\windows\system32\NETwNc32.dll
2011-12-28 16:18 . 2011-12-28 16:18 2760704 ----a-w- c:\windows\system32\NETwNr32.dll
2011-12-28 16:17 . 2011-12-28 16:17 -------- d-----w- c:\users\bbailey\AppData\Roaming\InstallShield
2011-12-28 16:17 . 2011-12-28 16:17 -------- d-----w- c:\program files\Common Files\Roxio Shared
2011-12-28 16:17 . 2011-12-28 16:17 -------- d-----w- c:\programdata\Uninstall
2011-12-28 14:31 . 2012-01-05 19:34 -------- d-----w- c:\users\bbailey\AppData\Local\ElevatedDiagnostics
2011-12-27 23:23 . 2011-12-27 23:23 -------- d-----w- c:\users\bbailey\AppData\Roaming\SumatraPDF
2011-12-27 23:22 . 2011-12-27 23:22 1490 ----a-w- C:\user.js
2011-12-27 23:22 . 2011-12-27 23:22 -------- d-----w- c:\users\bbailey\AppData\Roaming\Babylon
2011-12-27 23:22 . 2011-12-27 23:22 -------- d-----w- c:\users\bbailey\AppData\Local\Babylon
2011-12-27 23:22 . 2011-12-27 23:22 -------- d-----w- c:\programdata\Babylon
2011-12-27 23:04 . 2012-01-10 19:41 -------- d--h--w- c:\users\bbailey\UserProfile
2011-12-27 23:04 . 2012-01-10 19:41 -------- d--h--w- c:\users\bbailey\SoftRecovery
2011-12-15 06:11 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 06:10 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 06:08 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 06:08 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-05 03:07 . 2011-12-05 03:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-24 09:28 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-11-16 13:32 . 2011-11-16 13:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 05:29 . 2011-10-24 05:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 05:29 . 2011-10-24 05:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-03 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-03 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-03 170008]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-04-21 115560]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-01 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-08-17 14904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-07 421736]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2012-01-08 495708]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-5 795936]
Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2011-12-31 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 MpKsl32e3c7cb;MpKsl32e3c7cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6839C83D-EE69-41E2-8E4C-DC7FAF42A1F5}\MpKsl32e3c7cb.sys [x]
R1 MpKsl3dcb8ff4;MpKsl3dcb8ff4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{531D348C-33A2-48BA-9CCF-50D0BD38BBC9}\MpKsl3dcb8ff4.sys [x]
R1 MpKsl5fad6417;MpKsl5fad6417;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A65FA436-245B-432A-A60E-5123D8B17809}\MpKsl5fad6417.sys [x]
R1 MpKsl6a02d7a0;MpKsl6a02d7a0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6839C83D-EE69-41E2-8E4C-DC7FAF42A1F5}\MpKsl6a02d7a0.sys [x]
R1 MpKsleba0c0bf;MpKsleba0c0bf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{39DB4C9C-805A-4EAE-AA68-B09ABDA1B971}\MpKsleba0c0bf.sys [x]
R1 MpKsledfc84ef;MpKsledfc84ef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{972F4AEC-8798-434E-BA50-9C931C86E223}\MpKsledfc84ef.sys [x]
R1 MpKsleee50011;MpKsleee50011;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9765E7B4-97F9-4B37-A695-C6A31DA655D1}\MpKsleee50011.sys [x]
R1 MpKslf6bcd812;MpKslf6bcd812;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A65FA436-245B-432A-A60E-5123D8B17809}\MpKslf6bcd812.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 136176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 94880]
R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-10-29 47616]
R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-09-28 38912]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-10-22 1639728]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 136176]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2011-05-27 6758912]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-19 52224]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2012-01-08 81920]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-08-17 133176]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-10-19 32768]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP FastLook\HPDayStarterService.exe [2010-07-13 95800]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-05 227384]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-11-11 277096]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-03-15 26168]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 rgsender;Remote Graphics Sender Service;c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2009-11-19 379904]
S2 ScrybeUpdater;Scrybe Updater;c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 29472]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-04-05 224424]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-08 106104]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-04 232960]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-12-28 7435264]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 05:39]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-15 05:39]
.
2011-12-29 c:\windows\Tasks\HPCeeScheduleForbbailey.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ninemsn.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 4.2.2.1
DPF: {4E1318B0-53F0-4274-99FB-F5621625340D} - hxxp://rdnariw2k302/installOperaPrintCtrl.exe
DPF: {DAAC8ECF-DB09-4821-8126-E2C9499A20BA} - hxxp://rdnariw2k302/installregterm.exe
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(640)
c:\windows\system32\DPFPApi.DLL
.
Completion time: 2012-01-11 04:43:39
ComboFix-quarantined-files.txt 2012-01-10 19:43
ComboFix2.txt 2012-01-10 18:27
.
Pre-Run: 169,354,530,816 bytes free
Post-Run: 169,051,398,144 bytes free
.
- - End Of File - - 5D92C2ABBC4DAE7D2C4527E1198C473F
 
How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 1/11/2012 5:17:24 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = \\rn-fs2\Users$\bbailey\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.92 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 62.80% Memory free
5.84 Gb Paging File | 4.20 Gb Available in Paging File | 71.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 215.59 Gb Total Space | 157.52 Gb Free Space | 73.06% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.53 Gb Free Space | 77.24% Space Free | Partition Type: FAT32

