C:\Windows\svchost.exe.Trojan.Agent causing blue screen and random crashes do not know how to fix

Inactive
By rlhartzell
Nov 6, 2012
  1. rlhartzell

    rlhartzell Newcomer, in training Topic Starter Posts: 34

    Hello
    I have tried to do the following request, but I cannot get it to run. when I get to the command prompt screen and type in h:\frst.exe it states is not recognized as an internal or external command.
    Is there something that I am doing wrong or should try differently?
    Thank you!!
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    When you get to the Command Prompt screen, type Notepad to open Notepad.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
  3. rlhartzell

    rlhartzell Newcomer, in training Topic Starter Posts: 34

    Hello
    I just wanted to let you know that I had a family emergency but I will try to get that scan done today sometime. Also I did switch the letter e to the letter h that my computer was showing it to be. Should I download the download from a non infected ccomputer first and then try it on the infected computer?
    Thank you,
    Becky
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Yes do that. Will wait. :)
  5. rlhartzell

    rlhartzell Newcomer, in training Topic Starter Posts: 34

    I just wanted to check in and let you know that I have not forgotten. Things did not turn out how I wanted. I am downloading now and will try to perform the scan again.
  6. rlhartzell

    rlhartzell Newcomer, in training Topic Starter Posts: 34

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2012
    Ran by SYSTEM at 21-11-2012 23:43:56
    Running from H:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
    HKLM\...\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [169528 2011-10-07] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
    HKU\Kiddos\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-08-27] (Google Inc.)
    HKU\Kiddos\...\Policies\system: [LogonHoursAction] 2
    HKU\Kiddos\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Kiddos.Sunshine-HP\...\Run: [EPSON NX330 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAA.EXE /FU "C:\Users\KIDDOS~1.SUN\AppData\Local\Temp\E_S3340.tmp" /EF "HKCU" [232448 2011-01-20] (SEIKO EPSON CORPORATION)
    HKU\Kiddos.Sunshine-HP\...\Policies\system: [LogonHoursAction] 2
    HKU\Kiddos.Sunshine-HP\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Sunshine\...\Policies\system: [LogonHoursAction] 2
    HKU\Sunshine\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
    Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
    ==================== Services (Whitelisted) ===================
    2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
    2 N360; "C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
    2 Secunia PSI Agent; "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service [1328736 2012-09-24] (Secunia)
    2 Secunia Update Agent; "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service [656480 2012-09-24] (Secunia)
    ==================== Drivers (Whitelisted) =====================
    3 bcbtums; C:\Windows\System32\Drivers\bcbtums.sys [133672 2011-09-20] (Broadcom Corporation.)
    3 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [1384608 2012-10-23] (Symantec Corporation)
    3 BTWDPAN; C:\Windows\System32\Drivers\BTWDPAN.sys [89640 2011-09-20] (Broadcom Corporation.)
    3 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
    3 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-18] (Symantec Corporation)
    3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation)
    3 HP8207_8307; C:\Windows\System32\Drivers\HP8207_8307.sys [15360 2010-02-04] (Windows (R) Win 7 DDK provider)
    3 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20121121.001\IDSvia64.sys [513184 2012-10-30] (Symantec Corporation)
    3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20121121.016\ENG64.SYS [126112 2012-11-21] (Symantec Corporation)
    3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20121121.016\EX64.SYS [2084000 2012-11-21] (Symantec Corporation)
    3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
    3 SRTSPX; C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
    3 SymDS; C:\Windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS [451192 2012-01-17] (Symantec Corporation)
    3 SymEFA; C:\Windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
    3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-04-16] (Symantec Corporation)
    3 SymIRON; C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS [190072 2012-01-17] (Symantec Corporation)
    3 SymNetS; C:\Windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS [405624 2012-01-17] (Symantec Corporation)
    3 catchme; \??\C:\ComboFix\catchme.sys [x]
    ==================== NetSvcs (Whitelisted) ====================

