1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Malicious URL Warnings, Virus?

Discussion in 'Virus & Other Malware Removal' started by Deni831, Jan 3, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Deni831

    Deni831 Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    71
    Hi, On December 26th, my husband opened an email that said it was from FedEx saying that they had tried to deliver a package to our house and we were not home, so he should get the receipt from the attachment. Since he was in fact waiting for a package, he tried to open the attachment at which point out antivirus program sent up a warning that he should not continue. Ever since that time we have been having trouble with Internet Explorer. The browser doesn't load, or if it finally does we frequently receive warnings that the antivirus has detected a malicious URL. I uninstalled Internet Explorer and started using Google Chrome, but now the problem has started occurring there as well. We never had any problems at all previous to this. We have Windows 7 and our Antivirus program is the free version of Avast. I also use Malwarebytes. The first time I ran Malwarebytes after the initial warning, I found 20 or so infected files, and removed them. I have run both of these programs numerous times since then (including in safe mode) and found nothing.

    Any help you can offer is greatly appreciated!!

    Denise Robert

    Here are the logs you require to post in this forum:

    HijackThis:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:04:09 PM, on 1/3/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Deni831\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
    O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [mshbaf] "C:\Windows\System32\rundll32.exe" "C:\Users\Deni831\AppData\Roaming\mshbaf.dll",read_rows
    O4 - HKCU\..\Run: [ifpnv] "C:\Windows\System32\rundll32.exe" "C:\Users\Deni831\AppData\Roaming\ifpnv.dll",Long_AsLong
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
    O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 12139 bytes



    dds-notepad
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer:
    Run by Deni831 at 18:06:15 on 2013-01-03
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4000.1452 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files\IDT\WDM\beats64.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\splwow64.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files\Microsoft Games\chess\chess.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe,
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [mshbaf] "C:\Windows\System32\rundll32.exe" "C:\Users\Deni831\AppData\Roaming\mshbaf.dll",read_rows
    uRun: [ifpnv] "C:\Windows\System32\rundll32.exe" "C:\Users\Deni831\AppData\Roaming\ifpnv.dll",Long_AsLong
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
    mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    TCP: NameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{585AE280-9F1A-4F84-9B6D-B4568A729A54} : DHCPNameServer = 209.18.47.61 209.18.47.62
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
    x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-12-22 984144]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-12-22 370288]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-12 89600]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-12-22 25232]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-12-22 71600]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-12-26 44808]
    R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-10-12 2375168]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
    R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-2-1 214896]
    R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-10-12 1128952]
    R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-10-12 109168]
    R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-12 2656280]
    R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2011-5-30 31088]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-7-5 1874016]
    R3 NWVoltron;NextWindow Voltron Touch Screen;C:\Windows\System32\drivers\NWVoltron.sys [2011-6-23 28440]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-3-3 343144]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-23 565352]
    R3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2011-10-12 131656]
    R3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2011-10-12 399944]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 hidkmdf;Microsoft HID Class Shim for KMDF;C:\Windows\System32\drivers\hidkmdf.sys [2011-10-12 16152]
    S3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);C:\Windows\System32\drivers\NWWakeFilterV.sys [2011-10-12 16152]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-27 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-27 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-27 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-24 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-01-01 09:11:08 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{92C251E5-17EE-4FF2-84A7-233FFED89CFB}\offreg.dll
    2013-01-01 09:10:30 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{92C251E5-17EE-4FF2-84A7-233FFED89CFB}\mpengine.dll
    2012-12-27 20:32:52 37888 ----a-w- C:\Windows\System32\beats64.exe
    2012-12-27 20:32:52 1819648 ----a-w- C:\Windows\System32\IDTNC64.cpl
    2012-12-27 20:27:03 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
    2012-12-27 20:27:01 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
    2012-12-27 20:27:01 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
    2012-12-27 20:27:01 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
    2012-12-27 20:23:46 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-12-27 20:23:46 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-12-27 20:23:46 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-12-27 20:23:45 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-12-27 20:23:45 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-12-27 20:23:45 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-12-27 20:23:45 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
    2012-12-27 20:23:43 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-12-27 20:23:43 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-12-27 20:23:40 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-12-27 20:23:39 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-12-25 09:58:34 315904 ----a-w- C:\Users\Deni831\AppData\Roaming\ifpnv.dll
    2012-12-25 09:58:11 623104 ----a-w- C:\Users\Deni831\AppData\Roaming\mshbaf.dll
    2012-12-23 04:55:50 163328 ----a-w- C:\Users\Deni831\AppData\Local\cspxsvpg.exe
    2012-12-21 08:00:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-21 08:00:36 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-21 08:00:31 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-21 08:00:29 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-17 20:38:44 -------- d-----w- C:\Users\Deni831\AppData\Roaming\Windows Live Writer
    2012-12-17 20:38:44 -------- d-----w- C:\Users\Deni831\AppData\Local\Windows Live Writer
    2012-12-13 08:01:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
    2012-12-13 00:14:23 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-12-13 00:14:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-12-13 00:14:11 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-12-13 00:12:50 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-12-13 00:12:50 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    .
    ==================== Find3M ====================
    .
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-10-30 23:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-10-30 23:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-10-30 23:51:07 41224 ----a-w- C:\Windows\avastSS.scr
    2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-15 16:59:28 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
    .
    ============= FINISH: 18:06:36.71 ===============


    attach - notepad

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/22/2011 7:14:37 PM
    System Uptime: 1/1/2013 11:37:29 PM (43 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | 2AC3
    Processor: Intel(R) Pentium(R) CPU G620 @ 2.60GHz | CPU 1 | 2600/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 326.466 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 1.8 GiB free.
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP128: 12/25/2012 3:10:18 AM - Windows Update
    RP129: 12/27/2012 3:23:48 PM - Windows Update
    RP130: 1/1/2013 4:09:48 AM - Windows Update
    RP131: 1/1/2013 10:40:45 PM - Windows Modules Installer
    RP132: 1/1/2013 11:05:02 PM - Windows Modules Installer
    RP133: 1/1/2013 11:22:45 PM - Removed Norton Online Backup
    RP134: 1/1/2013 11:23:33 PM - Removed Twitter
    RP135: 1/1/2013 11:36:24 PM - Windows Modules Installer
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Agatha Christie - Peril at End House
    Airport Mania
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    Azteca
    Bejeweled 3
    Bing Bar
    Bing Maps 3D
    Blio
    Bonjour
    Bounce Symphony
    Build-a-lot
    Cake Mania
    Canon Easy-PhotoPrint EX
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MG5200 series MP Drivers
    Canon MG5200 series User Registration
    Canon MP Navigator EX 4.0
    Canon My Printer
    Canon Solution Menu EX
    Carbonite
    Chuzzle Deluxe
    D3DX10
    DirectX for Managed Code Update (Summer 2004)
    Dual Stream 802.11n Wireless LAN Card
    DVD Menu Pack for HP TouchSmart Video
    Facebook for HP TouchSmart
    Farm Frenzy
    FATE
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Governor of Poker 2 Premium Edition
    Hewlett-Packard ACLM.NET v1.2.1.1
    HP Auto
    HP Calendar
    HP Client Services
    HP Clock
    HP Customer Experience Enhancements
    HP Games
    HP LinkUp
    HP Magic Canvas
    HP MovieStore
    HP My Display TouchSmart Edition
    HP Notes
    HP Odometer
    HP Photo Canvas
    HP RSS
    HP Setup
    HP Setup Manager
    HP Support Assistant
    HP Support Information
    HP Touch Browser
    HP TouchSmart Ben10 Comic Book Reader
    HP TouchSmart Bubble Wrap
    HP TouchSmart eBay
    HP TouchSmart Get Updated!
    HP TouchSmart Metric Converter
    HP TouchSmart Music
    HP TouchSmart Paint Blast
    HP TouchSmart Photo
    HP TouchSmart RecipeBox
    HP TouchSmart Spot
    HP TouchSmart Tap Tap Bear
    HP TouchSmart Tutorials
    HP TouchSmart Video
    HP TouchSmart Webcam
    HP Update
    HP Vision Hardware Diagnostics
    HP Weather
    IDT Audio
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    iTunes
    Jewel Quest: The Sleepless Star - Collector's Edition
    Junk Mail filter update
    Kobo
    LabelPrint
    Mah Jong Medley
    Malwarebytes Anti-Malware version 1.65.1.1000
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Mathematics
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010
    Microsoft Office Basic 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Touch Pack for Windows 7
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft WSE 3.0 Runtime
    Microsoft XNA Framework Redistributable 3.0
    MotoHelper 2.1.40 Driver 5.5.0
    MotoHelper MergeModules
    Motorola Mobile Drivers Installation 5.5.0
    Movie Theme Pack for HP TouchSmart Video
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery of Mortlake Mansion
    Namco All-Stars: PAC-MAN
    Paint Shop Pro 7 Anniversary Edition
    PDF Complete Special Edition
    Penguins!
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime amd64
    PlayReady PC Runtime x86
    Polar Bowler
    Polar Golfer
    Power2Go
    PressReader
    Realtek PCIE Card Reader
    Recovery Manager
    Remote Graphics Receiver
    RoxioNow Player
    SDK
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Slingo Deluxe
    TSHostedAppLauncher
    TurboTax 2011
    TurboTax 2011 WinPerFedFormset
    TurboTax 2011 WinPerReleaseEngine
    TurboTax 2011 WinPerTaxSupport
    TurboTax 2011 wmiiper
    TurboTax 2011 wrapper
    Twitter
    Unity Web Player
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Installer for WildTangent Games App
    Vacation Quest - The Hawaiian Islands
    Virtual Villagers 5 - New Believers
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Zinio Reader 4
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/28/2012 12:45:07 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer MACINTOSH-10 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{585AE280-9F1A-4F84-9B6D-B4568A729A54}. The master browser is stopping or an election is being forced.
    1/1/2013 8:24:17 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
    1/1/2013 6:22:52 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    1/1/2013 6:22:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/1/2013 6:22:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/1/2013 6:22:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    1/1/2013 6:22:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    1/1/2013 6:22:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/1/2013 6:22:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
    1/1/2013 6:22:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/1/2013 6:22:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi BHDrvx64 ccSet_NIS DfsC discache IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
    1/1/2013 6:22:35 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/1/2013 6:22:35 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/1/2013 6:22:35 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    1/1/2013 6:22:35 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/1/2013 6:22:35 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/1/2013 6:22:35 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    1/1/2013 6:22:35 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/1/2013 6:22:35 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/1/2013 6:22:35 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/1/2013 6:22:35 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/1/2013 4:58:40 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Deni831-HP\Deni831 SID (S-1-5-21-2364189593-3991097414-1983408701-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    .
    ==== End Of File ===========================
     