Computer Name: RN-LT1 | User Name: bbailey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/11 05:13:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\OTL.exe
PRC - [2012/01/08 21:50:51 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2012/01/08 21:50:50 | 000,254,034 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2012/01/08 21:50:50 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/17 14:08:20 | 000,133,176 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
PRC - [2011/08/17 14:07:54 | 002,944,056 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
PRC - [2011/08/10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/07/05 17:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/06/24 13:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
PRC - [2011/05/27 16:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\Scrybe\scrybe.exe
PRC - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011/02/25 14:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/19 12:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2010/07/16 14:54:06 | 000,300,880 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
PRC - [2010/07/13 14:00:20 | 000,095,800 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP FastLook\HPDayStarterService.exe
PRC - [2010/04/21 12:12:36 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/04/21 12:12:36 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/04/21 12:12:34 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/04/21 12:12:34 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/04/21 12:12:32 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/04/06 02:41:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2010/04/06 02:40:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/11/21 07:10:06 | 000,124,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
PRC - [2009/11/21 06:39:16 | 000,081,920 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
PRC - [2009/11/21 06:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
PRC - [2009/11/21 06:38:56 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
PRC - [2009/11/20 04:01:10 | 003,788,800 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
PRC - [2009/11/20 02:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
PRC - [2009/11/20 02:32:12 | 000,442,368 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
PRC - [2009/11/12 06:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/11/12 00:42:40 | 000,277,096 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009/11/05 06:46:40 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/05 06:46:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/11/05 06:46:30 | 001,098,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
PRC - [2009/09/05 05:43:40 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/09/05 05:43:38 | 002,360,608 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/09/05 05:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/08/04 05:32:22 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/05 14:06:43 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2012/01/05 14:06:32 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/12/29 01:21:31 | 000,092,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
MOD - [2011/12/29 01:21:31 | 000,077,880 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
MOD - [2011/11/28 22:51:51 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2011/11/28 22:50:36 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011/11/25 17:58:35 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/11/25 17:58:34 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
MOD - [2011/11/25 17:58:17 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll
MOD - [2011/11/25 17:58:17 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll
MOD - [2011/11/25 17:58:16 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011/11/25 17:58:08 | 014,339,072 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/11/25 17:57:50 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/11/25 17:57:42 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/11/25 17:57:40 | 012,234,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/11/25 17:57:30 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/11/25 17:57:23 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/11/25 17:57:19 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/11/25 17:57:14 | 007,963,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/11/25 17:56:57 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/26 22:33:02 | 000,877,112 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2011/08/01 11:02:36 | 000,886,272 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.DLL
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/31 19:31:02 | 000,066,856 | ---- | M] () -- C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2010/11/04 17:58:06 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/09/05 05:43:54 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/07/25 05:10:56 | 008,024,064 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtGui4.dll
MOD - [2009/07/25 05:10:28 | 002,199,552 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtCore4.dll
MOD - [2009/06/11 06:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008/01/10 04:10:42 | 000,159,744 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\iceutil32.dll
MOD - [2008/01/10 04:10:00 | 000,167,936 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\icessl32.dll
MOD - [2008/01/10 04:08:00 | 001,245,184 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\ice32.dll
MOD - [2008/01/10 04:06:54 | 000,065,536 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\bzip2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (Hp.Skyroom.Windows.Service)
SRV - [2012/01/08 21:50:50 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2012/01/08 21:50:50 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/17 14:08:20 | 000,133,176 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV - [2011/08/10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/07/05 17:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2010/10/19 12:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2010/07/16 14:54:06 | 000,300,880 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV - [2010/07/13 14:00:20 | 000,095,800 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP FastLook\HPDayStarterService.exe -- (HPDayStarterService)
SRV - [2010/04/21 12:12:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/04/21 12:12:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/04/21 12:12:34 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/04/21 12:12:34 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/04/21 12:12:32 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/04/06 02:40:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/11/20 02:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe -- (rgsender)
SRV - [2009/11/12 00:42:40 | 000,277,096 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2009/11/05 06:46:40 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/05 06:46:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/22 10:30:46 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2009/09/05 05:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/08/04 05:32:22 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/07/14 10:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 10:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 10:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 10:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - [2012/01/08 21:50:51 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2011/12/29 01:18:36 | 007,435,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel(R)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/08 18:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/08 18:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/18 07:09:40 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120110.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/18 07:09:40 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120110.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/27 16:07:50 | 006,758,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2011/03/15 17:17:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2011/03/15 17:17:20 | 000,026,168 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2011/02/25 13:50:52 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/11/20 04:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 04:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 02:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/06/03 16:55:50 | 001,763,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2010/04/21 12:12:38 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2010/04/21 12:12:36 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/04/21 12:12:36 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/04/21 12:12:36 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/04/21 12:12:34 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2010/04/21 12:12:34 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2010/04/21 12:12:30 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/04/21 12:12:30 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/21 12:12:30 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2010/04/06 00:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel(R)
DRV - [2010/02/27 22:01:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/04 12:06:36 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2009/11/12 00:43:00 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2009/11/12 00:42:52 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2009/11/12 00:42:50 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2009/11/12 00:42:48 | 000,110,520 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009/10/29 09:55:00 | 000,047,616 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\risdpe86.sys -- (risdpcie)
DRV - [2009/10/27 06:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rimspe86.sys -- (rimspci)
DRV - [2009/09/29 06:47:00 | 000,038,912 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rixdpe86.sys -- (rixdpcie)
DRV - [2009/09/18 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/08/04 05:32:22 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/21 07:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
DRV - [2009/07/14 08:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 08:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 08:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/06/26 08:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/26 08:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/26 08:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rimsptsk.sys -- (rimsptsk)
DRV - [2009/04/29 23:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4127392227-4110423628-1724150597-1392\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com/
IE - HKU\S-1-5-21-4127392227-4110423628-1724150597-1392\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-4127392227-4110423628-1724150597-1392\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-4127392227-4110423628-1724150597-1392\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4127392227-4110423628-1724150597-1392\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/12/29 01:13:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/01/06 06:56:18 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/01/11 04:42:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-4127392227-4110423628-1724150597-1392..\Run: [RegWriteNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS] C:\Users\bbailey\SoftRecovery\RegWrite.lnk ()
O4 - HKU\S-1-5-21-4127392227-4110423628-1724150597-1392..\Run: [SystemBootNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS] C:\Users\bbailey\UserProfile\SystemBoot.lnk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4127392227-4110423628-1724150597-1392\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4127392227-4110423628-1724150597-1392\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4127392227-4110423628-1724150597-1392\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games – Matchmaking)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab (WebGameLoader Class)
O16 - DPF: {4E1318B0-53F0-4274-99FB-F5621625340D} http://rdnariw2k302/installOperaPrintCtrl.exe (OperaPrintControl Object)
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} http://zone.msn.com/bingame/amad/default/atomaders.cab (AtlAtomadersCtlAttrib Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAAC8ECF-DB09-4821-8126-E2C9499A20BA} http://rdnariw2k302/installregterm.exe (RegTerminalSrv Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = radisson.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F839DFF8-444A-4499-9279-19F3E7C857C4}: DhcpNameServer = 4.2.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========