    ==================== One Month Created Files and Folders ========
    2012-11-16 17:19 - 2012-11-16 17:19 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Local\Hewlett-Packard
    2012-11-16 16:09 - 2012-11-16 16:09 - 00002185 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
    2012-11-16 16:06 - 2012-11-16 16:06 - 00000000 ____D C:\Users\All Users\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
    2012-11-15 19:59 - 2012-11-15 19:59 - 00000000 ____D C:\FRST
    2012-11-15 11:14 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
    2012-11-15 11:14 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
    2012-11-15 11:14 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
    2012-11-15 11:14 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    2012-11-15 11:08 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-11-15 11:08 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-11-15 11:08 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-11-15 11:08 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-11-15 11:08 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-11-15 11:08 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-11-15 11:08 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-11-15 11:08 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-11-15 11:08 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-11-15 11:08 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-11-15 11:08 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-11-15 11:08 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-11-15 11:08 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-11-15 11:08 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-11-15 11:08 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-11-15 11:08 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-11-15 11:08 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-11-15 11:08 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-11-15 11:08 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-11-15 11:08 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-11-15 11:08 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-11-15 11:08 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-11-15 11:08 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-11-15 11:08 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-11-15 11:08 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-11-15 11:08 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-11-15 11:08 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-11-15 11:08 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-11-15 11:08 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-11-15 11:08 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-11-15 11:08 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-11-15 11:08 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-11-15 11:05 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
    2012-11-15 11:05 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
    2012-11-15 11:05 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
    2012-11-15 11:05 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
    2012-11-15 11:05 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-15 11:05 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
    2012-11-15 11:05 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
    2012-11-15 11:05 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    2012-11-15 09:56 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-11-15 09:56 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
    2012-11-15 09:56 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
    2012-11-15 09:56 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
    2012-11-15 09:56 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
    2012-11-15 09:56 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-11-15 09:56 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
    2012-11-15 09:56 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
    2012-11-15 09:56 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
    2012-11-15 09:56 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
    2012-11-15 09:56 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
    2012-11-15 09:56 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
    2012-11-15 09:56 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
    2012-11-15 09:56 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2012-11-15 09:56 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
    2012-11-15 09:56 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
    2012-11-15 09:56 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2012-11-15 09:55 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
    2012-11-15 09:55 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
    2012-11-14 16:28 - 2012-11-14 16:28 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Local\Adobe
    2012-11-12 22:24 - 2012-11-12 23:42 - 00058344 ____A C:\Users\Sunshine\Desktop\Nmc_2012-11-13_01-24-42.log
    2012-11-12 22:24 - 2012-11-12 22:24 - 00000000 ____D C:\Users\Sunshine\AppData\Local\Norman Malware Cleaner
    2012-11-12 22:13 - 2012-11-12 22:24 - 217393728 ____A (Norman ASA) C:\Users\Sunshine\Desktop\Norman_Malware_Cleaner.exe
    2012-11-12 13:35 - 2012-11-12 13:35 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Local\Microsoft Games
    2012-11-12 13:34 - 2012-11-21 13:48 - 00108816 ____A C:\Users\Kiddos.Sunshine-HP\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-11-10 10:12 - 2012-11-10 10:33 - 00000000 ____D C:\Users\Sunshine\Documents\alphabet for trenton
    2012-11-10 08:18 - 2012-11-10 08:18 - 00008398 ____A C:\Users\Sunshine\Desktop\HitmanPro_20121110_1118.log
    2012-11-10 08:13 - 2012-11-10 08:13 - 00000000 ____D C:\Users\All Users\HitmanPro
    2012-11-10 08:12 - 2012-11-10 08:13 - 09015072 ____A (SurfRight B.V.) C:\Users\Sunshine\Desktop\HitmanPro36_x64.exe
    2012-11-09 18:25 - 2012-11-09 18:25 - 00000512 ____A C:\Users\Sunshine\Desktop\MBRscan (2).txt
    2012-11-09 18:10 - 2012-11-09 18:11 - 00930691 ____A C:\Users\Sunshine\Desktop\gfd.txt
    2012-11-09 03:11 - 2012-11-09 03:11 - 00000963 ____A C:\Users\Sunshine\Desktop\kaspersky 11912.txt
    2012-11-09 00:00 - 2012-11-09 00:00 - 00263236 ____A C:\Windows\msxml4-KB2721691-enu.LOG
    2012-11-08 04:30 - 2012-11-08 04:30 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
    2012-11-08 04:15 - 2012-11-08 04:29 - 143004736 ____A C:\Users\Sunshine\Desktop\setup_11.0.0.1245.x01_2012_11_08_15_14.exe
    2012-11-07 14:27 - 2012-11-09 18:25 - 00002760 ____A C:\Users\Sunshine\Desktop\aswMBR.txt
    2012-11-07 14:27 - 2012-11-07 14:27 - 00000512 ____A C:\Users\Sunshine\Desktop\MBRscan.txt
    2012-11-07 14:14 - 2012-11-07 14:14 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-11-07 14:10 - 2012-11-07 14:11 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Sunshine\Desktop\tdsskiller.exe
    2012-11-07 05:26 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
    2012-11-06 14:12 - 2012-11-06 14:12 - 00021796 ____A C:\ComboFix.txt
    2012-11-06 13:59 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-11-06 13:59 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-11-06 13:59 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-11-06 13:59 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-11-06 13:59 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-11-06 13:59 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2012-11-06 13:59 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-11-06 13:59 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2012-11-06 13:56 - 2012-11-06 14:12 - 00000000 ____D C:\Qoobox
    2012-11-06 13:55 - 2012-11-06 14:10 - 00000000 ____D C:\Windows\erdnt
    2012-11-06 13:54 - 2012-11-06 13:55 - 04997881 ____R (Swearware) C:\Users\Sunshine\Desktop\ComboFix.exe
    2012-11-06 05:38 - 2012-11-06 05:38 - 00025881 ____A C:\Users\Sunshine\Desktop\dds.txt
    2012-11-06 05:38 - 2012-11-06 05:38 - 00019449 ____A C:\Users\Sunshine\Desktop\attach.txt
    2012-11-06 05:34 - 2012-11-06 05:34 - 00000411 ____A C:\Users\Sunshine\Desktop\gmer.log
    2012-11-06 05:09 - 2012-11-06 05:11 - 00302592 ____A C:\Users\Sunshine\Desktop\f04bhlw2.exe
    2012-11-06 04:14 - 2012-11-06 05:10 - 00002920 ____A C:\Users\Sunshine\Desktop\Rkill 110612.txt
    2012-11-05 10:59 - 2012-11-05 10:59 - 02434048 ____A C:\Users\Sunshine\Downloads\msxml.msi
    2012-11-05 10:11 - 2012-11-05 10:43 - 00007597 ____A C:\Users\Sunshine\AppData\Local\Resmon.ResmonCfg
    2012-11-05 09:39 - 2012-11-05 09:39 - 00000000 ____D C:\Program Files (x86)\HP
    2012-11-04 20:41 - 2012-11-04 20:41 - 00036507 ____A C:\Users\Sunshine\Desktop\sfcdetails.txt
    2012-11-04 19:58 - 2012-11-06 04:31 - 00000000 ____D C:\Windows\pss
    2012-11-04 19:53 - 2012-11-04 19:53 - 00266288 ____A C:\Windows\Minidump\110412-20264-01.dmp
    2012-11-04 19:04 - 2012-11-04 19:06 - 10669896 ____A (Malwarebytes Corporation ) C:\Users\Sunshine\Desktop\mbam-setup.exe
    2012-11-04 19:03 - 2012-11-04 19:03 - 01679264 ____A (Bleeping Computer, LLC) C:\Users\Sunshine\Desktop\rkill.com
    2012-11-04 18:46 - 2012-11-04 18:59 - 68897872 ____A (Microsoft Corporation) C:\Users\Sunshine\Downloads\mpam-fe.exe
    2012-11-04 18:36 - 2012-11-04 18:36 - 00266288 ____A C:\Windows\Minidump\110412-24102-01.dmp
    2012-11-04 00:58 - 2012-11-04 00:58 - 00002259 ____A C:\Users\Sunshine\Desktop\Google Chrome.lnk
    2012-11-03 21:57 - 2012-08-23 06:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
    2012-11-03 21:57 - 2012-08-23 06:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
    2012-11-03 21:57 - 2012-08-23 06:08 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
    2012-11-03 21:57 - 2012-08-23 06:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
    2012-11-03 21:57 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2012-11-03 21:57 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2012-11-03 21:57 - 2012-08-23 05:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
    2012-11-03 21:57 - 2012-08-23 05:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
    2012-11-03 21:57 - 2012-08-23 05:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
    2012-11-03 21:57 - 2012-08-23 05:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
    2012-11-03 21:57 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2012-11-03 21:57 - 2012-08-23 05:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
    2012-11-03 21:57 - 2012-08-23 05:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
    2012-11-03 21:57 - 2012-08-23 04:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
    2012-11-03 21:57 - 2012-08-23 03:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
    2012-11-03 21:57 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2012-11-03 21:57 - 2012-08-23 03:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
    2012-11-03 21:57 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
    2012-11-03 21:57 - 2012-08-23 02:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
    2012-11-03 21:57 - 2012-08-23 02:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
    2012-11-03 21:57 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2012-11-03 21:57 - 2012-08-23 02:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
    2012-11-03 21:57 - 2012-08-23 01:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-11-03 21:57 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2012-11-03 21:57 - 2012-08-23 00:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
    2012-11-03 21:53 - 2012-08-24 10:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-11-03 21:53 - 2012-08-24 10:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-11-03 21:53 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-11-03 21:53 - 2012-08-24 10:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-11-03 21:53 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
    2012-11-03 21:53 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-11-03 21:53 - 2012-08-24 08:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-11-03 21:53 - 2012-08-24 08:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-11-03 21:53 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-11-03 21:53 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-11-03 21:53 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-11-03 21:48 - 2012-11-03 21:48 - 00000000 ____D C:\Windows\SysWOW64\N360_BACKUP
    2012-11-03 20:54 - 2012-11-03 20:54 - 00262144 ____A C:\Windows\Minidump\110412-38766-01.dmp
    2012-11-03 20:45 - 2012-11-03 20:45 - 00000000 ____D C:\Users\Sunshine\AppData\Local\Secunia PSI
    2012-11-03 20:45 - 2012-11-03 20:45 - 00000000 ____D C:\Program Files (x86)\Secunia
    2012-11-03 20:32 - 2012-11-03 20:32 - 00262144 ____A C:\Windows\Minidump\110412-26036-01.dmp
    2012-11-03 19:43 - 2012-11-03 19:43 - 00000048 ____A C:\Users\Sunshine\AppData\Roaming\mbam.context.scan
    2012-11-03 19:41 - 2012-11-04 19:06 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-03 19:41 - 2012-11-04 19:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-03 19:41 - 2012-11-03 19:41 - 00000000 ____D C:\Users\Sunshine\AppData\Roaming\Malwarebytes
    2012-11-03 19:41 - 2012-11-03 19:41 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-11-03 19:41 - 2012-09-29 16:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-11-03 19:32 - 2012-11-06 04:14 - 00002920 ____A C:\Users\Sunshine\Desktop\Rkill.txt
    2012-11-03 19:32 - 2012-11-03 19:42 - 00000000 ____D C:\Users\Sunshine\Desktop\rkill
    2012-11-03 16:41 - 2012-11-03 16:41 - 00000000 ____D C:\Users\Sunshine\Documents\Autoruns
    2012-11-03 16:18 - 2012-11-03 16:18 - 00000000 ____D C:\Users\Sunshine\Documents\Symantec
    2012-11-03 16:15 - 2012-11-03 16:15 - 00262144 ____A C:\Windows\Minidump\110312-36987-01.dmp
    2012-11-02 17:11 - 2012-11-02 17:11 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
    2012-11-02 17:11 - 2012-11-02 17:11 - 00000000 ____D C:\Program Files (x86)\Adobe
    2012-11-02 17:06 - 2012-11-21 20:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-11-02 17:06 - 2012-11-07 18:14 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-11-02 17:06 - 2012-11-07 18:14 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-11-01 19:11 - 2012-11-01 19:11 - 00000134 ____A C:\Users\Sunshine\Desktop\Microsoft Fix it.url
    2012-11-01 18:03 - 2012-11-01 18:03 - 00262144 ____A C:\Windows\Minidump\110112-19515-01.dmp
    2012-11-01 12:52 - 2012-11-19 14:16 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForSunshine.job
    2012-11-01 11:23 - 2012-11-14 16:28 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Roaming\Adobe
    2012-11-01 11:23 - 2012-11-07 13:04 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Local\Google
    2012-11-01 11:23 - 2012-11-01 12:33 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Roaming\Google
    2012-11-01 11:23 - 2012-11-01 11:23 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Roaming\Synaptics
    2012-11-01 11:23 - 2012-11-01 11:23 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Roaming\Macromedia
    2012-11-01 11:23 - 2012-11-01 11:23 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Roaming\hpqLog
    2012-11-01 11:22 - 2012-11-20 12:24 - 00001234 _RASH C:\Users\Kiddos.Sunshine-HP\ntuser.pol
    2012-11-01 11:22 - 2012-11-20 12:24 - 00000000 ____D C:\users\Kiddos.Sunshine-HP
    2012-11-01 11:22 - 2012-11-01 11:22 - 00000020 ___SH C:\Users\Kiddos.Sunshine-HP\ntuser.ini
    2012-11-01 11:22 - 2012-11-01 11:22 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Local\VirtualStore
    2012-11-01 11:22 - 2012-04-11 18:01 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Local\Microsoft Help
    2012-10-31 09:33 - 2012-10-31 09:33 - 00000000 ____D C:\Users\Sunshine\AppData\Local\{4619D3FA-A7E4-4EA1-993F-2CF2C632768F}
    2012-10-30 19:14 - 2012-10-30 19:14 - 00262144 ____A C:\Windows\Minidump\103012-29827-01.dmp
    2012-10-29 18:47 - 2012-10-29 18:47 - 00000000 ____D C:\Windows\Sun
    2012-10-29 10:43 - 2012-10-29 12:32 - 00000000 ____D C:\Users\Kiddos\AppData\Roaming\Google
    2012-10-29 10:43 - 2012-10-29 10:43 - 00000000 ____D C:\Users\Kiddos\AppData\Roaming\Synaptics
    2012-10-29 10:43 - 2012-10-29 10:43 - 00000000 ____D C:\Users\Kiddos\AppData\Roaming\Macromedia
    2012-10-29 10:43 - 2012-10-29 10:43 - 00000000 ____D C:\Users\Kiddos\AppData\Roaming\hpqLog
    2012-10-29 10:43 - 2012-10-29 10:43 - 00000000 ____D C:\Users\Kiddos\AppData\Roaming\Adobe
    2012-10-29 10:43 - 2012-10-29 10:43 - 00000000 ____D C:\Users\Kiddos\AppData\Local\Google