  2. Deni831

    Deni831 Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    71
    I attached a copy of the rootkit scan log as it was too long to copy in this message, I tried and kept getting error messages.

    Thanks again!
    Denise
     
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Download OTM from either of the following links and save to your Desktop:

    http://oldtimer.geekstogo.com/OTM.exe.
    http://www.itxassociates.com/OT-Tools/OTM.com
    http://www.itxassociates.com/OT-Tools/OTM.exe

    If your security alerts to OTM, either accept the alert or turn off the security....

    Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....

    • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Reg
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
      "mshbaf"=-
      "ifpnv"=-
      :Files
      C:\Users\Deni831\AppData\Roaming\mshbaf.dll
      C:\Users\Deni831\AppData\Roaming\ifpnv.dll
      :Commands
      [EmptyTemp]
      
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.

    Next,

    Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

    • Please close all open programs and internet browsers.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

    Post those two logs, let me know if the issue remains...

    Kevin
     
  4. Deni831

    Deni831 Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    71
    Thank you for the quick response Kevin,

    After I ran the first scan and the computer rebooted, I started receiveing the following error message on every start-up:

    There was a problem starting
    C:\Users\Deni831\AppData\Roaming\mshbaf.dll
    The specified module could not be found.

    I put Internet Explorer back on, it loaded correctly and so far I have not had any malicious URL warnings. Of course it has only been 20 or so minutes.

    Thanks,
    Denise

    Here are the two logs you requested:

    OTM:
    All processes killed
    ========== REGISTRY ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mshbaf deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ifpnv deleted successfully.
    ========== FILES ==========
    DllUnregisterServer procedure not found in C:\Users\Deni831\AppData\Roaming\mshbaf.dll
    C:\Users\Deni831\AppData\Roaming\mshbaf.dll moved successfully.
    DllUnregisterServer procedure not found in C:\Users\Deni831\AppData\Roaming\ifpnv.dll
    C:\Users\Deni831\AppData\Roaming\ifpnv.dll moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Deni831
    ->Temp folder emptied: 509000571 bytes
    ->Temporary Internet Files folder emptied: 420101892 bytes
    ->Google Chrome cache emptied: 475265167 bytes
    ->Flash cache emptied: 56972 bytes

    User: Public

    User: TEMP

    User: TEMP.ROBERTFAMILY

    User: TEMP.ROBERTFAMILY.000

    User: TEMP.ROBERTFAMILY.001

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 289030387 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,615.00 mb


    OTM by OldTimer - Version 3.1.21.0 log created on 01032013_202810

    Files moved on Reboot...
    C:\Users\Deni831\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...



    AdwCleaner:
    # AdwCleaner v2.104 - Logfile created 01/03/2013 at 20:43:07
    # Updated 29/12/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Deni831 - DENI831-HP
    # Boot Mode : Normal
    # Running from : C:\Users\Deni831\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Google Chrome v23.0.1271.97

    File : C:\Users\Deni831\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1281 octets] - [03/01/2013 20:41:19]
    AdwCleaner[S1].txt - [1069 octets] - [03/01/2013 20:43:07]

    ########## EOF - C:\AdwCleaner[S1].txt - [1129 octets] ##########
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Denise,

    Thanks for the logs, are the alerts rundll errors? RunDLL32.exe is a legitimate Windows file that executes/loads .dll (Dynamic Link Library) modules which too can be legitimate or in you case malware related. A RunDLL "Error loading..." or "specific module could not be found" message usually occurs when the .dll file(s) that was set to run at startup in the registry has been removed. Windows is trying to load this file(s) but cannot locate it since the file was removed with OTM. However, an associated orphaned registry entry still remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads.
    Run the following OTL scan and we`ll see which service remains and remove them to stop the alerts, post the two created logs in your next reply,

    Download OTL from any of the following links and save to your desktop.

    http://itxassociates.com/OT-Tools/OTL.com
    http://oldtimer.geekstogo.com/OTL.exe
    http://www.itxassociates.com/OT-Tools/OTL.scr

    Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

    • When the window appears, underneath Output at the top, make sure Standard output is selected.
    • Select Scan all users
    • Under the Extra Registry section, check Use SafeList
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Click Run Scan and let the program run uninterrupted.
    • When the scan is complete, two text files will be created on your Desktop.
    • OTL.Txt <- this one will be opened
    • Extras.txt <- this one will be minimized

    Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

    Thank you,

    Kevin
     
  6. Deni831

    Deni831 Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    71
    Thank you Kevin, Sorry for the long response, I was at work. Here are the (2) report logs you have requested.

    Denise


    OTL Log Report:

    OTL logfile created on: 1/4/2013 4:33:28 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Deni831\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.91 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 47.56% Memory free
    7.81 Gb Paging File | 5.57 Gb Available in Paging File | 71.26% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.12 Gb Total Space | 328.72 Gb Free Space | 72.87% Space Free | Partition Type: NTFS
    Drive D: | 14.54 Gb Total Space | 1.80 Gb Free Space | 12.38% Space Free | Partition Type: NTFS

    Computer Name: DENI831-HP | User Name: Deni831 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/04 16:31:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Deni831\Downloads\OTL.exe
    PRC - [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    PRC - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    PRC - [2011/12/05 20:41:32 | 001,059,472 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    PRC - [2011/08/16 14:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
    PRC - [2011/08/16 14:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
    PRC - [2011/06/17 12:24:24 | 000,445,232 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
    PRC - [2011/06/17 12:24:14 | 000,129,840 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    PRC - [2011/05/30 12:32:38 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    PRC - [2011/05/05 18:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    PRC - [2011/03/09 16:47:08 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    PRC - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/02/01 16:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2011/02/01 16:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    PRC - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
    PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/12/04 20:15:15 | 012,456,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
    MOD - [2012/12/04 20:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
    MOD - [2012/12/04 20:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
    MOD - [2012/12/04 20:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
    MOD - [2012/12/04 20:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
    MOD - [2012/12/04 20:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
    MOD - [2012/12/04 20:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
    MOD - [2012/12/04 20:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
    MOD - [2012/11/16 03:26:10 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\59353156806745822ad61a40de8fb631\System.IdentityModel.ni.dll
    MOD - [2012/11/16 03:26:09 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a27582afda5c9a9258ed2cd787352773\System.ServiceModel.ni.dll
    MOD - [2012/11/16 03:22:03 | 002,906,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\bc4a5d9898a6c903baafbecacf6010b3\ReachFramework.ni.dll
    MOD - [2012/11/16 03:21:42 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\bb404633d24f5098f9d7f5f5a1d234c3\System.Runtime.DurableInstancing.ni.dll
    MOD - [2012/11/16 03:21:41 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\0dd39ca15b3d56a03a31fbf671c80cfe\SMDiagnostics.ni.dll
    MOD - [2012/11/16 03:21:40 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\0d2c8da8749c683b47f01101c9ea26d5\System.Runtime.Serialization.ni.dll
    MOD - [2012/11/16 03:12:31 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll
    MOD - [2012/11/16 03:12:22 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll
    MOD - [2012/11/16 03:08:02 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
    MOD - [2012/11/16 03:07:58 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll
    MOD - [2012/11/16 03:07:55 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll
    MOD - [2012/11/16 03:07:52 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
    MOD - [2012/11/16 03:07:48 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
    MOD - [2012/11/16 03:07:46 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
    MOD - [2012/11/16 03:07:40 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
    MOD - [2012/02/01 16:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/02/15 13:59:00 | 000,015,624 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\ACPIDll.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2012/04/24 20:38:30 | 000,318,464 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2011/12/05 20:34:36 | 006,378,128 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
    SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
    SRV - [2012/09/27 10:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
    SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
    SRV - [2011/08/16 14:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
    SRV - [2011/06/17 12:24:14 | 000,129,840 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
    SRV - [2011/05/05 18:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
    SRV - [2011/03/09 16:47:08 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
    SRV - [2011/03/07 18:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
    SRV - [2011/03/01 23:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2011/02/01 16:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2011/02/01 16:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
    SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
    SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/10/30 18:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/10/30 18:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/10/30 18:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/10/30 18:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/10/30 18:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/10/15 11:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/07/05 13:21:30 | 001,874,016 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
    DRV:64bit: - [2012/04/24 20:38:30 | 000,536,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2012/03/03 06:06:22 | 000,343,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/12 18:34:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/10/12 18:34:41 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/08/23 13:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/07/26 23:22:50 | 012,288,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/06/23 01:48:16 | 000,028,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWVoltron.sys -- (NWVoltron)
    DRV:64bit: - [2011/05/30 12:33:04 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2011/05/25 16:08:54 | 000,016,152 | ---- | M] (n/a) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NWWakeFilterV.sys -- (NWWakeFilterV)
    DRV:64bit: - [2011/05/25 16:08:50 | 000,016,152 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
    DRV:64bit: - [2011/05/20 16:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/04/21 07:07:22 | 000,399,944 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
    DRV:64bit: - [2011/04/21 07:07:22 | 000,131,656 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/07/13 07:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{34B0AFFB-6513-40F3-B441-1365B464D728}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{34B0AFFB-6513-40F3-B441-1365B464D728}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2364189593-3991097414-1983408701-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE - HKU\S-1-5-21-2364189593-3991097414-1983408701-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
    IE - HKU\S-1-5-21-2364189593-3991097414-1983408701-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2364189593-3991097414-1983408701-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-2364189593-3991097414-1983408701-1001\..\SearchScopes\{34B0AFFB-6513-40F3-B441-1365B464D728}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    IE - HKU\S-1-5-21-2364189593-3991097414-1983408701-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE - HKU\S-1-5-21-2364189593-3991097414-1983408701-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-2364189593-3991097414-1983408701-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2364189593-3991097414-1983408701-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2011/10/12 18:50:12 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2011/10/12 18:50:12 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Deni831\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)