[2012/01/11 05:13:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\OTL.exe
[2012/01/11 04:43:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/11 04:43:46 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\temp
[2012/01/11 04:13:22 | 004,376,389 | R--- | C] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix.exe
[2012/01/11 03:58:06 | 004,377,322 | ---- | C] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe
[2012/01/11 03:27:08 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/01/11 03:12:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/01/11 03:12:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/01/11 03:12:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/01/11 03:11:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/10 08:09:58 | 004,713,472 | ---- | C] (AVAST Software) -- \\rn-fs2\Users$\bbailey\Desktop\aswMBR.exe
[2012/01/10 07:48:03 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- \\rn-fs2\Users$\bbailey\Desktop\tdsskiller.exe
[2012/01/10 02:28:45 | 000,000,000 | ---D | C] -- C:\HP_RECOVERY_mountHPSF
[2012/01/08 21:52:05 | 012,705,884 | ---- | C] (IDT, Inc.) -- C:\windows\System32\idtcpl.cpl
[2012/01/08 21:52:05 | 001,953,792 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stlang.dll
[2012/01/08 21:52:05 | 000,495,708 | ---- | C] (IDT, Inc.) -- C:\windows\sttray.exe
[2012/01/08 21:52:00 | 000,179,712 | ---- | C] (IDT, Inc.) -- C:\windows\System32\staco.dll
[2012/01/08 21:51:20 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\windows\System32\drivers\stwrt.sys
[2012/01/08 21:51:18 | 000,934,912 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stapo.dll
[2012/01/08 21:51:18 | 000,531,968 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stapi32.dll
[2012/01/08 21:51:18 | 000,405,504 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stcplx.dll
[2012/01/08 21:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2012/01/07 12:53:14 | 000,000,000 | ---D | C] -- \\rn-fs2\Users$\bbailey\Desktop\gmer
[2012/01/07 12:37:53 | 000,607,260 | R--- | C] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\dds.scr
[2012/01/07 08:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/07 08:50:02 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/01/07 08:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/07 07:24:43 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/01/07 06:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/01/06 23:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/06 23:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/06 23:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/06 23:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/01/06 23:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/01/06 18:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/06 18:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/06 08:47:14 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\GlarySoft
[2012/01/06 08:32:20 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/01/06 08:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\WinASO
[2012/01/06 06:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2012/01/06 06:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2012/01/06 04:56:33 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Apps
[2012/01/05 23:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
[2012/01/05 13:30:31 | 000,000,000 | ---D | C] -- C:\a4a5b20479313b238579215fc2
[2012/01/03 08:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2012/01/03 08:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/02 12:59:38 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\IObit
[2012/01/02 12:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/01/02 12:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/01/02 10:55:44 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Malwarebytes
[2012/01/02 10:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/31 18:36:11 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Synaptics
[2011/12/31 08:39:52 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\PokerStars
[2011/12/31 08:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2011/12/31 08:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrybe
[2011/12/31 08:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2011/12/31 08:02:27 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\windows\System32\SynTPCo9.dll
[2011/12/29 13:39:41 | 000,000,000 | ---D | C] -- \\rn-fs2\Users$\bbailey\My Documents\Outlook Files
[2011/12/29 12:50:18 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Roxio
[2011/12/29 05:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/29 05:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/12/29 04:57:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Trend Micro
[2011/12/29 04:57:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Panicware
[2011/12/29 04:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panicware
[2011/12/29 04:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Panicware
[2011/12/29 01:24:22 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Downloaded Installations
[2011/12/29 01:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Portrait Displays
[2011/12/29 01:21:13 | 000,000,000 | ---D | C] -- \\rn-fs2\Users$\bbailey\Desktop\RT
[2011/12/29 01:21:09 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Hewlett-Packard Company
[2011/12/29 01:17:31 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\InstallShield
[2011/12/29 01:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2011/12/29 01:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall
[2011/12/29 01:13:52 | 000,000,000 | R--D | C] -- C:\Users\bbailey\Pictures
[2011/12/29 01:13:52 | 000,000,000 | R--D | C] -- C:\Users\bbailey\Desktop
[2011/12/29 01:13:52 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Programs
[2011/12/29 01:13:51 | 000,000,000 | R--D | C] -- C:\Users\bbailey\Videos
[2011/12/29 01:13:51 | 000,000,000 | R--D | C] -- C:\Users\bbailey\Music
[2011/12/29 01:13:38 | 000,000,000 | ---D | C] -- C:\windows\DPDrv
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\zh-Hant
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\zh-Hans
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\ja
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\it
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\fr
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\es
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\de
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\cs
[2011/12/28 23:31:05 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\ElevatedDiagnostics
[2011/12/28 08:23:04 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\SumatraPDF
[2011/12/28 08:22:49 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Babylon
[2011/12/28 08:22:49 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Babylon
[2011/12/28 08:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011/12/28 08:22:48 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Reader
[2011/12/28 08:04:58 | 000,000,000 | -H-D | C] -- C:\Users\bbailey\UserProfile
[2011/12/28 08:04:58 | 000,000,000 | -H-D | C] -- C:\Users\bbailey\SoftRecovery
[2011/12/15 15:11:07 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/01/03 21:55:50 | 000,255,360 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2011/01/03 21:55:50 | 000,211,840 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
[2010/06/03 14:21:18 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2012/01/11 05:16:50 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/11 05:16:50 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/11 05:13:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\OTL.exe