    2012-10-29 10:42 - 2012-10-29 10:42 - 00000000 ____D C:\Users\Kiddos\AppData\Local\VirtualStore
    2012-10-29 10:41 - 2012-10-31 16:50 - 00000000 ____D C:\users\Kiddos
    2012-10-29 10:41 - 2012-04-11 18:01 - 00000000 ____D C:\Users\Kiddos\AppData\Local\Microsoft Help
    2012-10-29 08:00 - 2012-11-20 12:24 - 00000632 _RASH C:\Users\Sunshine\ntuser.pol
    2012-10-24 20:14 - 2012-11-04 19:53 - 00000000 ____D C:\Windows\Minidump
    2012-10-24 20:14 - 2012-11-04 19:52 - 631130791 ____A C:\Windows\MEMORY.DMP
    2012-10-24 20:14 - 2012-10-24 20:14 - 00262144 ____A C:\Windows\Minidump\102512-24944-01.dmp
    2012-10-23 21:36 - 2012-10-23 21:36 - 00743534 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-10-22 03:10 - 2012-11-19 14:16 - 00000348 ____A C:\Windows\Tasks\HPCeeScheduleForSUNSHINE-HP$.job
    ==================== One Month Modified Files and Folders =======
    2012-11-21 20:40 - 2011-10-30 00:33 - 01643990 ____A C:\Windows\WindowsUpdate.log
    2012-11-21 20:39 - 2009-07-13 21:13 - 00730448 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-11-21 20:38 - 2012-11-02 17:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-11-21 20:38 - 2012-08-27 12:07 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-11-21 20:16 - 2012-02-22 19:00 - 00000000 ____D C:\Users\Sunshine\AppData\Local\CrashDumps
    2012-11-21 20:12 - 2012-09-26 11:07 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2287709962-1369759385-1701767626-1001UA.job
    2012-11-21 18:31 - 2012-08-27 12:07 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-11-21 13:48 - 2012-11-12 13:34 - 00108816 ____A C:\Users\Kiddos.Sunshine-HP\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-11-21 13:40 - 2012-09-26 11:07 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2287709962-1369759385-1701767626-1001Core.job
    2012-11-20 20:43 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-11-20 20:43 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-11-20 20:35 - 2010-11-20 19:47 - 00907542 ____A C:\Windows\PFRO.log
    2012-11-20 20:35 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-11-20 20:35 - 2009-07-13 20:51 - 00055316 ____A C:\Windows\setupact.log
    2012-11-20 20:26 - 2012-03-02 04:18 - 00000000 ____D C:\Program Files (x86)\Coupons
    2012-11-20 12:24 - 2012-11-01 11:22 - 00001234 _RASH C:\Users\Kiddos.Sunshine-HP\ntuser.pol
    2012-11-20 12:24 - 2012-11-01 11:22 - 00000000 ____D C:\users\Kiddos.Sunshine-HP
    2012-11-20 12:24 - 2012-10-29 08:00 - 00000632 _RASH C:\Users\Sunshine\ntuser.pol
    2012-11-20 12:24 - 2012-02-21 18:54 - 00000000 ____D C:\users\Sunshine
    2012-11-19 14:16 - 2012-11-01 12:52 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForSunshine.job
    2012-11-19 14:16 - 2012-10-22 03:10 - 00000348 ____A C:\Windows\Tasks\HPCeeScheduleForSUNSHINE-HP$.job
    2012-11-16 17:19 - 2012-11-16 17:19 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Local\Hewlett-Packard
    2012-11-16 16:13 - 2011-10-29 19:44 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-11-16 16:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
    2012-11-16 16:09 - 2012-11-16 16:09 - 00002185 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
    2012-11-16 16:08 - 2011-10-29 19:18 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
    2012-11-16 16:06 - 2012-11-16 16:06 - 00000000 ____D C:\Users\All Users\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
    2012-11-16 16:05 - 2012-03-02 09:33 - 00108816 ____A C:\Users\Sunshine\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-11-16 16:05 - 2011-02-10 11:23 - 00000000 ____D C:\SWSetup
    2012-11-15 19:59 - 2012-11-15 19:59 - 00000000 ____D C:\FRST
    2012-11-15 19:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2012-11-15 16:08 - 2012-02-24 04:10 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-11-15 15:57 - 2009-07-13 20:45 - 00415968 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-11-15 11:18 - 2012-02-22 05:24 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-11-15 11:06 - 2012-02-24 04:43 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-11-15 11:04 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
    2012-11-14 16:28 - 2012-11-14 16:28 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Local\Adobe
    2012-11-14 16:28 - 2012-11-01 11:23 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Roaming\Adobe
    2012-11-13 01:01 - 2012-08-27 03:21 - 00000000 ____D C:\Users\Sunshine\Documents\SPED 350
    2012-11-12 23:42 - 2012-11-12 22:24 - 00058344 ____A C:\Users\Sunshine\Desktop\Nmc_2012-11-13_01-24-42.log
    2012-11-12 22:24 - 2012-11-12 22:24 - 00000000 ____D C:\Users\Sunshine\AppData\Local\Norman Malware Cleaner
    2012-11-12 22:24 - 2012-11-12 22:13 - 217393728 ____A (Norman ASA) C:\Users\Sunshine\Desktop\Norman_Malware_Cleaner.exe
    2012-11-12 13:35 - 2012-11-12 13:35 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Local\Microsoft Games
    2012-11-10 10:33 - 2012-11-10 10:12 - 00000000 ____D C:\Users\Sunshine\Documents\alphabet for trenton
    2012-11-10 10:07 - 2012-08-21 08:47 - 00000000 ____D C:\Users\Sunshine\Documents\SPED 381
    2012-11-10 09:55 - 2012-09-14 11:38 - 00000000 ____D C:\Users\Sunshine\Documents\SPED 245
    2012-11-10 08:18 - 2012-11-10 08:18 - 00008398 ____A C:\Users\Sunshine\Desktop\HitmanPro_20121110_1118.log
    2012-11-10 08:13 - 2012-11-10 08:13 - 00000000 ____D C:\Users\All Users\HitmanPro
    2012-11-10 08:13 - 2012-11-10 08:12 - 09015072 ____A (SurfRight B.V.) C:\Users\Sunshine\Desktop\HitmanPro36_x64.exe
    2012-11-09 18:25 - 2012-11-09 18:25 - 00000512 ____A C:\Users\Sunshine\Desktop\MBRscan (2).txt
    2012-11-09 18:25 - 2012-11-07 14:27 - 00002760 ____A C:\Users\Sunshine\Desktop\aswMBR.txt
    2012-11-09 18:11 - 2012-11-09 18:10 - 00930691 ____A C:\Users\Sunshine\Desktop\gfd.txt
    2012-11-09 03:11 - 2012-11-09 03:11 - 00000963 ____A C:\Users\Sunshine\Desktop\kaspersky 11912.txt
    2012-11-09 00:00 - 2012-11-09 00:00 - 00263236 ____A C:\Windows\msxml4-KB2721691-enu.LOG
    2012-11-08 17:11 - 2012-02-27 19:35 - 00000000 ____D C:\Users\Sunshine\AppData\Local\Microsoft Games
    2012-11-08 04:30 - 2012-11-08 04:30 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
    2012-11-08 04:29 - 2012-11-08 04:15 - 143004736 ____A C:\Users\Sunshine\Desktop\setup_11.0.0.1245.x01_2012_11_08_15_14.exe
    2012-11-07 20:25 - 2012-02-22 19:53 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
    2012-11-07 18:14 - 2012-11-02 17:06 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-11-07 18:14 - 2012-11-02 17:06 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-11-07 18:10 - 2011-10-29 19:39 - 00000000 ____D C:\Users\All Users\Adobe
    2012-11-07 14:27 - 2012-11-07 14:27 - 00000512 ____A C:\Users\Sunshine\Desktop\MBRscan.txt
    2012-11-07 14:14 - 2012-11-07 14:14 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-11-07 14:11 - 2012-11-07 14:10 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Sunshine\Desktop\tdsskiller.exe
    2012-11-07 13:04 - 2012-11-01 11:23 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Local\Google
    2012-11-06 14:12 - 2012-11-06 14:12 - 00021796 ____A C:\ComboFix.txt
    2012-11-06 14:12 - 2012-11-06 13:56 - 00000000 ____D C:\Qoobox
    2012-11-06 14:12 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
    2012-11-06 14:10 - 2012-11-06 13:55 - 00000000 ____D C:\Windows\erdnt
    2012-11-06 14:09 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2012-11-06 13:55 - 2012-11-06 13:54 - 04997881 ____R (Swearware) C:\Users\Sunshine\Desktop\ComboFix.exe
    2012-11-06 05:38 - 2012-11-06 05:38 - 00025881 ____A C:\Users\Sunshine\Desktop\dds.txt
    2012-11-06 05:38 - 2012-11-06 05:38 - 00019449 ____A C:\Users\Sunshine\Desktop\attach.txt
    2012-11-06 05:34 - 2012-11-06 05:34 - 00000411 ____A C:\Users\Sunshine\Desktop\gmer.log
    2012-11-06 05:11 - 2012-11-06 05:09 - 00302592 ____A C:\Users\Sunshine\Desktop\f04bhlw2.exe
    2012-11-06 05:10 - 2012-11-06 04:14 - 00002920 ____A C:\Users\Sunshine\Desktop\Rkill 110612.txt
    2012-11-06 04:31 - 2012-11-04 19:58 - 00000000 ____D C:\Windows\pss
    2012-11-06 04:14 - 2012-11-03 19:32 - 00002920 ____A C:\Users\Sunshine\Desktop\Rkill.txt
    2012-11-05 19:37 - 2009-07-13 21:08 - 00032604 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-11-05 10:59 - 2012-11-05 10:59 - 02434048 ____A C:\Users\Sunshine\Downloads\msxml.msi
    2012-11-05 10:43 - 2012-11-05 10:11 - 00007597 ____A C:\Users\Sunshine\AppData\Local\Resmon.ResmonCfg
    2012-11-05 09:57 - 2011-10-29 19:35 - 00000000 ____D C:\Users\All Users\Hewlett-Packard
    2012-11-05 09:56 - 2011-09-05 18:20 - 00000000 ____D C:\Program Files\Hewlett-Packard
    2012-11-05 09:39 - 2012-11-05 09:39 - 00000000 ____D C:\Program Files (x86)\HP
    2012-11-04 20:41 - 2012-11-04 20:41 - 00036507 ____A C:\Users\Sunshine\Desktop\sfcdetails.txt
    2012-11-04 19:53 - 2012-11-04 19:53 - 00266288 ____A C:\Windows\Minidump\110412-20264-01.dmp
    2012-11-04 19:53 - 2012-10-24 20:14 - 00000000 ____D C:\Windows\Minidump
    2012-11-04 19:52 - 2012-10-24 20:14 - 631130791 ____A C:\Windows\MEMORY.DMP
    2012-11-04 19:06 - 2012-11-04 19:04 - 10669896 ____A (Malwarebytes Corporation ) C:\Users\Sunshine\Desktop\mbam-setup.exe
    2012-11-04 19:06 - 2012-11-03 19:41 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-04 19:06 - 2012-11-03 19:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-04 19:03 - 2012-11-04 19:03 - 01679264 ____A (Bleeping Computer, LLC) C:\Users\Sunshine\Desktop\rkill.com
    2012-11-04 18:59 - 2012-11-04 18:46 - 68897872 ____A (Microsoft Corporation) C:\Users\Sunshine\Downloads\mpam-fe.exe
    2012-11-04 18:36 - 2012-11-04 18:36 - 00266288 ____A C:\Windows\Minidump\110412-24102-01.dmp
    2012-11-04 00:58 - 2012-11-04 00:58 - 00002259 ____A C:\Users\Sunshine\Desktop\Google Chrome.lnk
    2012-11-03 21:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2012-11-03 21:48 - 2012-11-03 21:48 - 00000000 ____D C:\Windows\SysWOW64\N360_BACKUP
    2012-11-03 20:54 - 2012-11-03 20:54 - 00262144 ____A C:\Windows\Minidump\110412-38766-01.dmp
    2012-11-03 20:45 - 2012-11-03 20:45 - 00000000 ____D C:\Users\Sunshine\AppData\Local\Secunia PSI
    2012-11-03 20:45 - 2012-11-03 20:45 - 00000000 ____D C:\Program Files (x86)\Secunia
    2012-11-03 20:32 - 2012-11-03 20:32 - 00262144 ____A C:\Windows\Minidump\110412-26036-01.dmp
    2012-11-03 20:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2012-11-03 19:43 - 2012-11-03 19:43 - 00000048 ____A C:\Users\Sunshine\AppData\Roaming\mbam.context.scan
    2012-11-03 19:42 - 2012-11-03 19:32 - 00000000 ____D C:\Users\Sunshine\Desktop\rkill
    2012-11-03 19:41 - 2012-11-03 19:41 - 00000000 ____D C:\Users\Sunshine\AppData\Roaming\Malwarebytes
    2012-11-03 19:41 - 2012-11-03 19:41 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-11-03 16:41 - 2012-11-03 16:41 - 00000000 ____D C:\Users\Sunshine\Documents\Autoruns
    2012-11-03 16:18 - 2012-11-03 16:18 - 00000000 ____D C:\Users\Sunshine\Documents\Symantec
    2012-11-03 16:15 - 2012-11-03 16:15 - 00262144 ____A C:\Windows\Minidump\110312-36987-01.dmp
    2012-11-03 10:39 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
    2012-11-03 07:39 - 2012-03-02 10:33 - 00000000 ____D C:\Users\Sunshine\AppData\Local\Windows Live
    2012-11-02 17:11 - 2012-11-02 17:11 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
    2012-11-02 17:11 - 2012-11-02 17:11 - 00000000 ____D C:\Program Files (x86)\Adobe
    2012-11-01 19:11 - 2012-11-01 19:11 - 00000134 ____A C:\Users\Sunshine\Desktop\Microsoft Fix it.url
    2012-11-01 18:03 - 2012-11-01 18:03 - 00262144 ____A C:\Windows\Minidump\110112-19515-01.dmp
    2012-11-01 12:33 - 2012-11-01 11:23 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Roaming\Google
    2012-11-01 11:23 - 2012-11-01 11:23 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Roaming\Synaptics
    2012-11-01 11:23 - 2012-11-01 11:23 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Roaming\Macromedia
    2012-11-01 11:23 - 2012-11-01 11:23 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Roaming\hpqLog
    2012-11-01 11:22 - 2012-11-01 11:22 - 00000020 ___SH C:\Users\Kiddos.Sunshine-HP\ntuser.ini
    2012-11-01 11:22 - 2012-11-01 11:22 - 00000000 ____D C:\Users\Kiddos.Sunshine-HP\AppData\Local\VirtualStore
    2012-10-31 19:12 - 2012-10-10 19:13 - 00000000 ____D C:\Users\Sunshine\AppData\Roaming\Mozilla
    2012-10-31 16:51 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
    2012-10-31 16:50 - 2012-10-29 10:41 - 00000000 ____D C:\users\Kiddos
    2012-10-31 16:50 - 2011-10-30 01:22 - 00000000 ___RD C:\Users\Public\Recorded TV
    2012-10-31 16:50 - 2011-10-30 00:46 - 00000000 ____D C:\Users\All Users\Norton
    2012-10-31 16:50 - 2011-10-30 00:35 - 00000000 ____D C:\Program Files\WIDCOMM
    2012-10-31 16:50 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
    2012-10-31 16:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\security
    2012-10-31 16:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2012-10-31 09:33 - 2012-10-31 09:33 - 00000000 ____D C:\Users\Sunshine\AppData\Local\{4619D3FA-A7E4-4EA1-993F-2CF2C632768F}
    2012-10-30 19:14 - 2012-10-30 19:14 - 00262144 ____A C:\Windows\Minidump\103012-29827-01.dmp
    2012-10-29 18:47 - 2012-10-29 18:47 - 00000000 ____D C:\Windows\Sun
    2012-10-29 12:32 - 2012-10-29 10:43 - 00000000 ____D C:\Users\Kiddos\AppData\Roaming\Google
    2012-10-29 10:43 - 2012-10-29 10:43 - 00000000 ____D C:\Users\Kiddos\AppData\Roaming\Synaptics
    2012-10-29 10:43 - 2012-10-29 10:43 - 00000000 ____D C:\Users\Kiddos\AppData\Roaming\Macromedia
    2012-10-29 10:43 - 2012-10-29 10:43 - 00000000 ____D C:\Users\Kiddos\AppData\Roaming\hpqLog
    2012-10-29 10:43 - 2012-10-29 10:43 - 00000000 ____D C:\Users\Kiddos\AppData\Roaming\Adobe
    2012-10-29 10:43 - 2012-10-29 10:43 - 00000000 ____D C:\Users\Kiddos\AppData\Local\Google
    2012-10-29 10:42 - 2012-10-29 10:42 - 00000000 ____D C:\Users\Kiddos\AppData\Local\VirtualStore
    2012-10-24 20:14 - 2012-10-24 20:14 - 00262144 ____A C:\Windows\Minidump\102512-24944-01.dmp
    2012-10-24 02:50 - 2012-10-20 23:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-10-23 21:36 - 2012-10-23 21:36 - 00743534 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    ATTENTION: ========> Check for possible partition/boot infection:
    C:\Windows\svchost.exe
    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-11-07 20:25:12
    Restore point made on: 2012-11-09 00:00:19
    Restore point made on: 2012-11-11 17:43:22
    Restore point made on: 2012-11-11 17:44:39
    Restore point made on: 2012-11-12 23:36:59
    Restore point made on: 2012-11-14 11:17:56
    Restore point made on: 2012-11-14 11:42:12
    Restore point made on: 2012-11-15 11:02:16
    Restore point made on: 2012-11-16 16:07:31
    Restore point made on: 2012-11-16 16:11:45
    Restore point made on: 2012-11-16 16:12:35
    Restore point made on: 2012-11-18 16:24:38
    ==================== Memory info ===========================
    Percentage of memory in use: 13%
    Total physical RAM: 6091.86 MB
    Available physical RAM: 5253.86 MB
    Total Pagefile: 6090.01 MB
    Available Pagefile: 5235.31 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB
    ==================== Partitions =============================
    1 Drive c: () (Fixed) (Total:674.41 GB) (Free:615.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (Recovery) (Fixed) (Total:20.06 GB) (Free:2.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive f: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32
    5 Drive h: (USB20FD) (Removable) (Total:7.53 GB) (Free:7.44 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
    7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 698 GB 0 B
    Disk 1 Online 7728 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 674 GB 200 MB
    Partition 3 Primary 20 GB 674 GB
    Partition 4 Primary 4062 MB 694 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 674 GB Healthy
    =========================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E Recovery NTFS Partition 20 GB Healthy
    =========================================================
    Disk: 0
    Partition 4
    Type : 0C
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F HP_TOOLS FAT32 Partition 4062 MB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7727 MB 31 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H USB20FD FAT32 Removable 7727 MB Healthy
    =========================================================
    Last Boot: 2012-11-15 19:17
    ==================== End Of Log =============================
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST Fixlist

    Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.


    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    Attached Files:

  8. rlhartzell

    rlhartzell Newcomer, in training Topic Starter Posts: 34

    Hello, I missed this email, I will do this tonight when I get home. Thank you!
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

  10. rlhartzell

    rlhartzell Newcomer, in training Topic Starter Posts: 34

    Rebooting seemed to go ok. Bringing up a web page was still slow. Running other scan now.
  11. rlhartzell

    rlhartzell Newcomer, in training Topic Starter Posts: 34

    Here is the scan!
    Thank you! :D

    Attached Files:

  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Do a TDSSKiller scan again, and delete the TDSS File System once it comes up. Then do the following please:

    avast! aswMBR

    Please download aswMBR from here
    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Uncheck "Trace disk IO calls".
    • Click the Scan button to start the scan as illustrated below
    [​IMG]
    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.
    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
    • Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.
  13. rlhartzell

    rlhartzell Newcomer, in training Topic Starter Posts: 34

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-07 17:26:11
    -----------------------------
    17:26:11.832 OS Version: Windows x64 6.1.7601 Service Pack 1
    17:26:11.832 Number of processors: 4 586 0x2A07
    17:26:11.832 ComputerName: SUNSHINE-HP UserName: Sunshine
    17:26:13.592 Initialize success
    17:26:18.275 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    17:26:18.280 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
    17:26:18.295 Disk 0 MBR read successfully
    17:26:18.300 Disk 0 MBR scan
    17:26:18.305 Disk 0 Windows 7 default MBR code
    17:26:18.315 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    17:26:18.335 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 690597 MB offset 409600
    17:26:18.370 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20544 MB offset 1414752256
    17:26:18.390 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4062 MB offset 1456826368
    17:26:18.435 Disk 0 scanning C:\Windows\system32\drivers
    17:26:25.055 Service scanning
    17:26:51.265 Modules scanning
    17:26:51.280 Scan finished successfully
    17:27:30.398 Disk 0 MBR has been saved successfully to "C:\Users\Sunshine\Desktop\MBR.dat"
    17:27:30.403 The log file has been saved successfully to "C:\Users\Sunshine\Desktop\aswMBR.txt"