    ========== Chrome ==========

    CHR - homepage: http://www.msn.com/?pc=BDT3&ocid=bdtdhp
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.msn.com/?pc=BDT3&ocid=bdtdhp
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
    CHR - plugin: Norton Confidential (Enabled) = C:\Users\Deni831\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\6.0.2_0\npcoplgn.dll
    CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: avast! WebRep = C:\Users\Deni831\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-2364189593-3991097414-1983408701-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
    O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
    O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe (Portrait Displays, Inc.)
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2364189593-3991097414-1983408701-1001..\Run: [mshbaf] "C:\Windows\System32\rundll32.exe" "C:\Users\Deni831\AppData\Roaming\mshbaf.dll",read_rows File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-2364189593-3991097414-1983408701-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKU\S-1-5-21-2364189593-3991097414-1983408701-1001\..Trusted Domains: localhost ([]* in Local intranet)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{585AE280-9F1A-4F84-9B6D-B4568A729A54}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/04 16:31:08 | 000,000,000 | ---D | C] -- C:\Users\Deni831\Desktop\Logs
    [2013/01/03 20:28:10 | 000,000,000 | ---D | C] -- C:\_OTM
    [2013/01/03 18:13:50 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012/12/27 15:32:52 | 001,819,648 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNC64.cpl
    [2012/12/27 15:32:52 | 000,037,888 | ---- | C] (Hewlett-Packard ) -- C:\Windows\SysNative\beats64.exe
    [2012/12/27 15:27:01 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
    [2012/12/27 15:27:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
    [2012/12/27 15:27:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
    [2012/12/27 15:26:58 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
    [2012/12/27 15:26:58 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
    [2012/12/27 15:26:58 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
    [2012/12/27 15:26:54 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
    [2012/12/27 15:26:54 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
    [2012/12/27 15:26:54 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
    [2012/12/27 15:26:54 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
    [2012/12/27 15:26:54 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
    [2012/12/27 15:26:54 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
    [2012/12/27 15:26:54 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
    [2012/12/27 15:26:54 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
    [2012/12/27 15:26:54 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
    [2012/12/27 15:26:54 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
    [2012/12/27 15:26:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
    [2012/12/27 15:26:54 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
    [2012/12/27 15:26:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
    [2012/12/27 15:26:54 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
    [2012/12/27 15:26:54 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
    [2012/12/27 15:26:53 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
    [2012/12/27 15:26:53 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
    [2012/12/27 15:26:53 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
    [2012/12/27 15:26:53 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
    [2012/12/27 15:26:25 | 000,000,000 | ---D | C] -- C:\Intel
    [2012/12/27 15:23:45 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2012/12/27 15:23:45 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2012/12/27 15:23:40 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
    [2012/12/27 15:23:39 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
    [2012/12/22 23:55:50 | 000,163,328 | ---- | C] (Donkey) -- C:\Users\Deni831\AppData\Local\cspxsvpg.exe
    [2012/12/21 03:00:37 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
    [2012/12/21 03:00:36 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
    [2012/12/21 03:00:31 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
    [2012/12/21 03:00:29 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
    [2012/12/17 15:38:44 | 000,000,000 | ---D | C] -- C:\Users\Deni831\AppData\Roaming\Windows Live Writer
    [2012/12/17 15:38:44 | 000,000,000 | ---D | C] -- C:\Users\Deni831\AppData\Local\Windows Live Writer
    [2012/12/13 03:02:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/12/13 03:02:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/12/13 03:02:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/12/13 03:02:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/12/13 03:02:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/12/13 03:02:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/12/13 03:02:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/12/13 03:02:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/12/13 03:02:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/12/13 03:02:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/12/13 03:02:06 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/12/13 03:02:06 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2012/12/13 03:02:03 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/12/13 03:02:03 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/12/13 03:02:03 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2012/12/12 19:13:52 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2012/12/12 19:13:52 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
    [2012/12/12 19:13:52 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
    [2012/12/12 19:13:52 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2012/12/12 19:13:51 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2012/12/12 19:13:51 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2012/12/12 19:13:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2012/12/12 19:13:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2012/12/12 19:13:51 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2012/12/12 19:13:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2012/12/12 19:13:51 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2012/12/12 19:13:50 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2012/12/12 19:13:50 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2012/12/12 19:13:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2012/12/12 19:13:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012/12/12 19:13:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2012/12/12 19:13:49 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2012/12/12 19:13:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2012/12/12 19:13:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2012/12/12 19:13:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2012/12/12 19:13:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012/12/12 19:13:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2012/12/12 19:13:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012/12/12 19:13:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2012/12/12 19:13:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2012/12/12 19:13:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2012/12/12 19:13:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2012/12/12 19:13:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012/12/12 19:13:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2012/12/12 19:13:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2012/12/12 19:13:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2012/12/12 19:13:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2012/12/12 19:13:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2012/12/12 19:13:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012/12/12 19:13:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012/12/12 19:13:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012/12/12 19:13:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012/12/12 19:13:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2012/12/12 19:13:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2012/12/12 19:13:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2012/12/12 19:13:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012/12/12 19:13:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012/12/12 19:13:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2012/12/12 19:13:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2012/12/12 19:13:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2012/12/12 19:13:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2012/12/12 19:13:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2012/12/12 19:13:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2012/12/12 19:13:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2012/12/12 19:13:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2012/12/12 19:13:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012/12/12 19:13:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012/12/12 19:13:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2012/12/12 19:13:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2012/12/12 19:13:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2012/12/12 19:13:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2012/12/12 19:13:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2012/12/12 19:13:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2012/12/12 19:13:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2012/12/12 19:13:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2012/12/12 19:13:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2012/12/12 19:13:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2012/12/12 19:13:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2012/12/12 19:13:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2012/12/12 19:13:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2012/12/12 19:13:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2012/12/12 19:13:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2012/12/12 19:13:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2012/12/12 19:13:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2012/12/12 19:12:50 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
    [2012/12/12 19:12:50 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll

    ========== Files - Modified Within 30 Days ==========

    [2013/01/04 15:44:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/04 09:44:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/03 21:00:01 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/03 21:00:01 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/03 20:57:02 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/01/03 20:57:02 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/01/03 20:57:02 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/01/03 20:52:25 | 000,001,443 | ---- | M] () -- C:\Users\Deni831\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/01/03 20:52:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/03 20:52:08 | 3145,977,856 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/03 20:25:37 | 000,006,525 | ---- | M] () -- C:\Users\Deni831\AppData\Local\276f85f7-5a9f-4ec3-96c4-dc830f2d7f90.crx
    [2013/01/01 18:16:07 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDeni831.job
    [2012/12/26 09:47:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/12/26 09:33:59 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/12/26 09:27:42 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDENI831-HP$.job
    [2012/12/26 08:10:41 | 000,046,117 | ---- | M] () -- C:\Users\Deni831\AppData\Local\gunqbuut
    [2012/12/25 21:14:02 | 000,046,117 | ---- | M] () -- C:\Users\Deni831\AppData\Local\vxgfphqe
    [2012/12/25 11:34:23 | 000,046,117 | ---- | M] () -- C:\Users\Deni831\AppData\Local\qlitnieb
    [2012/12/24 14:57:55 | 000,046,117 | ---- | M] () -- C:\Users\Deni831\AppData\Local\gepnpnks
    [2012/12/24 14:50:52 | 000,046,280 | ---- | M] () -- C:\Users\Deni831\AppData\Local\ahevhjgd
    [2012/12/24 14:15:35 | 000,046,131 | ---- | M] () -- C:\Users\Deni831\AppData\Local\ekptxwvi
    [2012/12/23 05:22:54 | 000,046,131 | ---- | M] () -- C:\Users\Deni831\AppData\Local\qovwpdvf
    [2012/12/23 00:17:18 | 000,046,075 | ---- | M] () -- C:\Users\Deni831\AppData\Local\aaijuuse
    [2012/12/23 00:10:14 | 000,000,000 | ---- | M] () -- C:\Users\Deni831\AppData\Roaming\SharedSettings.ccs
    [2012/12/22 23:55:50 | 000,163,328 | ---- | M] (Donkey) -- C:\Users\Deni831\AppData\Local\cspxsvpg.exe
    [2012/12/21 03:17:32 | 000,304,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/12/16 12:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
    [2012/12/16 09:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
    [2012/12/16 09:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
    [2012/12/16 09:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
    [2012/12/12 18:45:49 | 000,002,380 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