[2012/01/11 05:10:06 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/11 05:09:16 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012/01/11 05:08:52 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/11 05:08:21 | 2352,513,024 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/11 05:03:04 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/11 04:42:10 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/01/11 04:13:54 | 004,376,389 | R--- | M] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix.exe
[2012/01/11 03:58:50 | 004,377,322 | ---- | M] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe
[2012/01/11 03:57:40 | 000,000,000 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe.6o5k40p.partial
[2012/01/11 02:55:15 | 000,055,214 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\bootkit_remover.zip
[2012/01/10 08:22:05 | 000,000,512 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\MBR.dat
[2012/01/10 08:10:31 | 004,713,472 | ---- | M] (AVAST Software) -- \\rn-fs2\Users$\bbailey\Desktop\aswMBR.exe
[2012/01/10 07:47:56 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- \\rn-fs2\Users$\bbailey\Desktop\tdsskiller.exe
[2012/01/10 07:46:59 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/01/10 07:46:47 | 000,661,410 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/01/10 07:46:47 | 000,121,296 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/01/10 01:05:38 | 585,239,942 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/01/08 21:50:51 | 001,953,792 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stlang.dll
[2012/01/08 21:50:51 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\windows\sttray.exe
[2012/01/08 21:50:51 | 000,431,616 | ---- | M] (IDT, Inc.) -- C:\windows\System32\drivers\stwrt.sys
[2012/01/08 21:50:50 | 012,705,884 | ---- | M] (IDT, Inc.) -- C:\windows\System32\idtcpl.cpl
[2012/01/08 21:50:50 | 000,934,912 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stapo.dll
[2012/01/08 21:50:50 | 000,531,968 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stapi32.dll
[2012/01/08 21:50:50 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stcplx.dll
[2012/01/08 21:50:50 | 000,179,712 | ---- | M] (IDT, Inc.) -- C:\windows\System32\staco.dll
[2012/01/07 12:49:25 | 000,294,216 | ---- | M] () -- \\rn-fs2\Users$\bbailey\Desktop\gmer.zip
[2012/01/07 12:36:15 | 000,607,260 | R--- | M] (Swearware) -- \\rn-fs2\Users$\bbailey\Desktop\dds.scr
[2012/01/07 08:50:11 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/06 23:25:09 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/06 23:20:37 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/06 23:19:01 | 000,002,503 | ---- | M] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/01/06 23:19:01 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/01/06 18:28:46 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2012/01/06 02:58:59 | 000,001,047 | ---- | M] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
[2012/01/06 02:58:59 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2012/01/05 13:16:35 | 000,007,426 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/01/03 08:47:22 | 001,541,924 | ---- | M] () -- C:\windows\System32\drivers\Cat.DB
[2011/12/31 08:02:40 | 000,002,669 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
[2011/12/29 20:00:25 | 000,000,328 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForbbailey.job
[2011/12/29 04:41:27 | 000,002,560 | ---- | M] () -- C:\windows\_MSRSTRT.EXE
[2011/12/29 02:48:36 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/29 01:21:30 | 000,000,178 | ---- | M] () -- C:\windows\System32\HPPA.ini
[2011/12/28 08:22:57 | 000,001,490 | ---- | M] () -- C:\user.js
[2011/12/15 15:24:49 | 000,408,488 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/01/11 03:57:40 | 000,000,000 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\ComboFix_exe.6o5k40p.partial
[2012/01/11 03:12:17 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/01/11 03:12:17 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/01/11 03:12:17 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/01/11 03:12:17 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/01/11 03:12:17 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/01/10 08:25:55 | 000,055,214 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\bootkit_remover.zip
[2012/01/10 08:22:05 | 000,000,512 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\MBR.dat
[2012/01/07 12:49:47 | 000,294,216 | ---- | C] () -- \\rn-fs2\Users$\bbailey\Desktop\gmer.zip
[2012/01/07 08:50:11 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/06 23:25:09 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/06 23:20:37 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/05 23:21:47 | 000,001,047 | ---- | C] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
[2012/01/05 23:21:47 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2012/01/03 08:44:52 | 001,541,924 | ---- | C] () -- C:\windows\System32\drivers\Cat.DB
[2011/12/31 08:02:40 | 000,002,669 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
[2011/12/31 04:48:57 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2011/12/29 04:41:26 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
[2011/12/29 01:15:40 | 000,001,641 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDT HD Audio.lnk
[2011/12/28 08:22:55 | 000,001,490 | ---- | C] () -- C:\user.js
[2011/11/24 18:06:02 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign
[2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign
[2011/02/25 13:20:37 | 000,000,085 | ---- | C] () -- C:\windows\TermReg.ini
[2011/02/25 13:13:52 | 000,007,426 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/03 21:55:50 | 001,763,968 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2011/01/03 21:55:50 | 000,033,280 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2011/01/03 21:55:50 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2011/01/03 21:55:50 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010/09/15 14:04:14 | 000,000,178 | ---- | C] () -- C:\windows\System32\HPPA.ini
[2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPSCEL.dll.hpsign
[2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApi.dll.hpsign
[2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPClback.dll.hpsign
[2010/07/15 16:01:46 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApiUI.dll.hpsign
[2010/06/03 15:05:28 | 000,127,868 | ---- | C] () -- C:\windows\System32\igcompkrng575.bin
[2010/06/03 15:05:26 | 000,104,636 | ---- | C] () -- C:\windows\System32\igfcg575m.bin
[2010/06/03 15:05:24 | 000,870,560 | ---- | C] () -- C:\windows\System32\igkrng575.bin
[2010/06/03 14:19:12 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2010/06/03 14:15:30 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2010/06/03 14:15:28 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
[2009/11/12 00:42:48 | 000,110,520 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2009/10/23 01:56:00 | 000,000,256 | ---- | C] () -- C:\windows\System32\vcsAPIShared.dll.hpsign
[2009/07/14 13:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 13:33:53 | 000,408,488 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 11:05:48 | 000,661,410 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 11:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 11:05:48 | 000,121,296 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 11:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 11:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 11:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 08:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 08:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 08:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 07:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 07:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 07:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 07:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/11 06:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