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-09 21:24:01
    -----------------------------
    21:24:01.605 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:24:01.605 Number of processors: 4 586 0x2A07
    21:24:01.605 ComputerName: SUNSHINE-HP UserName: Sunshine
    21:24:03.480 Initialize success
    21:24:20.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    21:24:20.130 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
    21:24:20.150 Disk 0 MBR read successfully
    21:24:20.160 Disk 0 MBR scan
    21:24:20.165 Disk 0 Windows 7 default MBR code
    21:24:20.170 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    21:24:20.190 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 690597 MB offset 409600
    21:24:20.225 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20544 MB offset 1414752256
    21:24:20.245 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4062 MB offset 1456826368
    21:24:20.295 Disk 0 scanning C:\Windows\system32\drivers
    21:24:27.145 Service scanning
    21:24:54.100 Modules scanning
    21:24:54.115 Scan finished successfully
    21:25:40.810 Disk 0 MBR has been saved successfully to "C:\Users\Sunshine\Desktop\MBR.dat"
    21:25:40.835 The log file has been saved successfully to "C:\Users\Sunshine\Desktop\aswMBR.txt"

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-12-02 03:19:31
    -----------------------------
    03:19:31.263 OS Version: Windows x64 6.1.7601 Service Pack 1
    03:19:31.263 Number of processors: 4 586 0x2A07
    03:19:31.263 ComputerName: SUNSHINE-HP UserName: Sunshine
    03:19:32.923 Initialize success
    03:19:43.121 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    03:19:43.126 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
    03:19:43.136 Disk 0 MBR read successfully
    03:19:43.141 Disk 0 MBR scan
    03:19:43.146 Disk 0 Windows 7 default MBR code
    03:19:43.156 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    03:19:43.166 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 690597 MB offset 409600
    03:19:43.201 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20544 MB offset 1414752256
    03:19:43.221 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4062 MB offset 1456826368
    03:19:43.266 Disk 0 scanning C:\Windows\system32\drivers
    03:19:51.001 Service scanning
    03:20:22.329 Modules scanning
    03:20:22.344 Scan finished successfully
    03:21:23.059 Disk 0 MBR has been saved successfully to "C:\Users\Sunshine\Desktop\MBR.dat"
    03:21:23.094 The log file has been saved successfully to "C:\Users\Sunshine\Desktop\aswMBR.txt"
     
  14. rlhartzell

    rlhartzell Newcomer, in training Topic Starter Posts: 34

    I am tryin to upload the second part, let me know if it works please. thank you

    Attached Files:

  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
  16. rlhartzell

    rlhartzell Newcomer, in training Topic Starter Posts: 34

    OTL logfile created on: 12/5/2012 11:39:38 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sunshine\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.95 Gb Total Physical Memory | 3.28 Gb Available Physical Memory | 55.06% Memory free
    11.90 Gb Paging File | 9.06 Gb Available in Paging File | 76.19% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 674.41 Gb Total Space | 617.52 Gb Free Space | 91.56% Space Free | Partition Type: NTFS
    Drive D: | 20.06 Gb Total Space | 2.17 Gb Free Space | 10.82% Space Free | Partition Type: NTFS
    Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.11% Space Free | Partition Type: FAT32

    Computer Name: SUNSHINE-HP | User Name: Sunshine | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/12/05 23:39:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sunshine\Desktop\OTL.exe
    PRC - [2012/11/28 23:06:31 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
    PRC - [2012/10/26 12:17:52 | 000,079,384 | ---- | M] (Google) -- C:\Users\Sunshine\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    PRC - [2012/10/09 16:51:06 | 000,188,760 | ---- | M] () -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe
    PRC - [2012/09/24 07:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
    PRC - [2012/09/24 07:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    PRC - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/09/19 19:20:36 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    PRC - [2012/09/06 10:32:12 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe
    PRC - [2012/03/05 12:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    PRC - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    PRC - [2011/10/07 21:10:48 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    PRC - [2011/09/28 17:42:14 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    PRC - [2011/09/28 15:18:02 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    PRC - [2011/08/19 16:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    PRC - [2011/08/19 07:44:30 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    PRC - [2011/08/19 07:44:12 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    PRC - [2011/08/19 07:43:46 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    PRC - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/11/20 22:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/15 18:58:52 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
    MOD - [2012/10/09 16:51:06 | 000,172,376 | ---- | M] () -- C:\Program Files\IB Updater\Extension32.dll
    MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/10/09 16:51:06 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
    SRV:64bit: - [2011/09/20 13:52:38 | 001,085,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2011/09/08 08:42:28 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2011/02/17 00:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
    SRV:64bit: - [2011/01/11 22:00:00 | 000,168,448 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
    SRV:64bit: - [2011/01/11 22:00:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
    SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/11/28 23:06:32 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2012/09/24 07:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
    SRV - [2012/09/24 07:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/09/06 10:32:12 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
    SRV - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2011/09/28 15:18:02 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
    SRV - [2011/09/01 00:11:00 | 002,425,960 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
    SRV - [2011/08/19 07:44:30 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
    SRV - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2011/02/01 16:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2011/02/01 16:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2012/07/05 21:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ccsetx64.sys -- (ccSet_N360)
    DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2012/04/16 08:18:31 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/17 17:46:01 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symnets.sys -- (SymNetS)
    DRV:64bit: - [2012/01/17 17:45:55 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symds64.sys -- (SymDS)
    DRV:64bit: - [2012/01/17 17:35:24 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2011/12/16 09:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
    DRV:64bit: - [2011/10/30 03:33:47 | 004,729,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2011/10/29 22:04:01 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/10/29 22:04:01 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/09/20 20:36:50 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
    DRV:64bit: - [2011/09/20 20:36:50 | 000,133,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
    DRV:64bit: - [2011/09/20 20:36:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
    DRV:64bit: - [2011/09/20 20:36:44 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2011/09/20 20:36:44 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2011/09/20 20:36:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2011/09/20 20:36:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2011/09/08 08:42:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2011/09/02 14:46:00 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV:64bit: - [2011/08/26 14:54:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2011/08/26 14:53:52 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/08/24 00:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/04/26 13:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/02/04 23:20:26 | 000,015,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HP8207_8307.sys -- (HP8207_8307)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
    DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2012/12/05 20:48:00 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20121205.017\ex64.sys -- (NAVEX15)
    DRV - [2012/12/05 20:48:00 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20121205.017\eng64.sys -- (NAVENG)
    DRV - [2012/12/03 23:10:48 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2012/10/30 14:36:40 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20121204.001\IDSviA64.sys -- (IDSVia64)
    DRV - [2012/10/23 18:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20121130.005\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2012/08/09 01:18:03 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{B4A2D4C9-5E14-4FCD-9A90-25BC42696E19}: "URL" = http://www.amazon.com/s/ref=azs_osd...code=qs&index=aps&field-keywords={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-3...p://www.ebay.com/sch/I.html?_nkw={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{B4A2D4C9-5E14-4FCD-9A90-25BC42696E19}: "URL" = http://www.amazon.com/s/ref=azs_osd...code=qs&index=aps&field-keywords={searchTerms}
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-3...p://www.ebay.com/sch/I.html?_nkw={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {9AC69199-75DF-49DF-934E-343557E3B4C3}
    IE - HKCU\..\SearchScopes\{9AC69199-75DF-49DF-934E-343557E3B4C3}: "URL" = http://www.google.com/search?q={sea...&ie={inputEncoding?}&oe={outputEncoding?}&rlz=
    IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTER...360&chn=retail&geo=US&ver=6&gct=kwd&qsrc=2869
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sunshine\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sunshine\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sunshine\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sunshine\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2012/11/23 16:05:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\IPSFFPlgn\ [2012/10/31 19:50:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\coFFPlgn\ [2012/12/05 00:52:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012/11/23 16:05:25 | 000,000,000 | ---D | M]