    ========== Files Created - No Company Name ==========

    [2013/01/03 20:52:25 | 000,001,449 | ---- | C] () -- C:\Users\Deni831\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2013/01/03 20:52:25 | 000,001,443 | ---- | C] () -- C:\Users\Deni831\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/01/03 20:52:25 | 000,001,415 | ---- | C] () -- C:\Users\Deni831\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    [2012/12/26 08:10:41 | 000,046,117 | ---- | C] () -- C:\Users\Deni831\AppData\Local\gunqbuut
    [2012/12/25 21:14:02 | 000,046,117 | ---- | C] () -- C:\Users\Deni831\AppData\Local\vxgfphqe
    [2012/12/25 11:34:23 | 000,046,117 | ---- | C] () -- C:\Users\Deni831\AppData\Local\qlitnieb
    [2012/12/25 04:58:13 | 000,006,525 | ---- | C] () -- C:\Users\Deni831\AppData\Local\276f85f7-5a9f-4ec3-96c4-dc830f2d7f90.crx
    [2012/12/24 14:57:55 | 000,046,117 | ---- | C] () -- C:\Users\Deni831\AppData\Local\gepnpnks
    [2012/12/24 14:50:52 | 000,046,280 | ---- | C] () -- C:\Users\Deni831\AppData\Local\ahevhjgd
    [2012/12/24 14:15:35 | 000,046,131 | ---- | C] () -- C:\Users\Deni831\AppData\Local\ekptxwvi
    [2012/12/23 05:22:54 | 000,046,131 | ---- | C] () -- C:\Users\Deni831\AppData\Local\qovwpdvf
    [2012/12/23 00:17:18 | 000,046,075 | ---- | C] () -- C:\Users\Deni831\AppData\Local\aaijuuse
    [2012/12/23 00:10:14 | 000,000,000 | ---- | C] () -- C:\Users\Deni831\AppData\Roaming\SharedSettings.ccs
    [2012/02/04 13:06:25 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2011/10/12 18:35:03 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/10/12 18:35:02 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/10/12 18:35:02 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/07/26 23:14:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2011/07/26 22:51:00 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011/06/21 02:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
    [2011/02/11 12:15:43 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2007/04/23 07:40:28 | 000,000,042 | ---- | C] () -- C:\Users\Deni831\default.pls

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/12/22 20:42:54 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\InterMute
    [2011/12/22 20:42:54 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\InterMute
    [2012/06/08 17:33:28 | 000,000,000 | ---D | M] -- C:\Users\Deni831\AppData\Roaming\Canon
    [2012/01/04 16:13:43 | 000,000,000 | ---D | M] -- C:\Users\Deni831\AppData\Roaming\Catalina Marketing Corp
    [2012/04/08 18:05:33 | 000,000,000 | ---D | M] -- C:\Users\Deni831\AppData\Roaming\Motorola
    [2011/12/31 10:29:13 | 000,000,000 | ---D | M] -- C:\Users\Deni831\AppData\Roaming\WinBatch
    [2012/12/17 15:38:44 | 000,000,000 | ---D | M] -- C:\Users\Deni831\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    < End of report >



    Extras Notepad Log Report

    OTL Extras logfile created on: 1/4/2013 4:33:28 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Deni831\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.91 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 47.56% Memory free
    7.81 Gb Paging File | 5.57 Gb Available in Paging File | 71.26% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.12 Gb Total Space | 328.72 Gb Free Space | 72.87% Space Free | Partition Type: NTFS
    Drive D: | 14.54 Gb Total Space | 1.80 Gb Free Space | 12.38% Space Free | Partition Type: NTFS