========== LOP Check ==========

[2011/02/25 13:15:29 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\DigitalPersona
[2012/01/05 13:39:02 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\IObit
[2012/01/05 13:38:46 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\Synaptics
[2011/12/28 08:22:49 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\Babylon
[2011/09/27 10:20:18 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\DigitalPersona
[2012/01/06 08:47:14 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\GlarySoft
[2012/01/02 13:14:39 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\IObit
[2011/10/01 16:57:06 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\redsn0w
[2011/12/28 08:23:04 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\SumatraPDF
[2011/12/31 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\Synaptics
[2011/02/25 12:59:11 | 000,000,000 | ---D | M] -- C:\Users\Radisson\AppData\Roaming\DigitalPersona
[2012/01/03 12:05:27 | 000,032,636 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/14 10:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2012/01/11 04:43:40 | 000,019,239 | ---- | M] () -- C:\ComboFix.txt
[2012/01/11 05:08:21 | 2352,513,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/29 20:28:44 | 015,497,682 | ---- | M] () -- C:\immudebug.log
[2011/02/25 13:33:02 | 000,001,525 | ---- | M] () -- C:\INSTALL.LOG
[2012/01/11 05:08:37 | 3136,688,128 | -HS- | M] () -- C:\pagefile.sys
[2012/01/10 08:02:37 | 000,094,084 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_10.01.2012_07.49.15_log.txt
[2001/09/28 18:00:28 | 000,164,864 | ---- | M] () -- C:\UNWISE.EXE
[2011/12/28 08:22:57 | 000,001,490 | ---- | M] () -- C:\user.js

< %systemroot%\Fonts\*.com >
[2009/07/14 13:52:25 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 13:52:25 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 13:52:25 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 13:52:25 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 06:31:19 | 000,000,065 | -H-- | M] () -- C:\windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/14 10:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2010/11/20 04:21:38 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 13:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/09/28 14:26:04 | 000,000,221 | -HS- | M] () -- C:\Users\bbailey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2009/08/11 08:31:00 | 000,013,022 | ---- | M] () -- C:\windows\snp2uvc.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/11 06:20:04 | 000,000,802 | ---- | M] () -- C:\windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2012/01/05 14:02:21 | 000,008,192 | ---- | M] () -- C:\windows\SECURITY\Database\edb.chk
[2012/01/05 14:02:21 | 001,048,576 | ---- | M] () -- C:\windows\SECURITY\Database\edb.log
[2012/01/05 13:56:19 | 001,048,576 | ---- | M] () -- C:\windows\SECURITY\Database\edbres00001.jrs
[2012/01/05 13:56:19 | 001,048,576 | ---- | M] () -- C:\windows\SECURITY\Database\edbres00002.jrs