    [2012/10/21 03:01:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sunshine\AppData\Roaming\Mozilla\Extensions
    [2012/10/24 05:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/10/23 13:31:27 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://www.google.com/
    CHR - Extension: No name found = C:\Users\Sunshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfmogjcijkfeahcajecmmegieipfbdcc\1.0_0\
    CHR - Extension: No name found = C:\Users\Sunshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: No name found = C:\Users\Sunshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: No name found = C:\Users\Sunshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
    CHR - Extension: No name found = C:\Users\Sunshine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/11/06 17:09:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll ()
    O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
    O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriver.com/DRHM/sto...sPage&SiteID=hpappli&Locale=en_US&keywords=%w
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Marketplace (Microsoft Corporation)
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
    O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
    O13 - gopher Prefix: missing
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab (GMNRev Class)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B80B8EA-1AE3-4E27-9430-4F4955EF6B82}: DhcpNameServer = 40.20.1.201 40.20.1.202
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{723CC1D6-ED65-4BD7-A980-94E3E460CDAA}: DhcpNameServer = 10.0.0.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/12/05 23:39:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sunshine\Desktop\OTL.exe
    [2012/12/02 03:18:55 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Sunshine\Desktop\aswMBR.exe
    [2012/11/29 23:28:36 | 000,000,000 | ---D | C] -- C:\Users\Sunshine\AppData\Roaming\Apple Computer
    [2012/11/28 19:55:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012/11/28 19:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
    [2012/11/28 19:54:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
    [2012/11/28 19:54:38 | 000,000,000 | ---D | C] -- C:\Users\Sunshine\AppData\Local\Apple
    [2012/11/28 19:54:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2012/11/28 19:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
    [2012/11/28 19:51:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2012/11/27 23:48:33 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sunshine\Desktop\tdsskiller
    [2012/11/23 16:06:07 | 000,000,000 | ---D | C] -- C:\Users\Sunshine\Documents\My Smilebox Creations
    [2012/11/23 16:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\IB Updater
    [2012/11/15 22:59:44 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/11/13 01:24:20 | 000,000,000 | ---D | C] -- C:\Users\Sunshine\AppData\Local\Norman Malware Cleaner
    [2012/11/13 01:13:16 | 217,393,728 | ---- | C] (Norman ASA) -- C:\Users\Sunshine\Desktop\Norman_Malware_Cleaner.exe
    [2012/11/10 13:12:46 | 000,000,000 | ---D | C] -- C:\Users\Sunshine\Documents\alphabet for trenton
    [2012/11/10 11:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2012/11/10 11:12:54 | 009,015,072 | ---- | C] (SurfRight B.V.) -- C:\Users\Sunshine\Desktop\HitmanPro36_x64.exe
    [2012/11/08 07:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2012/11/07 17:14:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/11/07 17:10:58 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sunshine\Desktop\tdsskiller.exe
    [2012/11/07 09:14:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/11/06 17:12:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/11/06 16:59:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/06 16:59:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/06 16:59:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/11/06 16:56:16 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/06 16:55:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/11/06 16:54:06 | 004,997,881 | R--- | C] (Swearware) -- C:\Users\Sunshine\Desktop\ComboFix.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/12/05 23:39:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sunshine\Desktop\OTL.exe
    [2012/12/05 23:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/12/05 23:25:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/12/05 23:12:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2287709962-1369759385-1701767626-1001UA.job
    [2012/12/05 20:25:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/12/05 20:19:14 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/12/05 20:19:14 | 000,627,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/12/05 20:19:14 | 000,107,600 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/12/05 20:17:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/12/05 15:59:39 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2287709962-1369759385-1701767626-1001Core.job
    [2012/12/05 00:59:48 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/12/05 00:59:48 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/12/05 00:52:18 | 2092,810,239 | -HS- | M] () -- C:\hiberfil.sys
    [2012/12/04 07:16:16 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSUNSHINE-HP$.job
    [2012/12/03 03:03:37 | 000,000,632 | RHS- | M] () -- C:\Users\Sunshine\ntuser.pol
    [2012/12/02 03:19:27 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Sunshine\Desktop\aswMBR.exe
    [2012/11/28 19:55:44 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/11/27 23:48:49 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sunshine\Desktop\tdsskiller
    [2012/11/22 22:49:58 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSunshine.job
    [2012/11/16 19:09:18 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
    [2012/11/15 18:57:52 | 000,415,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/11/13 01:24:14 | 217,393,728 | ---- | M] (Norman ASA) -- C:\Users\Sunshine\Desktop\Norman_Malware_Cleaner.exe
    [2012/11/10 11:13:19 | 009,015,072 | ---- | M] (SurfRight B.V.) -- C:\Users\Sunshine\Desktop\HitmanPro36_x64.exe
    [2012/11/08 07:29:16 | 143,004,736 | ---- | M] () -- C:\Users\Sunshine\Desktop\setup_11.0.0.1245.x01_2012_11_08_15_14.exe
    [2012/11/07 17:11:05 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sunshine\Desktop\tdsskiller.exe
    [2012/11/06 17:09:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/11/06 16:55:10 | 004,997,881 | R--- | M] (Swearware) -- C:\Users\Sunshine\Desktop\ComboFix.exe

    ========== Files Created - No Company Name ==========

    [2012/11/28 19:55:44 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/11/28 19:54:36 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2012/11/16 19:09:18 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
    [2012/11/15 14:14:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012/11/15 14:05:35 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2012/11/08 07:15:11 | 143,004,736 | ---- | C] () -- C:\Users\Sunshine\Desktop\setup_11.0.0.1245.x01_2012_11_08_15_14.exe
    [2012/11/06 16:59:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/06 16:59:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/06 16:59:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/06 16:59:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/06 16:59:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/11/06 07:31:25 | 000,000,836 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    [2012/11/05 13:11:16 | 000,007,597 | ---- | C] () -- C:\Users\Sunshine\AppData\Local\Resmon.ResmonCfg
    [2012/11/03 22:43:12 | 000,000,048 | ---- | C] () -- C:\Users\Sunshine\AppData\Roaming\mbam.context.scan
    [2012/10/29 11:00:52 | 000,000,632 | RHS- | C] () -- C:\Users\Sunshine\ntuser.pol
    [2012/10/24 00:36:06 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/09/06 14:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
    [2011/08/26 14:54:00 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/08/26 14:53:54 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/08/26 14:53:50 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2011/08/26 14:53:48 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011/08/26 14:53:48 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========


    ========== Purity Check ==========


    < End of report >
  17. rlhartzell

    rlhartzell Newcomer, in training Topic Starter Posts: 34

    OTL Extras logfile created on: 12/5/2012 11:39:38 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sunshine\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.95 Gb Total Physical Memory | 3.28 Gb Available Physical Memory | 55.06% Memory free
    11.90 Gb Paging File | 9.06 Gb Available in Paging File | 76.19% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 674.41 Gb Total Space | 617.52 Gb Free Space | 91.56% Space Free | Partition Type: NTFS
    Drive D: | 20.06 Gb Total Space | 2.17 Gb Free Space | 10.82% Space Free | Partition Type: NTFS
    Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.11% Space Free | Partition Type: FAT32

    Computer Name: SUNSHINE-HP | User Name: Sunshine | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03906B20-3047-4561-8F7C-D3C271757F17}" = lport=137 | protocol=17 | dir=in | app=system |
    "{211E0FE1-0980-47A6-B2D8-68DB5F3AF441}" = rport=138 | protocol=17 | dir=out | app=system |
    "{302900E5-C918-4029-8910-D2F0461B9565}" = rport=137 | protocol=17 | dir=out | app=system |
    "{4AE24736-5491-4F66-9592-AAF14CB4C67F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{53C5C07E-FBD0-4B18-B1EF-5A67FBDC4125}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{53DA8EBF-C369-4EF7-B8B3-303953ED4BEF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{59F67ACE-E398-430C-A24E-14AAB6DD9646}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{654F5E4C-448E-454E-8156-CABCB2543FF7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{6ED71D39-801F-447C-B671-8ADA9ED9F4F9}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{78E42D4B-9A2A-42CD-8E45-30A43D812DE4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7D2B23F1-DBA4-4F4A-9E02-F3332739FA95}" = lport=138 | protocol=17 | dir=in | app=system |
    "{7EC02449-1100-4CDC-8D10-C256F69E4C43}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{82B1458A-8BC7-480A-B7CD-82BB4C02D394}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{88336AA9-9917-4BB0-8C1F-4FA61FD9AF50}" = lport=445 | protocol=6 | dir=in | app=system |
    "{9B888B8A-3FED-4014-999B-4FFA6C7C1EA3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A06338A9-B7DC-4EB8-A8DD-8845847C5E83}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{AF6A5710-3C68-4731-A80C-868B21A661C5}" = lport=139 | protocol=6 | dir=in | app=system |
    "{BBB3BF29-3E41-4C29-84E4-5146F00461DC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{C5DAFB29-0911-4F50-AED4-504048C0A1DA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{C79EE1AE-906F-4EDA-94D3-48297134A9E3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C8318258-6AD7-4595-BB16-2EE9973B9C5D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CE9D6972-E137-42A0-842E-8BD622431E12}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D2C2D1B4-6703-4157-B9D3-CCD5B96DFAAD}" = rport=139 | protocol=6 | dir=out | app=system |
    "{D57C5FD9-A000-4502-998F-B2CA3A434881}" = rport=445 | protocol=6 | dir=out | app=system |
    "{DDE9DB2D-4660-4FBE-9F68-24CC7CF3005C}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{EF82B53C-5117-4169-ACAF-3AF9F3BA2405}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02675C9D-988A-4B3A-A6D7-B8B6B6502996}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{12CBA887-BDCB-4113-B24F-A5D4523871B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{13650C12-5679-43D1-92B9-2CBFE2D1D56D}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
    "{13950C4C-F0E3-432D-9994-0F7983446B3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{23B2DFB3-E1D2-46A4-B912-0174CDAEBB9F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{3E321640-0CC0-458E-85DC-9FE7D0D3745D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{524066BF-EFDB-418B-A1C1-09F0DC5DDCE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{538C8A6F-2738-4392-938B-1479906898B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{6381B573-427B-4A66-9356-B8923FD9249B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{666BB463-7E55-48B4-A0D7-C2787E726858}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{75EF2738-889C-44B1-B188-4B27F04125B0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{792BFC99-3834-48EF-A2BB-9C1506D0FDB7}" = protocol=6 | dir=out | app=system |
    "{8988E108-CB44-46EE-BDE4-5B1DA6B37B45}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{8FADE5EE-E675-4239-A6E0-CF9ECAA0A982}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{90155409-060E-4781-8DE7-00FC8A070157}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{983E7B2F-58FA-4EAB-8223-396F503884BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{A3E37169-9925-4A87-9217-B19E80BBE883}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A64C6F64-2560-466B-A77C-EE2ECC780FF2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{AD580A58-02B9-4847-B749-E3256498ED69}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |
    "{C8ED0C06-92CC-4D3D-B47E-AA4CCB1C676D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{C9650E04-4181-4C62-BF0D-C4F6AEAA8173}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |
    "{CA2C46DF-7D78-4AEF-A6CD-2CF8A7B6F079}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
    "{DB3BF4F0-A847-40E1-88F8-1316968B47DC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EECE84A8-CD40-434F-8572-6587178E032B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{F932C299-6628-4708-9C18-5E61D8470196}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{FB3673E3-1DC1-4874-A6E5-039D4742F3C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{FB7CB04A-EC8C-404A-BAB2-55CDA3882BD5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{FE17518B-7DA8-42D4-A44A-E082287173AB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{FE89C1D6-DBDF-47F9-9E90-E89C39738739}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{FF5CC4A3-BC99-4935-8D56-967CAA2716C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
    "{0CE7EBAF-157D-4111-9146-057CB2A4023E}" = HP Application Assistant
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.538
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{562608FE-2051-4488-BF22-8CE4C03046AC}" = HP Security Assistant
    "{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
    "{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}" = Broadcom Bluetooth Software
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
    "EPSON NX330 Series" = EPSON NX330 Series Printer Uninstall
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics TouchPad Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
    "{387B63A5-5016-1015-B06B-A9A1030E3125}" = Intel(R) Identity Protection Technology 1.2.22.0
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
    "{4741965C-AFD0-4D00-81D1-1039F96D4DC3}" = HP SimplePass PE 2011
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection
    "{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}" = HP QuickWeb
    "{BC6CB499-9F29-4B41-8B8B-FA7248525256}" = HP Documentation
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
    "{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
    "{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
    "{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
    "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Coupon Printer for Windows5.0.0.2" = Coupon Printer for Windows
    "EPSON Scanner" = EPSON Scan
    "Google Chrome" = Google Chrome
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "N360" = Norton 360
    "Office14.SingleImage" = Microsoft Office Home and Student 2010
    "Secunia PSI" = Secunia PSI (3.0.0.4001)
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WTA-0fb78b17-33dd-4f01-921f-e7b582e57496" = Bejeweled 3
    "WTA-1294232e-5d53-4dda-9c85-dc96e30f5f0b" = Chuzzle Deluxe
    "WTA-23929246-54a7-4aa2-8d95-c5e1943f4097" = Farmscapes
    "WTA-2deee181-8954-4c86-ba12-318ead1cc2e7" = Zuma's Revenge
    "WTA-37dd1031-c97c-4c44-856e-2007cf8cdb53" = Torchlight
    "WTA-3906e7a5-9705-49d0-a1dd-5addf4915de2" = Hoyle Card Games
    "WTA-40d4eb6c-a47e-4faf-b345-decff69d0baa" = Mah Jong Medley
    "WTA-43922a3d-4fc6-4b7e-bcb4-c0e91794aa2e" = Farm Frenzy
    "WTA-48ca0b6a-88e4-4a82-bff9-1bbb4434ddda" = John Deere Drive Green
    "WTA-70bdb47a-bfb3-4f7a-a7ad-3f2da8f52362" = RollerCoaster Tycoon 3: Platinum
    "WTA-7f1420b0-c542-4fe2-91d9-2fecad0e1e93" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
    "WTA-86414a45-e649-4e73-9b6c-1f7708f270e7" = The Treasures of Mystery Island: The Ghost Ship
    "WTA-91a83c29-1945-4e45-bb19-020d73d2cc53" = Virtual Villagers 4 - The Tree of Life
    "WTA-94ab8d8a-33b3-4f5c-9948-3dbda2b40fd0" = Dora's World Adventure
    "WTA-96556fdd-b466-4caa-8054-981f9047f2c9" = Polar Bowler
    "WTA-a17f5b3e-82a4-42c2-8972-46ba7d3d019a" = Plants vs. Zombies - Game of the Year
    "WTA-aef240cc-6248-4a38-b6c2-24e6297240ba" = Final Drive Fury
    "WTA-af026e11-5bad-45a9-a519-774518dcc195" = Letters from Nowhere 2
    "WTA-b0e5cd09-8b67-4262-b34d-6b2af29328d2" = Poker Superstars III
    "WTA-bd059a34-8d14-4e7e-9d83-4f278e077763" = Luxor HD
    "WTA-cf50aa26-b1f0-42c0-9195-f024a7e11b29" = Cradle of Rome 2
    "WTA-de03069c-7636-4b58-acb6-a993eaaf1f81" = Blackhawk Striker 2
    "WTA-e707aeec-d578-4e4a-82bd-49a73f2e6c3f" = FATE
    "WTA-f0c6e8f5-dba3-445d-9d69-675a85b0c58e" = Polar Golfer
    "WTA-f55141d6-84e4-4f71-8f8e-a1d36c425ff2" = Penguins!
    "WTA-ff971db7-0a8b-449f-86b5-075eb5288d97" = Jewel Match 3