    Computer Name: DENI831-HP | User Name: Deni831 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-2364189593-3991097414-1983408701-1001\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{045316EE-2F2E-466C-80E3-658F85775FF4}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{1B47A82A-C571-47D9-9C92-3836B7C2F0DF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{2206EE1F-222B-4930-8080-852BECECA06C}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{361408D5-F180-45A3-AD6F-93A12F788B5D}" = rport=445 | protocol=6 | dir=out | app=system |
    "{36E8DB42-4002-4995-A86E-0EF913B81829}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3BEE1277-57D1-41C7-AB9E-E5F09FBD3872}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4389A606-4205-4FC8-B753-3DBD631E77AF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5020AA90-A19C-4089-8E2C-ECCCA585DF07}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{5BC72EB4-4370-46C7-B5E6-94E4DD4EABC8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6125CFBD-9488-42C3-96FF-32295E725249}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7CA14E2B-8CE7-436D-A532-F08B32782853}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{7E825816-B254-43EE-9A57-5B32D6A4AD25}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{8736FFA0-4F1C-48FB-9927-8D6FA17D8F60}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{94D842AA-F606-4B84-A0F4-4943ED74E43B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{9CF01E6F-F0D6-4198-9C1E-7839ED438741}" = rport=137 | protocol=17 | dir=out | app=system |
    "{A47D8330-29D5-4F9D-96F7-040282F90A22}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
    "{AAC78B85-2296-4E3A-B7EF-B052EAB25C3B}" = rport=138 | protocol=17 | dir=out | app=system |
    "{B057B271-99DC-4B0D-B6DE-F0588EF320CE}" = rport=139 | protocol=6 | dir=out | app=system |
    "{B3285455-7F0F-4710-89A2-0485D7C14B80}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{B7030ACC-94F2-4075-BFA9-1ED940B00100}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{BAE721BE-F45A-4244-A54D-7ECA94C90511}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C97C9A11-BB52-4840-ABCF-8702EF067E05}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{CA460234-8823-40AD-A443-BD94EFFBF169}" = lport=137 | protocol=17 | dir=in | app=system |
    "{D326F330-E39B-465E-8D9C-DF79074B32E2}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
    "{DC954C8D-F48A-44F2-933C-65E0D4B92D5B}" = lport=445 | protocol=6 | dir=in | app=system |
    "{DCE7615A-F70A-472B-8F98-93D1DCC75760}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{E2B0E736-4970-49B5-A7EA-72DEFA4BED93}" = lport=139 | protocol=6 | dir=in | app=system |
    "{EEAD782A-826B-4506-8D88-D99883713400}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{FB5BB00B-6EAD-496F-8578-EBD9A8F153EB}" = lport=138 | protocol=17 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{010E16C9-BC64-44A8-9445-69B12BDE5036}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{0264CAA9-9805-4713-957E-7D9DF75327F6}" = protocol=6 | dir=out | app=system |
    "{0360E018-7363-43CA-9572-08B12495EB0D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{06411F9A-09B3-4CA1-94A3-5667D5CC31D1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
    "{09ED1CCC-5E3C-4B13-9428-51FE81D81B10}" = protocol=1 | dir=out | [email protected],-28544 |
    "{0D9FE156-1C00-481B-9C2C-C41681F9CDA9}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
    "{0F966D48-E6A9-44FB-A865-9360CCA88870}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{19D9C6EC-8D22-442D-B843-AFAD6397CF27}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{200715D1-69FA-4272-ABF4-B76C5D38DE7A}" = protocol=1 | dir=in | [email protected],-28543 |
    "{2035632D-9D34-4B7A-BBA8-51C591437A47}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{28C7EF8C-83E1-4AE0-BA00-473732C5130D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\photo\hptouchsmartphoto.exe |
    "{29A72F0A-4EBE-4F15-BE6F-5520C6C0DEDB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{2F9C53F3-853C-4681-BC04-AF2E13CB11CC}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\video\tsmagent.exe |
    "{36F6437D-6432-4972-93E2-FDE42F0DA65D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3F7EA104-08DC-4171-ABAE-ACEB9B695D09}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\video\hptouchsmartmusic.exe |
    "{4573EB16-76C6-4AEF-A0B2-3E3151F1CF63}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{4AD67059-2608-4856-B492-7D4C8E56CB60}" = protocol=58 | dir=out | [email protected],-28546 |
    "{50EFAB21-A0E7-4ECB-A533-9F1013176EF3}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\video\hptouchsmartvideo.exe |
    "{53B687AC-6237-4AFD-8396-314DDB0F7DD6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{54200DC5-405E-429A-A151-FFE91CCE354F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{62FDFCFC-7527-4C32-AFC7-7D9082F0D718}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{706C5569-AFE2-4BF0-92FC-42BCEA454E02}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{72D71AB8-B1F7-44C3-BD02-8B45C16DA9A8}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
    "{7F573AC6-F81E-4070-8330-C7B3BBB4ADC2}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\rnow.exe |
    "{85327C39-2413-4118-BFEA-1033AAC98B25}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{94F5A2BD-DAEE-4E44-AC74-86C040A5046A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{991166EE-9165-41A8-8C23-B8A9BC915795}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\photo\photoagent.exe |
    "{A6CF2C96-EE6F-4626-8AFE-85EED5C90BC8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{AF8C3C7D-33B9-4625-A679-4D05C17E961A}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
    "{B0780370-B34F-4826-BAC5-B3F54C41908B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{B5D2F8F5-A52B-43DD-BB95-126AB9474CD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B7685A79-0E97-4990-99A5-AF876B1650D2}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
    "{BA6BEF10-282D-4228-88BB-2956C28D91B0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BB9F7DB5-5883-4A50-9AD1-78C356F71B52}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{C1F80017-47BA-46B7-B220-87380F3600C9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{C68F3DDA-AE47-486E-BA1C-29E71068B9C9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{C853773E-4B84-41A7-9267-D5EE405959F0}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\rnow.exe |
    "{CCAA9450-E02C-47A1-B09E-019EE714D5DD}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
    "{D510FC77-FBF7-4A79-B6EE-A3899A3B8F28}" = protocol=58 | dir=in | [email protected],-28545 |
    "{DBD54E0E-5121-4C81-9F99-2143295592ED}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E7E66623-106A-41D2-A2EB-C194EF48CC74}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
    "{E9B0DE75-E4AE-41AF-A4EE-4A1340BDC8A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{EBB65F84-A3F1-4E90-A7A0-C901DFF2FFCB}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\video\kernel\clml\clmlsvc.exe |
    "{F9893EA0-2781-446A-BD43-F75D006AB6F7}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\video\hptouchsmartphoto.exe |
    "TCP Query User{620E4689-5BBA-4981-AFB5-9F472F4F7467}C:\users\deni831\appdata\roaming\usokp\dywol.exe" = protocol=6 | dir=in | app=c:\users\deni831\appdata\roaming\usokp\dywol.exe |
    "UDP Query User{A4755D51-CF66-4EDE-9B6A-3FEAF8FF49E1}C:\users\deni831\appdata\roaming\usokp\dywol.exe" = protocol=17 | dir=in | app=c:\users\deni831\appdata\roaming\usokp\dywol.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{61C3230C-D69D-44E7-B974-F8BBADB49EE6}" = Motorola Mobile Drivers Installation 5.5.0
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP TouchSmart Webcam
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
    "{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
    "{10DA2BD7-EFFC-420D-8689-CAEA577CAB7C}" = TurboTax 2011 wmiiper
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
    "{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}" = HP My Display TouchSmart Edition
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20714B53-FC73-4F9C-9687-49EB237D6FD7}" = HP TouchSmart RecipeBox
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{27710506-32B1-49B3-B95B-B7C65FA6FA15}" = HP Photo Canvas
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}" = HP Calendar
    "{2B720998-2E26-4DD6-8AC8-A1FCA4B58384}_is1" = HP TouchSmart Get Updated!
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP TouchSmart Video
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
    "{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1" = HP TouchSmart Spot
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
    "{4E575BFF-51A0-474E-A3BA-C0FCF82E6A78}" = HP Touch Browser
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1" = HP TouchSmart Bubble Wrap
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{750E9D0F-B188-4A7E-ADD2-84B7ED7D32F6}" = HP Clock
    "{75781594-73D9-4D7B-997F-14D41BF1514D}" = Twitter
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
    "{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{8364E531-493B-4B05-8041-09D5CE38B975}" = HP Weather
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1" = HP TouchSmart Tutorials
    "{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}" = HP Notes
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8AE50893-3A87-4439-9A57-942ED43F7189}" = Facebook for HP TouchSmart
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Dual Stream 802.11n Wireless LAN Card
    "{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_BASICR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_BASICR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_BASICR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
    "{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
    "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP TouchSmart Music
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
    "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9EFD323B-6ADB-4B3A-9253-EA1A75E00F25}_is1" = HP TouchSmart Ben10 Comic Book Reader
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A35E58D6-2A0F-4051-983B-79342081338E}" = HP RSS
    "{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1" = HP TouchSmart Tap Tap Bear
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C9DCE03F-8CB7-4146-A99C-0612D75177EA}" = HP TouchSmart Photo
    "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1" = HP TouchSmart Metric Converter
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
    "{DB3147AB-4024-4773-8EC0-A1FE5B44933D}" = HP LinkUp
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}" = HP Magic Canvas
    "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
    "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
    "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
    "{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}" = HP TouchSmart Video
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F12C6162-10D4-444A-9182-05CC3DB2456E}" = HP TouchSmart eBay
    "{F89BADB0-D319-470E-8024-443EE3A3402B}" = TSHostedAppLauncher
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP TouchSmart Video
    "{FBB0C095-4FF0-4AF6-8CD5-A80A390FB101}_is1" = HP TouchSmart Paint Blast
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "avast" = avast! Free Antivirus
    "BASICR" = Microsoft Office Basic 2007
    "Canon MG5200 series User Registration" = Canon MG5200 series User Registration
    "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    "CanonMyPrinter" = Canon My Printer
    "CanonSolutionMenuEX" = Canon Solution Menu EX
    "Carbonite Backup" = Carbonite
    "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
    "Google Chrome" = Google Chrome
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP TouchSmart Webcam
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP TouchSmart Video
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP TouchSmart Music
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}" = HP TouchSmart Photo
    "InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}" = HP TouchSmart Video
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP TouchSmart Video
    "Kobo" = Kobo
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "MotoHelper" = MotoHelper 2.1.40 Driver 5.5.0
    "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
    "PDF Complete" = PDF Complete Special Edition
    "TurboTax 2011" = TurboTax 2011
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WTA-070f9850-7bd7-479e-9db8-510ec3081e3e" = Bejeweled 3
    "WTA-149ffb80-3c10-45e3-b004-2ba427d0d7dd" = Mah Jong Medley
    "WTA-19d8d119-8d2e-4e54-bf25-7bb730665b56" = Polar Bowler
    "WTA-1bacbde5-4ba4-4d52-ac59-dce688c02e77" = Slingo Deluxe
    "WTA-2b6cb840-7558-41f0-8d0d-2a02a589ffb5" = Airport Mania
    "WTA-42ad455e-c128-4447-aa09-f93dfae587df" = Virtual Villagers 5 - New Believers
    "WTA-5c7040af-279d-43cd-8294-d780d4ab19af" = Farm Frenzy
    "WTA-685cb3bc-4fe2-4acd-8ae4-f32f9c219bb2" = Chuzzle Deluxe
    "WTA-762f95b7-64aa-4b44-8f7f-a7cc9bf8d7e4" = Penguins!
    "WTA-7937006d-95ae-4a0f-8059-8d8c0178d99d" = Azteca
    "WTA-7b147cb0-3a58-4c08-8da4-75db8a83c544" = Jewel Quest: The Sleepless Star - Collector's Edition
    "WTA-7fb31fb8-88ab-44f8-b721-af929c97e241" = Plants vs. Zombies - Game of the Year
    "WTA-83f3c39d-ba79-43c9-af42-78f3f432881e" = Cake Mania
    "WTA-84d6b8f5-7d97-47a5-b2bc-bc09bce0b47e" = FATE
    "WTA-8df7eacb-0369-46c1-94d2-f0c9dbe656fd" = Namco All-Stars: PAC-MAN
    "WTA-9581489a-9b57-47c9-80b2-dd920523250f" = Agatha Christie - Peril at End House
    "WTA-981844d6-5e55-42cc-bc4d-d873d0053f92" = Build-a-lot
    "WTA-a93a6634-8237-4f57-a54c-825f43f2e7a0" = Zuma Deluxe
    "WTA-ad965e46-4af8-452d-9ec6-7bfb685c234f" = Mystery of Mortlake Mansion
    "WTA-bfaf7922-a945-4cc0-ad41-04754ab4e274" = Governor of Poker 2 Premium Edition
    "WTA-cd821a6d-9528-46b4-abcb-f5c23f105200" = Bounce Symphony
    "WTA-f0ba5f9a-6798-4a51-b693-8c5c9cdaaaba" = Vacation Quest - The Hawaiian Islands
    "WTA-fc227fb8-98c2-40a2-a057-275d61821985" = Polar Golfer
    "ZinioReader4" = Zinio Reader 4

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2364189593-3991097414-1983408701-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 12/26/2012 1:47:32 PM | Computer Name = Deni831-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: rundll32.exe, version: 6.1.7600.16385,
    time stamp: 0x4a5bc637 Faulting module name: unknown, version: 0.0.0.0, time stamp:
    0x00000000 Exception code: 0xc0000005 Fault offset: 0x0257f830 Faulting process id:
    0x7c4 Faulting application start time: 0x01cde3902f3df0a4 Faulting application path:
    C:\Windows\SysWOW64\rundll32.exe Faulting module path: unknown Report Id: 52997524-4f84-11e2-8ab0-386077b15276

    Error - 12/27/2012 1:14:10 AM | Computer Name = Deni831-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16457,
    time stamp: 0x50a2f9e3 Faulting module name: Flash32_11_3_300_257.ocx, version: 11.3.300.257,
    time stamp: 0x4fc82006 Exception code: 0xc0000409 Fault offset: 0x001443c9 Faulting
    process id: 0x1fc0 Faulting application start time: 0x01cde3eef3980c5d Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_257.ocx Report Id: 3e5dc294-4fe4-11e2-8ab0-386077b15276