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/12/29 01:13:52 | 000,000,402 | -HS- | M] () -- C:\Users\bbailey\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/01/05 13:16:35 | 000,007,426 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"AutoInstallMinorUpdates" = 1
"DetectionFrequencyEnabled" = 1
"DetectionFrequency" = 22
"NoAutoUpdate" = 0
"AUOptions" = 4
"ScheduledInstallDay" = 0
"ScheduledInstallTime" = 3
"RebootWarningTimeoutEnabled" = 1
"RebootWarningTimeout" = 5
"RebootRelaunchTimeoutEnabled" = 1
"RebootRelaunchTimeout" = 10
"RescheduleWaitTimeEnabled" = 1
"RescheduleWaitTime" = 15
"UseWUServer" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2CFBE2D1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
 
OTL Extras logfile created on: 1/11/2012 5:17:24 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = \\rn-fs2\Users$\bbailey\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.92 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 62.80% Memory free
5.84 Gb Paging File | 4.20 Gb Available in Paging File | 71.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 215.59 Gb Total Space | 157.52 Gb Free Space | 73.06% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.53 Gb Free Space | 77.24% Space Free | Partition Type: FAT32

Computer Name: RN-LT1 | User Name: bbailey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{17DA6412-EC90-42D1-A9A4-661416750025}" = HP SkyRoom
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C292266-E054-4090-84D5-869649E4F9C7}" = HP Power Data
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2A08C71B-CC60-42EA-8DA2-FE5486E3B20B}" = Remote Graphics Sender
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4EE201CD-5A61-4749-9EEC-28CE86E9EE90}" = Remote Graphics Receiver
"{50928788-ED14-4B45-97FF-EC3C4EC7BBC1}" = HP 3D DriveGuard
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}" = HP Documentation
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7861911B-4270-498A-8F7A-FCF0570F48E3}" = HP QuickWeb
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{871732B3-1EE5-4C54-8462-8BFF516880B7}" = HP ESU for Microsoft Windows 7
"{883FDE02-EBF8-4D59-87FB-5FF410A35A6C}" = Remote Graphics Sender
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.STANDARDR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.STANDARDR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.STANDARDR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARDR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.STANDARDR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARDR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARDR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.STANDARDR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.STANDARDR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.STANDARDR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.STANDARDR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.STANDARDR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{A5B6BF56-E9FF-4216-BCDC-4B49F58A5782}" = HP Power Assistant
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BE3AD89B-F9B2-4E22-8FAB-BCF63190ABCD}" = HP ProtectTools Security Manager
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{D6782B98-BDC0-45F4-A046-9D26C475CBF8}" = Drive Encryption for HP ProtectTools
"{DF553DE7-3F31-495D-904D-AFA89BD3739C}" = Validity Fingerprint Driver
"{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}" = HP Software Framework
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F9DB9D94-7ABF-4FF0-AE71-4FC9DAB7D4A1}" = HP FastLook
"{FD8234FF-A70D-4632-B146-F41AB37C0B24}" = HP Business Card Reader
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"HPProtectTools" = HP ProtectTools Security Manager
"InstallShield_{17DA6412-EC90-42D1-A9A4-661416750025}" = HP SkyRoom
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Micros Fidelio Opera Print Control" = Micros Fidelio Opera Print Control
"Micros Fidelio Opera Print Utility " = Micros Fidelio Opera Print Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.STANDARDR" = Microsoft Office Standard 2010
"Opera JinitCheck Control" = Opera JinitCheck Control
"Opera Register Terminal" = Opera Register Terminal
"Oracle JInitiator 1.3.1.25" = Oracle JInitiator 1.3.1.25
"PokerStars" = PokerStars
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/28/2011 12:10:02 PM | Computer Name = RN-LT1.radisson.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 17

Error - 12/28/2011 12:10:02 PM | Computer Name = RN-LT1.radisson.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 18

Error - 12/28/2011 12:10:02 PM | Computer Name = RN-LT1.radisson.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 19

Error - 12/28/2011 12:10:02 PM | Computer Name = RN-LT1.radisson.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 20

Error - 12/28/2011 12:10:02 PM | Computer Name = RN-LT1.radisson.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 21

Error - 12/28/2011 12:10:02 PM | Computer Name = RN-LT1.radisson.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 22

Error - 12/28/2011 12:10:02 PM | Computer Name = RN-LT1.radisson.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 23

Error - 12/28/2011 12:10:02 PM | Computer Name = RN-LT1.radisson.local | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 24