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11/13/2012 3:12:34 AM | Computer Name = Sunshine-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: YCMMirage.exe, version: 1.0.0.526, time
    stamp: 0x4bfc8e86 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
    stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x000a35e6 Faulting process
    id: 0x146c Faulting application start time: 0x01cdc0f91155ac28 Faulting application
    path: C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe Faulting module path:
    C:\Windows\SysWOW64\ntdll.dll Report Id: 7e8e4e64-2d61-11e2-97a7-e4d53dfa1bdb

    Error - 11/13/2012 3:17:09 AM | Computer Name = Sunshine-HP | Source = Google Update | ID = 1
    Description =

    Error - 11/13/2012 3:36:31 AM | Computer Name = Sunshine-HP | Source = VSS | ID = 8194
    Description =

    Error - 11/13/2012 9:21:40 AM | Computer Name = Sunshine-HP | Source = WinMgmt | ID = 10
    Description =

    Error - 11/14/2012 6:41:37 PM | Computer Name = Sunshine-HP | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 17b0 Start
    Time: 01cdc29ec7a48a69 Termination Time: 78 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id:

    Error - 11/15/2012 1:42:23 PM | Computer Name = Sunshine-HP | Source = WinMgmt | ID = 10
    Description =

    Error - 11/15/2012 7:58:06 PM | Computer Name = Sunshine-HP | Source = WinMgmt | ID = 10
    Description =

    Error - 11/15/2012 11:50:47 PM | Computer Name = Sunshine-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16455,
    time stamp: 0x507284ba Faulting module name: MSHTML.dll, version: 9.0.8112.16455,
    time stamp: 0x50728e5d Exception code: 0xc0000005 Fault offset: 0x0019a9e6 Faulting
    process id: 0x15fc Faulting application start time: 0x01cdc38d7329f17c Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\system32\MSHTML.dll Report Id: cd9003ed-2fa0-11e2-9568-e4d53dfa1bdb

    Error - 11/16/2012 12:09:12 AM | Computer Name = Sunshine-HP | Source = WinMgmt | ID = 10
    Description =

    Error - 11/16/2012 12:18:50 AM | Computer Name = Sunshine-HP | Source = WinMgmt | ID = 10
    Description =

    [ Hewlett-Packard Events ]
    Error - 5/24/2012 8:55:30 PM | Computer Name = Sunshine-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/24/2012 9:01:57 PM | Computer Name = Sunshine-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 6/14/2012 7:03:46 PM | Computer Name = Sunshine-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 6/21/2012 7:43:47 PM | Computer Name = Sunshine-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/26/2012 7:41:19 PM | Computer Name = Sunshine-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/26/2012 7:43:53 PM | Computer Name = Sunshine-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 10/14/2012 1:19:33 PM | Computer Name = Sunshine-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 11/1/2012 4:33:23 PM | Computer Name = Sunshine-HP | Source = HPSF.exe | ID = 4000
    Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
    outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
    outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
    methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
    message) Exception rethrown at [0] Message: The server did not provide a meaningful
    reply; this might be caused by a contract mismatch, a premature session shutdown
    or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
    outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
    outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
    methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
    message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
    reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
    msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()
    at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib
    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 6091 Ram Utilization: 50 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
    System.Runtime.Remoting.Messaging.IMessage)

    Error - 11/14/2012 3:32:31 PM | Computer Name = Sunshine-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 11/16/2012 9:19:51 PM | Computer Name = Sunshine-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
    Message:
    Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
    Source:
    HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
    Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 6091
    Ram
    Utilization: 60 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

    [ HP Software Framework Events ]
    Error - 4/19/2012 9:05:39 PM | Computer Name = Sunshine-HP | Source = CaslWmi | ID = 5
    Description = 2012/04/19 21:05:39.236|00000828|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 4/19/2012 9:06:39 PM | Computer Name = Sunshine-HP | Source = CaslWmi | ID = 5
    Description = 2012/04/19 21:06:39.459|000009AC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 4/26/2012 9:26:53 PM | Computer Name = Sunshine-HP | Source = CaslWmi | ID = 5
    Description = 2012/04/26 21:26:53.717|00000EC0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 4/26/2012 9:26:58 PM | Computer Name = Sunshine-HP | Source = CaslWmi | ID = 5
    Description = 2012/04/26 21:26:58.182|000009C8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/3/2012 9:48:56 PM | Computer Name = Sunshine-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/03 21:48:56.546|000008A4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/10/2012 3:34:55 PM | Computer Name = Sunshine-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/10 15:34:55.188|00000C28|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/10/2012 3:37:12 PM | Computer Name = Sunshine-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/10 15:37:12.235|000016E4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/10/2012 3:37:14 PM | Computer Name = Sunshine-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/10 15:37:14.986|00001BA8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/10/2012 3:37:53 PM | Computer Name = Sunshine-HP | Source = CaslWmi | ID = 5
    Description = 2012/05/10 15:37:53.836|00001628|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 9/27/2012 3:06:43 PM | Computer Name = Sunshine-HP | Source = CaslSmBios | ID = 5
    Description = 2012/09/27 15:06:43.007|000012C8|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
    occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

    [ System Events ]
    Error - 8/26/2012 11:30:58 PM | Computer Name = Sunshine-HP | Source = Schannel | ID = 36888
    Description = The following fatal alert was generated: 10. The internal error state
    is 10.

    Error - 8/28/2012 12:22:23 AM | Computer Name = Sunshine-HP | Source = Schannel | ID = 36888
    Description = The following fatal alert was generated: 10. The internal error state
    is 10.

    Error - 8/28/2012 12:22:23 AM | Computer Name = Sunshine-HP | Source = Schannel | ID = 36888
    Description = The following fatal alert was generated: 10. The internal error state
    is 10.

    Error - 8/28/2012 8:39:20 AM | Computer Name = Sunshine-HP | Source = Schannel | ID = 36888
    Description = The following fatal alert was generated: 10. The internal error state
    is 10.