    Error - 12/27/2012 1:21:10 AM | Computer Name = Deni831-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16457,
    time stamp: 0x50a2f9e3 Faulting module name: Flash32_11_3_300_257.ocx, version: 11.3.300.257,
    time stamp: 0x4fc82006 Exception code: 0xc0000409 Fault offset: 0x001443c9 Faulting
    process id: 0x1484 Faulting application start time: 0x01cde3f102f35852 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_257.ocx Report Id: 3899ab01-4fe5-11e2-8ab0-386077b15276

    Error - 12/27/2012 10:24:08 AM | Computer Name = Deni831-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16457,
    time stamp: 0x50a2f9e3 Faulting module name: Flash32_11_3_300_257.ocx, version: 11.3.300.257,
    time stamp: 0x4fc82006 Exception code: 0xc0000005 Fault offset: 0x0016a6e0 Faulting
    process id: 0x1f98 Faulting application start time: 0x01cde3f1fe8d4f3f Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_257.ocx Report Id: 12ff0aba-5031-11e2-8ab0-386077b15276

    Error - 12/27/2012 3:31:02 PM | Computer Name = Deni831-HP | Source = VSS | ID = 13
    Description =

    Error - 12/27/2012 3:31:02 PM | Computer Name = Deni831-HP | Source = VSS | ID = 8193
    Description =

    Error - 12/27/2012 3:31:03 PM | Computer Name = Deni831-HP | Source = VSS | ID = 13
    Description =

    Error - 12/27/2012 3:31:03 PM | Computer Name = Deni831-HP | Source = VSS | ID = 8193
    Description =

    Error - 12/27/2012 3:47:00 PM | Computer Name = Deni831-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: rundll32.exe, version: 6.1.7600.16385,
    time stamp: 0x4a5bc637 Faulting module name: unknown, version: 0.0.0.0, time stamp:
    0x00000000 Exception code: 0xc0000096 Fault offset: 0x026600c4 Faulting process id:
    0xc78 Faulting application start time: 0x01cde468deec4f2b Faulting application path:
    C:\Windows\SysWOW64\rundll32.exe Faulting module path: unknown Report Id: 2d67c6e2-505e-11e2-bde0-386077b15276

    Error - 12/27/2012 3:47:00 PM | Computer Name = Deni831-HP | Source = Application Error | ID = 1005
    Description = Windows cannot access the file for one of the following reasons: there
    is a problem with the network connection, the disk that the file is stored on,
    or the storage drivers installed on this computer; or the disk is missing. Windows
    closed the program Windows host process (Rundll32) because of this error. Program:
    Windows host process (Rundll32) File: The error value is listed in the Additional
    Data section. User Action 1. Open the file again. This situation might be a temporary
    problem that corrects itself when the program runs again. 2. If the file still cannot
    be accessed and - It is on the network, your network administrator should verify
    that there is not a problem with the network and that the server can be contacted.
    -
    It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
    disk is fully inserted into the computer. 3. Check and repair the file system by
    running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
    OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
    persists, restore the file from a backup copy. 5. Determine whether other files
    on the same disk can be opened. If not, the disk might be damaged. If it is a hard
    disk, contact your administrator or computer hardware vendor for further assistance.

    Additional
    Data Error value: 00000000 Disk type: 0

    Error - 12/27/2012 3:47:00 PM | Computer Name = Deni831-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: rundll32.exe, version: 6.1.7600.16385,
    time stamp: 0x4a5bc637 Faulting module name: unknown, version: 0.0.0.0, time stamp:
    0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
    0xc78 Faulting application start time: 0x01cde468deec4f2b Faulting application path:
    C:\Windows\SysWOW64\rundll32.exe Faulting module path: unknown Report Id: 2db1c948-505e-11e2-bde0-386077b15276

    Error - 12/27/2012 5:03:22 PM | Computer Name = Deni831-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: rundll32.exe, version: 6.1.7600.16385,
    time stamp: 0x4a5bc637 Faulting module name: unknown, version: 0.0.0.0, time stamp:
    0x00000000 Exception code: 0xc0000005 Fault offset: 0x0087f830 Faulting process id:
    0xdec Faulting application start time: 0x01cde473aecc0ff3 Faulting application path:
    C:\Windows\SysWOW64\rundll32.exe Faulting module path: unknown Report Id: d8847de6-5068-11e2-beee-386077b15276

    [ Hewlett-Packard Events ]
    Error - 10/21/2012 11:41:20 AM | Computer Name = Deni831-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 10/21/2012 12:00:58 PM | Computer Name = Deni831-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 10/21/2012 12:05:30 PM | Computer Name = Deni831-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 10/21/2012 1:08:06 PM | Computer Name = Deni831-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 10/21/2012 1:34:58 PM | Computer Name = Deni831-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 11/3/2012 3:47:21 PM | Computer Name = Deni831-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
    Message:
    Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
    Source:
    HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
    Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 4000
    Ram
    Utilization: 30 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


    Error - 11/3/2012 3:54:17 PM | Computer Name = Deni831-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
    Message:
    Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
    Source:
    HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
    Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 4000
    Ram
    Utilization: 70 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


    Error - 11/9/2012 10:45:36 PM | Computer Name = Deni831-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
    RAM:
    4000 Ram Utilization: 30 TargetSite: Void loadActiveCheckResult(Boolean)

    Error - 11/9/2012 10:45:37 PM | Computer Name = Deni831-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
    RAM:
    4000 Ram Utilization: 30 TargetSite: Void loadActiveCheckResult(Boolean)

    Error - 11/16/2012 10:42:28 PM | Computer Name = Deni831-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
    at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
    includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
    Path:
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
    RAM:
    4000 Ram Utilization: 50 TargetSite: Void loadActiveCheckResult(Boolean)

    [ Media Center Events ]
    Error - 8/30/2012 4:00:17 AM | Computer Name = Deni831-HP | Source = MCUpdate | ID = 0
    Description = 4:00:12 AM - Error connecting to the internet. 4:00:13 AM - Unable
    to contact server..

    Error - 8/30/2012 5:00:56 AM | Computer Name = Deni831-HP | Source = MCUpdate | ID = 0
    Description = 5:00:56 AM - Error connecting to the internet. 5:00:56 AM - Unable
    to contact server..

    Error - 8/30/2012 5:01:27 AM | Computer Name = Deni831-HP | Source = MCUpdate | ID = 0
    Description = 5:01:26 AM - Error connecting to the internet. 5:01:26 AM - Unable
    to contact server..

    Error - 9/22/2012 5:22:34 AM | Computer Name = Deni831-HP | Source = MCUpdate | ID = 0
    Description = 5:22:34 AM - Failed to retrieve NetTV (Error: Unable to connect to
    the remote server)

    Error - 9/22/2012 5:23:27 AM | Computer Name = Deni831-HP | Source = MCUpdate | ID = 0
    Description = 5:23:27 AM - Failed to retrieve MCEClientUX (Error: Unable to connect
    to the remote server)

    Error - 9/23/2012 5:32:59 AM | Computer Name = Deni831-HP | Source = MCUpdate | ID = 0
    Description = 5:32:59 AM - Failed to retrieve SportsSchedule (Error: Unable to connect
    to the remote server)

    [ System Events ]
    Error - 8/13/2012 12:01:06 AM | Computer Name = Deni831-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume OS.

    Error - 8/14/2012 12:00:20 AM | Computer Name = Deni831-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume OS.

    Error - 8/15/2012 12:01:09 AM | Computer Name = Deni831-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume OS.

    Error - 8/16/2012 12:00:24 AM | Computer Name = Deni831-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume OS.

    Error - 8/16/2012 3:27:55 AM | Computer Name = Deni831-HP | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 3:26:35 AM on ?8/?16/?2012 was unexpected.

    Error - 8/16/2012 4:06:02 AM | Computer Name = Deni831-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume OS.

    Error - 8/17/2012 12:00:24 AM | Computer Name = Deni831-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume OS.

    Error - 8/18/2012 12:00:25 AM | Computer Name = Deni831-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume OS.

    Error - 8/19/2012 12:00:27 AM | Computer Name = Deni831-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume OS.

    Error - 8/20/2012 12:00:26 AM | Computer Name = Deni831-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume OS.


    < End of report >
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    While I have a look through those logs do the following:

    Upload a File to Virustotal
    Go to http://www.virustotal.com/
    • Click the Browse... button
    • Navigate to the file C:\Users\Deni831\AppData\Local\cspxsvpg.exe or just copy/paste it in.
    • Click the Scan it tab
    • If you get a message saying File has already been analyzed: click Reanalyze file now
    • Copy and paste the results back here please.

    Let me see the result...
     