Error - 12/28/2011 12:12:14 PM | Computer Name = RN-LT1.radisson.local | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(7c:6d:62:0e:bf:f0@fe80::7e6d:62ff:fe0e:bff0._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 12/28/2011 2:52:31 PM | Computer Name = RN-LT1.radisson.local | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: iedvtool.dll, version: 9.0.8112.16440,
time stamp: 0x4eb318c1 Exception code: 0xc0000005 Fault offset: 0x00035825 Faulting
process id: 0x1ebc Faulting application start time: 0x01ccc5913574f4d1 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Program
Files\Internet Explorer\iedvtool.dll Report Id: 17f6694b-3185-11e1-aabe-e02a823829c8

[ Hewlett-Packard Events ]
Error - 8/5/2011 12:58:26 AM | Computer Name = RN-LT1.radisson.local | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 9/29/2011 2:55:20 AM | Computer Name = RN-LT1.radisson.local | Source = hpsa_service.exe | ID = 2000
Description =

Error - 9/29/2011 2:55:20 AM | Computer Name = RN-LT1.radisson.local | Source = HPSF.exe | ID = 4000
Description =

Error - 11/6/2011 10:24:33 PM | Computer Name = RN-LT1.radisson.local | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files\Hewlett-Packard\HP Support
Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 2991 Ram Utilization:
30 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean, Boolean,
Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 11/21/2011 1:29:15 AM | Computer Name = RN-LT1.radisson.local | Source = HPSFMsgr.exe | ID = 2000
Description =

Error - 12/1/2011 8:20:03 PM | Computer Name = RN-LT1.radisson.local | Source = HPSF.exe | ID = 4000
Description =

Error - 12/28/2011 12:28:31 PM | Computer Name = RN-LT1.radisson.local | Source = HPSF.exe | ID = 4000
Description =

Error - 12/28/2011 5:07:37 PM | Computer Name = RN-LT1.radisson.local | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files\Hewlett-Packard\HP Support
Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 2991 Ram Utilization:
30 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean, Boolean,
Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 1/1/2012 11:23:45 PM | Computer Name = RN-LT1.radisson.local | Source = HPSF.exe | ID = 4000
Description =

Error - 1/5/2012 2:17:08 AM | Computer Name = RN-LT1.radisson.local | Source = HPSF.exe | ID = 4000
Description =

[ HP Power Assistant Events ]
Error - 12/28/2011 12:21:22 PM | Computer Name = RN-LT1.radisson.local | Source = HP PA Application | ID = 0
Description = System.TypeInitializationException The type initializer for 'hpCASL.ChpCASL'
threw an exception. at hpCASL.ChpCASL.c() at hpCASL.ChpCaslSystem..cctor()

Error - 12/28/2011 12:21:22 PM | Computer Name = RN-LT1.radisson.local | Source = HP PA Application | ID = 0
Description = System.Exception Calling process C:\Program Files\Hewlett-Packard\HP
Power Assistant\UninstallHelper.exe does not have a valid signature. HP CASL loading
aborted at hpCASL.ChpCASL.a() at hpCASL.ChpCASL..cctor()

Error - 12/28/2011 12:21:48 PM | Computer Name = RN-LT1.radisson.local | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]

Error - 12/30/2011 5:41:34 PM | Computer Name = RN-LT1.radisson.local | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]

Error - 1/1/2012 1:21:50 AM | Computer Name = RN-LT1.radisson.local | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]

Error - 1/1/2012 2:16:59 AM | Computer Name = RN-LT1.radisson.local | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]

Error - 1/5/2012 7:28:33 PM | Computer Name = RN-LT1.radisson.local | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]

Error - 1/6/2012 11:11:16 AM | Computer Name = RN-LT1.radisson.local | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]

Error - 1/9/2012 2:03:21 AM | Computer Name = RN-LT1.radisson.local | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
HP Power Assistant application. Additional details may be available in the Details
section. DETAILS Object reference not set to an instance of an object.

Error - 1/10/2012 3:25:58 PM | Computer Name = RN-LT1.radisson.local | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event PMC.Data didn't return XmlDocument; returnedSystem.Byte[]

[ HP Wireless Assistant Events ]
Error - 1/5/2012 12:56:16 AM | Computer Name = RN-LT1.radisson.local | Source = HP WA Service | ID = 0
Description = System.TypeInitializationException The type initializer for 'hpCASL.ChpCaslEvents'
threw an exception. at hpCASL.ChpCaslEvents..ctor() at HP_Common.CaslWrapper.get_CaslEvents()

at HP_Common.CaslWrapper.Register(EventArrivedEventHandler handler) at HPPA_Service.CurrentConfiguration..ctor()

Error - 1/5/2012 12:56:16 AM | Computer Name = RN-LT1.radisson.local | Source = HP WA Service | ID = 0
Description = System.TypeInitializationException The type initializer for 'hpCASL.ChpCASL'
threw an exception. at hpCASL.ChpCASL.c() at hpCASL.ChpCaslEvents..cctor()

Error - 1/5/2012 12:56:16 AM | Computer Name = RN-LT1.radisson.local | Source = HP WA Service | ID = 0
Description = System.Exception Calling process C:\Program Files\Hewlett-Packard\HP
Wireless Assistant\HPWA_Service.exe does not have a valid signature. HP CASL loading
aborted at hpCASL.ChpCASL.a() at hpCASL.ChpCASL..cctor()