    Error - 8/28/2012 8:39:20 AM | Computer Name = Sunshine-HP | Source = Schannel | ID = 36888
    Description = The following fatal alert was generated: 10. The internal error state
    is 10.

    Error - 8/31/2012 11:21:18 PM | Computer Name = Sunshine-HP | Source = Schannel | ID = 36888
    Description = The following fatal alert was generated: 10. The internal error state
    is 10.

    Error - 8/31/2012 11:21:18 PM | Computer Name = Sunshine-HP | Source = Schannel | ID = 36888
    Description = The following fatal alert was generated: 10. The internal error state
    is 10.

    Error - 9/4/2012 2:32:16 PM | Computer Name = Sunshine-HP | Source = Service Control Manager | ID = 7034
    Description = The Google Update Service (gupdate) service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 9/4/2012 2:32:46 PM | Computer Name = Sunshine-HP | Source = DCOM | ID = 10010
    Description =

    Error - 9/6/2012 4:45:05 PM | Computer Name = Sunshine-HP | Source = BROWSER | ID = 8032
    Description =


    < End of report >
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
  19. rlhartzell

    rlhartzell Newcomer, in training Topic Starter Posts: 34

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
    Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
    C:\Program Files\IB Updater\Firefox\defaults\preferences folder moved successfully.
    C:\Program Files\IB Updater\Firefox\defaults folder moved successfully.
    C:\Program Files\IB Updater\Firefox\chrome\skin folder moved successfully.
    C:\Program Files\IB Updater\Firefox\chrome\locale\en-US folder moved successfully.
    C:\Program Files\IB Updater\Firefox\chrome\locale folder moved successfully.
    C:\Program Files\IB Updater\Firefox\chrome\content\resources folder moved successfully.
    C:\Program Files\IB Updater\Firefox\chrome\content\libraries folder moved successfully.
    C:\Program Files\IB Updater\Firefox\chrome\content folder moved successfully.
    C:\Program Files\IB Updater\Firefox\chrome folder moved successfully.
    C:\Program Files\IB Updater\Firefox folder moved successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
    C:\Program Files\IB Updater\Extension64.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
    C:\Program Files\IB Updater\Extension32.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction deleted successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings deleted successfully.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1\ not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Sunshine\Desktop\cmd.bat deleted successfully.
    C:\Users\Sunshine\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Kiddos
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 95070823 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 4299 bytes

    User: Kiddos.Sunshine-HP
    ->Temp folder emptied: 228984 bytes
    ->Temporary Internet Files folder emptied: 222032170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 12031 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Sunshine
    ->Temp folder emptied: 40492592 bytes
    ->Temporary Internet Files folder emptied: 36333049 bytes
    ->Java cache emptied: 11943981 bytes
    ->FireFox cache emptied: 54771744 bytes
    ->Google Chrome cache emptied: 154567992 bytes
    ->Flash cache emptied: 506 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 25804 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 30217 bytes

    Total Files Cleaned = 587.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 12082012_215713
    Files\Folders moved on Reboot...
    C:\Users\Sunshine\AppData\Local\Temp\Low\debug.log moved successfully.
    C:\Users\Sunshine\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Sunshine\AppData\Local\Temp\~DF06781FBF60D62042.TMP not found!
    File\Folder C:\Users\Sunshine\AppData\Local\Temp\~DF1A2EF4DF81AAB9E8.TMP not found!
    File\Folder C:\Users\Sunshine\AppData\Local\Temp\~DF3A5021F824C33515.TMP not found!
    File\Folder C:\Users\Sunshine\AppData\Local\Temp\~DF458C56DCB73518CD.TMP not found!
    File\Folder C:\Users\Sunshine\AppData\Local\Temp\~DF53625818F4989B06.TMP not found!
    File\Folder C:\Users\Sunshine\AppData\Local\Temp\~DF6A0185A93D7C83F7.TMP not found!
    File\Folder C:\Users\Sunshine\AppData\Local\Temp\~DF6EF15A4B63AF5376.TMP not found!
    File\Folder C:\Users\Sunshine\AppData\Local\Temp\~DF9B901FCBE91E484D.TMP not found!
    File\Folder C:\Users\Sunshine\AppData\Local\Temp\~DFC270A9D93F7228ED.TMP not found!
    File\Folder C:\Users\Sunshine\AppData\Local\Temp\~DFC9804FB9EC91E5F8.TMP not found!
    C:\Users\Sunshine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Sunshine\AppData\Local\Google\Google Talk Plugin\gtbplugin.log moved successfully.
    C:\Users\Sunshine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X5HMDU1Y\hovercard[1].htm moved successfully.
    File\Folder C:\Users\Sunshine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ABY9BZ65\bind[1].htm not found!
    C:\Users\Sunshine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ABY9BZ65\openhand[1].cur moved successfully.
    C:\Users\Sunshine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8YZT33BA\d=1[1].htm moved successfully.
    C:\Users\Sunshine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8YZT33BA\mail[1].htm moved successfully.
    C:\Users\Sunshine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Sunshine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
  21. rlhartzell

    rlhartzell Newcomer, in training Topic Starter Posts: 34

    C:\TDSSKiller_Quarantine\07.11.2012_17.11.12\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.PR trojan cleaned by deleting - quarantined

    The only issues with the computer is that the internet browser, internet explorer runs very slow and will not bring up pages at times. It also crashes a lot. The computer loads fine and I can use the programs on it like word, excel, etc fine. Please let me know if you need more information.
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download DDS by sUBs from one of the following links and save it to your desktop.
    • Disable any script blocking protection (How to Disable your Security Programs)
    • Double click DDS icon to run the tool (may take up to 3 minutes to run)
    • When done, DDS.txt will open.
    • After a few moments, attach.txt will open in a second window.
    • Save both reports to your desktop.
    ---------------------------------------------------
    • Post the contents of the DDS.txt report in your next reply
    • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Still around? Do that scan when you can, please. :)
  24. rlhartzell

    rlhartzell Newcomer, in training Topic Starter Posts: 34

    Hello, I missed this message... I will do it now!
    Sorry and Thanks
  25. rlhartzell

    rlhartzell Newcomer, in training Topic Starter Posts: 34

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457
    Run by Sunshine at 1:18:11 on 2012-12-15
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3885 [GMT -5:00]
    .
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files\IB Updater\ExtensionUpdaterService.exe
    C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
    C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
    C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Secunia\PSI\sua.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll
    BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    TCP: NameServer = 10.0.0.1
    TCP: Interfaces\{6B80B8EA-1AE3-4E27-9430-4F4955EF6B82} : DHCPNameServer = 40.20.1.201 40.20.1.202
    TCP: Interfaces\{723CC1D6-ED65-4BD7-A980-94E3E460CDAA} : DHCPNameServer = 10.0.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: {0CE7EBAF-157D-4111-9146-057CB2A4023E} - msiexec /fu {0CE7EBAF-157D-4111-9146-057CB2A4023E} /qn
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-2-21 168448]
    R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-2-21 131072]
    R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-8-19 260424]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-9-6 197536]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-30 13592]
    R2 IB Updater;IB Updater;C:\Program Files\IB Updater\ExtensionUpdaterService.exe [2012-11-23 188760]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-10-30 2425960]
    R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe [2012-10-1 138272]
    R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-9-24 1328736]
    R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-9-24 656480]
    R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2011-10-30 133672]
    R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-12-3 1384608]
    R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2011-10-30 620584]
    R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2011-10-30 89640]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-10-30 39976]
    R3 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\0604000.009\ccsetx64.sys [2012-10-1 167072]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-9 138912]
    R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20121214.001\IDSviA64.sys [2012-12-14 513184]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-26 317440]
    R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2011-12-16 17976]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-30 565352]
    R3 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0604000.009\symds64.sys [2012-10-1 451192]
    R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0604000.009\symefa64.sys [2012-10-1 1129120]
    R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0604000.009\ironx64.sys [2012-10-1 190072]
    R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0604000.009\symnets.sys [2012-10-1 405624]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 HP8207_8307;HP-HP8207_8307;C:\Windows\System32\drivers\HP8207_8307.sys [2010-2-4 15360]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-10-30 339048]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-4 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-4 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-24 1255736]
    S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
    S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-30 2656280]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-12-10 20:15:32 -------- d-----w- C:\Program Files (x86)\ESET
    2012-12-09 02:57:13 -------- d-----w- C:\_OTL
    2012-11-29 00:55:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-11-29 00:55:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-11-29 00:55:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-11-29 00:55:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-11-29 00:55:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-11-29 00:55:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-11-29 00:55:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-11-29 00:54:38 -------- d-----w- C:\Users\Sunshine\AppData\Local\Apple
    2012-11-23 21:05:24 -------- d-----w- C:\Program Files\IB Updater
    2012-11-16 03:59:44 -------- d-----w- C:\FRST
    2012-11-15 19:14:56 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
    2012-11-15 19:14:56 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
    2012-11-15 19:14:56 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2012-11-15 19:14:55 9728 ----a-w- C:\Windows\System32\Wdfres.dll
    2012-11-15 19:05:36 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
    2012-11-15 19:05:36 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
    2012-11-15 19:05:36 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
    2012-11-15 19:05:36 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
    2012-11-15 19:05:35 744448 ----a-w- C:\Windows\System32\WUDFx.dll
    2012-11-15 19:05:35 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-15 19:05:35 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
    2012-11-15 17:55:56 95744 ----a-w- C:\Windows\System32\synceng.dll
    2012-11-15 17:55:56 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
    .
    ==================== Find3M ====================
    .
    2012-12-12 19:52:53 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-12 19:52:53 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-05 21:35:16 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-11-05 20:41:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-11-05 20:32:16 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-11-05 20:32:09 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2012-10-19 23:18:22 652160 ----a-w- C:\Windows\couponprinter_x64.ocx
    2012-10-19 23:18:02 440704 ----a-w- C:\Windows\CouponPrinter.ocx
    2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
    2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
    2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
    2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
    2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
    2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
    2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
    2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
    2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    .
    ============= FINISH: 1:18:50.88 ===============

    Attached Files:



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.