  8. Deni831

    Deni831 Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    71
    Here are the results Kevin:

    SHA256: 63788b925f1e03c8ec480872a764647dd9e82be752f785a5fa6a8da3a343c2e6
    SHA1: 3f5dc8abe16e6e4280c293d85c3c472861189381
    MD5: 6129d1a0591b468bebb2f454e0e804cf
    File size: 159.5 KB ( 163328 bytes )
    File name: cspxsvpg.exe
    File type: Win32 EXE
    Detection ratio: 16 / 46
    Analysis date: 2013-01-04 22:52:39 UTC ( 0 minutes ago


    Antivirus Result Update
    Agnitum - 20130104
    AhnLab-V3 Trojan/Win32.Midhos 20130104
    AntiVir TR/Medfos.A.2012 20130104
    Antiy-AVL - 20130104
    Avast - 20130104
    AVG Cryptic.EMI 20130104
    BitDefender Gen:Variant.Symmi.8283 20130104
    ByteHero - 20121226
    CAT-QuickHeal - 20130104
    ClamAV - 20130104
    Commtouch - 20130104
    Comodo TrojWare.Win32.Medfos.HL 20130104
    DrWeb - 20130104
    Emsisoft - 20130104
    eSafe - 20130103
    ESET-NOD32 a variant of Win32/Medfos.HL 20130104
    F-Prot - 20130104
    F-Secure Gen:Variant.Symmi.8283 20130104
    Fortinet - 20130104
    GData Gen:Variant.Symmi.8283 20130104
    Ikarus - 20130104
    Jiangmin - 20121221
    K7AntiVirus - 20130104
    Kaspersky Trojan.Win32.Midhos.acgp 20130104
    Kingsoft - 20130104
    Malwarebytes - 20130104
    McAfee Medfos.ce 20130104
    McAfee-GW-Edition - 20130104
    Microsoft Trojan:Win32/Medfos.A 20130104
    MicroWorld-eScan Gen:Variant.Symmi.8283 20130104
    NANO-Antivirus - 20130104
    Norman - 20130104
    nProtect - 20130104
    Panda - 20130104
    PCTools - 20130104
    Rising - 20130104
    Sophos Mal/Medfos-M 20130104
    SUPERAntiSpyware - 20130104
    Symantec WS.Reputation.1 20130104
    TheHacker - 20130103
    TotalDefense - 20130104
    TrendMicro - 20130104
    TrendMicro-HouseCall - 20130104
    VBA32 - 20130104
    VIPRE Trojan.Win32.Medfos.m (v) 20130104
    ViRobot Trojan.Win32.A.Midhos.163328.AP 20130104
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Thanks for the data, quite a nasty trojan. OK do the following:

    Re-Run [​IMG] by double left click, Vista and Widows 7 users accept UAC alert.
    • Under the [​IMG] box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKU\S-1-5-21-2364189593-3991097414-1983408701-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      O4 - HKU\S-1-5-21-2364189593-3991097414-1983408701-1001..\Run: [mshbaf] "C:\Windows\System32\rundll32.exe" "C:\Users\Deni831\AppData\Roaming\mshbaf.dll",read_rows File not found
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
      O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      [2012/12/26 08:10:41 | 000,046,117 | ---- | M] () -- C:\Users\Deni831\AppData\Local\gunqbuut
      [2012/12/25 21:14:02 | 000,046,117 | ---- | M] () -- C:\Users\Deni831\AppData\Local\vxgfphqe
      [2012/12/25 11:34:23 | 000,046,117 | ---- | M] () -- C:\Users\Deni831\AppData\Local\qlitnieb
      [2012/12/24 14:57:55 | 000,046,117 | ---- | M] () -- C:\Users\Deni831\AppData\Local\gepnpnks
      [2012/12/24 14:50:52 | 000,046,280 | ---- | M] () -- C:\Users\Deni831\AppData\Local\ahevhjgd
      [2012/12/24 14:15:35 | 000,046,131 | ---- | M] () -- C:\Users\Deni831\AppData\Local\ekptxwvi
      [2012/12/23 05:22:54 | 000,046,131 | ---- | M] () -- C:\Users\Deni831\AppData\Local\qovwpdvf
      [2012/12/23 00:17:18 | 000,046,075 | ---- | M] () -- C:\Users\Deni831\AppData\Local\aaijuuse
      [2012/12/22 23:55:50 | 000,163,328 | ---- | C] (Donkey) -- C:\Users\Deni831\AppData\Local\cspxsvpg.exe
      [2012/12/25 04:58:13 | 000,006,525 | ---- | C] () -- C:\Users\Deni831\AppData\Local\276f85f7-5a9f-4ec3-96c4-dc830f2d7f90.crx
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [emptytemp]
      [EMPTYFLASH]
      [CREATERESTOREPOINT]
      [Reboot]
      
    • Then click [​IMG] button at the top
    • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
    • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

    Next,

    Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

    Download Malwarebytes from one of the following links and save it to your desktop.:


    http://www.malwarebytes.org/mbam.php
    http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml
    http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Let me see those two logs please...

    Kevin
     
  10. Deni831

    Deni831 Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    71
    Kevin,

    Here is the first log, the Malwarebytes log will follow in the next post.

    Denise


    OTL Log

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-2364189593-3991097414-1983408701-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2364189593-3991097414-1983408701-1001\Software\Microsoft\Windows\CurrentVersion\Run\\mshbaf deleted successfully.
    Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
    File Protocol\Handler\livecall - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
    File Protocol\Handler\ms-help - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
    File Protocol\Handler\msnim - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
    File Protocol\Handler\wlmailhtml - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
    File Protocol\Handler\wlpg - No CLSID value found not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    C:\Users\Deni831\AppData\Local\gunqbuut moved successfully.
    C:\Users\Deni831\AppData\Local\vxgfphqe moved successfully.
    C:\Users\Deni831\AppData\Local\qlitnieb moved successfully.
    C:\Users\Deni831\AppData\Local\gepnpnks moved successfully.
    C:\Users\Deni831\AppData\Local\ahevhjgd moved successfully.
    C:\Users\Deni831\AppData\Local\ekptxwvi moved successfully.
    C:\Users\Deni831\AppData\Local\qovwpdvf moved successfully.
    C:\Users\Deni831\AppData\Local\aaijuuse moved successfully.
    C:\Users\Deni831\AppData\Local\cspxsvpg.exe moved successfully.
    C:\Users\Deni831\AppData\Local\276f85f7-5a9f-4ec3-96c4-dc830f2d7f90.crx moved successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Deni831\Downloads\cmd.bat deleted successfully.
    C:\Users\Deni831\Downloads\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Deni831
    ->Temp folder emptied: 108301 bytes
    ->Temporary Internet Files folder emptied: 1681428 bytes
    ->Google Chrome cache emptied: 6212007 bytes
    ->Flash cache emptied: 506 bytes

    User: Public

    User: TEMP

    User: TEMP.ROBERTFAMILY

    User: TEMP.ROBERTFAMILY.000

    User: TEMP.ROBERTFAMILY.001

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 9104 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 8.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Deni831
    ->Flash cache emptied: 0 bytes

    User: Public

    User: TEMP

    User: TEMP.ROBERTFAMILY

    User: TEMP.ROBERTFAMILY.000

    User: TEMP.ROBERTFAMILY.001

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 01042013_200905

    Files\Folders moved on Reboot...
    C:\Users\Deni831\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  11. Deni831

    Deni831 Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    71
    Kevin,

    Here is the Malwarebytes log:

    Denise

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.04.10

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Deni831 :: DENI831-HP [administrator]

    1/4/2013 8:18:26 PM
    mbam-log-2013-01-04 (20-18-26).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 220576
    Time elapsed: 2 minute(s), 9 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Thanks for the logs Denise, ok looks better but still need to run an online AV scan to make sure we`ve missed nothing, This scan will be very thorough so may take several hours....

    Run Eset Online Scanner

    **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

    Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • click on the Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
      Click Start
    • When asked, allow the add/on to be installed
      Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
      Click Scan
    • wait for the virus definitions to be downloaded
    • Wait for the scan to finish
    When the scan is complete

    • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
    If threats were found

    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    close program
    copy and paste the report here

    Next,

    Run this scan to check security status, also Java, Adobe etc... Is quite quick this one...

    Download Security Check by screen317 from either of the following:
    http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Post those two logs, also let me know of any remaining issues or concerns....

    Thanks,

    Kevin....:)
     
  13. Deni831

    Deni831 Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    71
    Hi Kevin,

    Here are the results of the two scans:

    Denise

    ESET SCAN Notepad results:
    C:\_OTL\MovedFiles\01042013_200905\C_Users\Deni831\AppData\Local\cspxsvpg.exe a variant of Win32/Medfos.HL trojan cleaned by deleting - quarantined
    C:\_OTM\MovedFiles\01032013_202810\C_Users\Deni831\AppData\Roaming\ifpnv.dll a variant of Win32/Medfos.HK trojan cleaned by deleting - quarantined
    C:\_OTM\MovedFiles\01032013_202810\C_Users\Deni831\AppData\Roaming\mshbaf.dll a variant of Win32/Medfos.HK trojan cleaned by deleting - quarantined


    Checkup Notepad results:
    Results of screen317's Security Check version 0.99.56
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus out of date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.70.0.1100
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    Google Chrome 23.0.1271.64
    Google Chrome 23.0.1271.91
    Google Chrome 23.0.1271.95
    Google Chrome 23.0.1271.97
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hello Denise,

    Can you make sure Avast is turned on and updated after DDS is run. How is your system responding now, any obvious issues or concerns?

    Run final DDS scan, if logs are good we can clean up and let you go:

    Download and save DDS to your Desktop from either of the following links:

    http://download.bleepingcomputer.com/sUBs/dds.scr
    http://compendiate.net/sUBs/dds/dds.scr

    Double click DDS to run the scan, Vista or Windows 7 user accept UAC alert.
    There will be an alert that two logs will be saved to the Desktop, DDS.txt and Attach.txt
    Copy and paste those two logs to your reply when the scan is complete....

    Post those two logs,

    Kevin....(y)
     
  15. Deni831

    Deni831 Thread Starter

    Joined:
    Jul 23, 2004
    Messages:
    71
    Hi Kevin,

    Attached are the two logs. I don't know if this makes any difference or not, but I could not get the DDS program to open at all in Chrome...the links simply did not work. But when I switched to Internet Explorer, all seems well.