Error - 1/5/2012 12:56:16 AM | Computer Name = RN-LT1.radisson.local | Source = HP WA Service | ID = 0
Description = System.TypeInitializationException ServiceWorkerMethod ABORTED! - The
type initializer for 'hpCASL.ChpCaslSystem' threw an exception. at hpCASL.ChpCaslSystem..ctor()

at HP_Common.CaslWrapper.get_CaslSystem() at HP_Common.CaslWrapper.GetSystemID(String&
systemID) at HPPA_Service.CurrentConfiguration..ctor() at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

Error - 1/5/2012 12:56:16 AM | Computer Name = RN-LT1.radisson.local | Source = HP WA Service | ID = 0
Description = System.TypeInitializationException ServiceWorkerMethod ABORTED! - The
type initializer for 'hpCASL.ChpCASL' threw an exception. at hpCASL.ChpCASL.c()

at hpCASL.ChpCaslSystem..cctor()

Error - 1/5/2012 12:56:16 AM | Computer Name = RN-LT1.radisson.local | Source = HP WA Service | ID = 0
Description = System.Exception ServiceWorkerMethod ABORTED! - Calling process C:\Program
Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe does not have a valid
signature. HP CASL loading aborted at hpCASL.ChpCASL.a() at hpCASL.ChpCASL..cctor()

Error - 1/5/2012 1:06:35 AM | Computer Name = RN-LT1.radisson.local | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

Error - 1/5/2012 1:06:35 AM | Computer Name = RN-LT1.radisson.local | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 1/5/2012 1:08:20 AM | Computer Name = RN-LT1.radisson.local | Source = HP WA Application | ID = 0
Description = System.TypeInitializationException The type initializer for 'hpCASL.ChpCaslSystem'
threw an exception. at hpCASL.ChpCaslSystem..ctor() at HP_Common.CaslWrapper.get_CaslSystem()

at HP_Common.CaslWrapper.get_IsCaslAvailable()

Error - 1/5/2012 1:08:20 AM | Computer Name = RN-LT1.radisson.local | Source = HP WA Application | ID = 0
Description = System.TypeInitializationException The type initializer for 'hpCASL.ChpCASL'
threw an exception. at hpCASL.ChpCASL.c() at hpCASL.ChpCaslSystem..cctor()

[ System Events ]
Error - 11/5/2011 2:55:12 AM | Computer Name = RN-LT1.radisson.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 11/5/2011 5:22:23 AM | Computer Name = RN-LT1.radisson.local | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain RADISSON due to the following: %%1311 This may lead to authentication
problems. Make sure that this computer is connected to the network. If the problem
persists, please contact your domain administrator. ADDITIONAL INFO If this computer
is a domain controller for the specified domain, it sets up the secure session to
the primary domain controller emulator in the specified domain. Otherwise, this
computer sets up the secure session to any domain controller in the specified domain.

Error - 11/5/2011 10:22:21 AM | Computer Name = RN-LT1.radisson.local | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain RADISSON due to the following: %%1311 This may lead to authentication
problems. Make sure that this computer is connected to the network. If the problem
persists, please contact your domain administrator. ADDITIONAL INFO If this computer
is a domain controller for the specified domain, it sets up the secure session to
the primary domain controller emulator in the specified domain. Otherwise, this
computer sets up the secure session to any domain controller in the specified domain.

Error - 11/5/2011 1:27:22 PM | Computer Name = RN-LT1.radisson.local | Source = TermService | ID = 1067
Description =

Error - 11/5/2011 2:22:23 PM | Computer Name = RN-LT1.radisson.local | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain RADISSON due to the following: %%1311 This may lead to authentication
problems. Make sure that this computer is connected to the network. If the problem
persists, please contact your domain administrator. ADDITIONAL INFO If this computer
is a domain controller for the specified domain, it sets up the secure session to
the primary domain controller emulator in the specified domain. Otherwise, this
computer sets up the secure session to any domain controller in the specified domain.

Error - 11/5/2011 6:22:23 PM | Computer Name = RN-LT1.radisson.local | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain RADISSON due to the following: %%1311 This may lead to authentication
problems. Make sure that this computer is connected to the network. If the problem
persists, please contact your domain administrator. ADDITIONAL INFO If this computer
is a domain controller for the specified domain, it sets up the secure session to
the primary domain controller emulator in the specified domain. Otherwise, this
computer sets up the secure session to any domain controller in the specified domain.

Error - 11/6/2011 9:40:28 PM | Computer Name = RN-LT1.radisson.local | Source = pcmcia | ID = 393225
Description = The PCMCIA controller encountered an error powering up the inserted
device.

Error - 11/6/2011 9:40:29 PM | Computer Name = RN-LT1.radisson.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 11/6/2011 9:40:29 PM | Computer Name = RN-LT1.radisson.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 11/6/2011 9:40:33 PM | Computer Name = RN-LT1.radisson.local | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain RADISSON due to the following: %%1311 This may lead to authentication
problems. Make sure that this computer is connected to the network. If the problem
persists, please contact your domain administrator. ADDITIONAL INFO If this computer
is a domain controller for the specified domain, it sets up the secure session to
the primary domain controller emulator in the specified domain. Otherwise, this
computer sets up the secure session to any domain controller in the specified domain.


< End of report >
 
Sorry it's 5:46am here in Japan and i haven't been to sleep yet since last night trying to get this fixed with your excellent support :)

When i rebooted my PC the pop up was there again so my computer is not doing so well
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
785
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back