    The RUNdll error I was previous receiving upon startup is now gone.

    Can you tell me what has been wrong with my computer?

    Thanks!
    Denise

    Attach - notepad
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/22/2011 7:14:37 PM
    System Uptime: 1/5/2013 11:29:16 AM (0 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | 2AC3
    Processor: Intel(R) Pentium(R) CPU G620 @ 2.60GHz | CPU 1 | 2600/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 328.939 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 1.8 GiB free.
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP129: 12/27/2012 3:23:48 PM - Windows Update
    RP130: 1/1/2013 4:09:48 AM - Windows Update
    RP131: 1/1/2013 10:40:45 PM - Windows Modules Installer
    RP132: 1/1/2013 11:05:02 PM - Windows Modules Installer
    RP133: 1/1/2013 11:22:45 PM - Removed Norton Online Backup
    RP134: 1/1/2013 11:23:33 PM - Removed Twitter
    RP135: 1/1/2013 11:36:24 PM - Windows Modules Installer
    RP136: 1/3/2013 8:49:00 PM - Windows Modules Installer
    RP137: 1/4/2013 8:09:41 PM - OTL Restore Point - 1/4/2013 8:09:38 PM
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Agatha Christie - Peril at End House
    Airport Mania
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    Azteca
    Bejeweled 3
    Bing Bar
    Bing Maps 3D
    Blio
    Bonjour
    Bounce Symphony
    Build-a-lot
    Cake Mania
    Canon Easy-PhotoPrint EX
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MG5200 series MP Drivers
    Canon MG5200 series User Registration
    Canon MP Navigator EX 4.0
    Canon My Printer
    Canon Solution Menu EX
    Carbonite
    Chuzzle Deluxe
    D3DX10
    DirectX for Managed Code Update (Summer 2004)
    Dual Stream 802.11n Wireless LAN Card
    DVD Menu Pack for HP TouchSmart Video
    Facebook for HP TouchSmart
    Farm Frenzy
    FATE
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Governor of Poker 2 Premium Edition
    Hewlett-Packard ACLM.NET v1.2.1.1
    HP Auto
    HP Calendar
    HP Client Services
    HP Clock
    HP Customer Experience Enhancements
    HP Games
    HP LinkUp
    HP Magic Canvas
    HP MovieStore
    HP My Display TouchSmart Edition
    HP Notes
    HP Odometer
    HP Photo Canvas
    HP RSS
    HP Setup
    HP Setup Manager
    HP Support Assistant
    HP Support Information
    HP Touch Browser
    HP TouchSmart Ben10 Comic Book Reader
    HP TouchSmart Bubble Wrap
    HP TouchSmart eBay
    HP TouchSmart Get Updated!
    HP TouchSmart Metric Converter
    HP TouchSmart Music
    HP TouchSmart Paint Blast
    HP TouchSmart Photo
    HP TouchSmart RecipeBox
    HP TouchSmart Spot
    HP TouchSmart Tap Tap Bear
    HP TouchSmart Tutorials
    HP TouchSmart Video
    HP TouchSmart Webcam
    HP Update
    HP Vision Hardware Diagnostics
    HP Weather
    IDT Audio
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    iTunes
    Jewel Quest: The Sleepless Star - Collector's Edition
    Junk Mail filter update
    Kobo
    LabelPrint
    Mah Jong Medley
    Malwarebytes Anti-Malware version 1.70.0.1100
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Mathematics
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010
    Microsoft Office Basic 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Touch Pack for Windows 7
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft WSE 3.0 Runtime
    Microsoft XNA Framework Redistributable 3.0
    MotoHelper 2.1.40 Driver 5.5.0
    MotoHelper MergeModules
    Motorola Mobile Drivers Installation 5.5.0
    Movie Theme Pack for HP TouchSmart Video
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery of Mortlake Mansion
    Namco All-Stars: PAC-MAN
    Paint Shop Pro 7 Anniversary Edition
    PDF Complete Special Edition
    Penguins!
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime amd64
    PlayReady PC Runtime x86
    Polar Bowler
    Polar Golfer
    Power2Go
    PressReader
    Realtek PCIE Card Reader
    Recovery Manager
    Remote Graphics Receiver
    RoxioNow Player
    SDK
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Slingo Deluxe
    TSHostedAppLauncher
    TurboTax 2011
    TurboTax 2011 WinPerFedFormset
    TurboTax 2011 WinPerReleaseEngine
    TurboTax 2011 WinPerTaxSupport
    TurboTax 2011 wmiiper
    TurboTax 2011 wrapper
    Twitter
    Unity Web Player
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Installer for WildTangent Games App
    Vacation Quest - The Hawaiian Islands
    Virtual Villagers 5 - New Believers
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Zinio Reader 4
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/3/2013 8:48:58 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
    1/3/2013 8:30:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CarboniteService service.
    1/3/2013 6:13:50 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000000, 0x0000000000000002, 0x0000000000000008, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\010313-29936-01.dmp. Report Id: 010313-29936-01.
    1/1/2013 6:22:52 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    1/1/2013 6:22:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/1/2013 6:22:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/1/2013 6:22:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    1/1/2013 6:22:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    1/1/2013 6:22:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/1/2013 6:22:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
    1/1/2013 6:22:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/1/2013 6:22:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi BHDrvx64 ccSet_NIS DfsC discache IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
    1/1/2013 6:22:35 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/1/2013 6:22:35 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/1/2013 6:22:35 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    1/1/2013 6:22:35 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/1/2013 6:22:35 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/1/2013 6:22:35 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    1/1/2013 6:22:35 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/1/2013 6:22:35 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/1/2013 6:22:35 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/1/2013 6:22:35 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/1/2013 4:58:40 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Deni831-HP\Deni831 SID (S-1-5-21-2364189593-3991097414-1983408701-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    .
    ==== End Of File ===========================



    DDS - notepad
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457
    Run by Deni831 at 11:34:35 on 2013-01-05
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4000.2130 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
    C:\Program Files\IDT\WDM\beats64.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    C:\Windows\system32\msiexec.exe
    C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
    C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\splwow64.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe,
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
    mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    TCP: NameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{585AE280-9F1A-4F84-9B6D-B4568A729A54} : DHCPNameServer = 209.18.47.61 209.18.47.62
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
    x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Notify: igfxcui - igfxdev.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-12-22 984144]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-12-22 370288]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-12 89600]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-12-22 25232]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-12-22 71600]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-12-26 44808]
    R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-10-12 2375168]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
    R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-2-1 214896]
    R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-10-12 1128952]
    R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-10-12 109168]
    R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-12 2656280]
    R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2011-5-30 31088]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-7-5 1874016]
    R3 NWVoltron;NextWindow Voltron Touch Screen;C:\Windows\System32\drivers\NWVoltron.sys [2011-6-23 28440]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-3-3 343144]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-23 565352]
    R3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2011-10-12 131656]
    R3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2011-10-12 399944]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 hidkmdf;Microsoft HID Class Shim for KMDF;C:\Windows\System32\drivers\hidkmdf.sys [2011-10-12 16152]
    S3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);C:\Windows\System32\drivers\NWWakeFilterV.sys [2011-10-12 16152]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-27 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-27 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-27 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-24 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-01-05 01:46:09 -------- d-----w- C:\Program Files (x86)\ESET
    2013-01-05 01:16:39 -------- d-----w- C:\Users\Deni831\AppData\Local\Programs
    2013-01-05 00:51:40 -------- d-----w- C:\_OTL
    2013-01-04 07:08:57 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{09A7E257-5672-4575-9AD9-C0D32BEB0F98}\offreg.dll
    2013-01-04 07:08:24 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{09A7E257-5672-4575-9AD9-C0D32BEB0F98}\mpengine.dll
    2013-01-04 01:28:10 -------- d-----w- C:\_OTM
    2012-12-27 20:32:52 37888 ----a-w- C:\Windows\System32\beats64.exe
    2012-12-27 20:32:52 1819648 ----a-w- C:\Windows\System32\IDTNC64.cpl
    2012-12-27 20:27:03 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
    2012-12-27 20:27:01 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
    2012-12-27 20:27:01 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
    2012-12-27 20:27:01 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
    2012-12-27 20:23:46 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-12-27 20:23:46 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-12-27 20:23:46 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-12-27 20:23:45 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-12-27 20:23:45 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-12-27 20:23:45 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-12-27 20:23:45 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
    2012-12-27 20:23:43 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-12-27 20:23:43 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-12-27 20:23:40 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-12-27 20:23:39 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-12-21 08:00:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-21 08:00:36 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-21 08:00:31 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-21 08:00:29 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-17 20:38:44 -------- d-----w- C:\Users\Deni831\AppData\Roaming\Windows Live Writer
    2012-12-17 20:38:44 -------- d-----w- C:\Users\Deni831\AppData\Local\Windows Live Writer
    2012-12-13 08:01:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
    2012-12-13 00:14:23 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-12-13 00:14:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-12-13 00:14:11 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-12-13 00:12:50 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-12-13 00:12:50 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    .
    ==================== Find3M ====================
    .
    2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-10-30 23:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-10-30 23:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-10-30 23:51:07 41224 ----a-w- C:\Windows\avastSS.scr
    2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-15 16:59:28 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
    .
    ============= FINISH: 11:35:02.99 ===============
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Malicious Warnings Virus
  1. bence12
    Replies:
    0
    Views:
    218
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1083614

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice