PUP.Crossfire.SA

[fosternguyen]

A while ago, I decided to scan my computer with Malwarebytes after experiencing issues with my browser (Opera) where it would not load any sites that I visit despite the fact that I have a healthy connection to the internet. The results log detected registry key "HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA)" and registry value "HKCU\Software\InstalledBrowserExtensions\215 Apps|4493 (PUP.CrossFire.SA) -> Data: Coupon Companion". I quarantined and deleted both of them through Malwarebytes. I also uninstalled Coupon Companion from my computer. For a short while, my computer seemed healthy. I had no issues with my browser. However, after sometime, my browser was much slower than before my initial issue. What's interesting is that whenever I open Malwarebytes, Opera begins to work again. I don't know why, maybe I'm just paranoid.

After looking through the forums, I found someone who was in a similar situation as me so I decided to follow the instructions presented by forum deity Gringo. Here are the results.

DDS Reports

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16453

Run by Tran Family at 13:24:48 on 2013-02-14

Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3554.2351 [GMT -8:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\System32\dwm.exe

C:\Windows\system32\taskhostex.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system32\atieclxx.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files (x86)\Opera\opera.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Users\Tran Family\AppData\Roaming\uTorrent\uTorrent.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\svchost.exe -k defragsvc

C:\Windows\SysWOW64\notepad.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [uTorrent] "C:\Users\Tran Family\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R

mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

TCP: NameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{F06A3C15-0BC2-447F-8A7A-F0F2E353253F} : DHCPNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{F6A23103-1AF9-43FE-A15A-723B769931C8} : DHCPNameServer = 40.20.1.201 40.20.1.203 40.20.1.202

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-9-2 79528]

R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-9-2 26280]

R1 aswnet;avast! AG Firewall Core Driver;C:\Windows\System32\Drivers\aswnet.sys [2013-1-22 468144]

R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-1-22 984144]

R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-1-22 370288]

R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-12-31 92536]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-18 239616]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-18 361984]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-1-22 25232]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-1-22 71600]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-1-22 44808]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

R2 HPConnectedRemote;HP Connected Remote Service;C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-10-12 35744]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-8-23 29600]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-9-7 35232]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-12-31 2451456]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-8-21 91648]

R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2012-12-31 269968]

R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-12-31 690832]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-12-31 57000]

R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-9-28 650808]

S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-8-24 41272]

S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-8-24 43832]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]

.

=============== Created Last 30 ================

.

2013-02-12 23:27:53 1084416 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-12 23:27:52 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-12 04:47:39 -------- d-----w- C:\Users\Tran Family\AppData\Roaming\uTorrent

2013-01-29 04:25:40 -------- d-----w- C:\DOSGAMES

2013-01-29 04:24:06 -------- d-----w- C:\Users\Tran Family\AppData\Local\DOSBox

2013-01-28 13:16:13 3554304 ----a-w- C:\Windows\System32\tquery.dll

2013-01-28 13:16:07 2116096 ----a-w- C:\Windows\System32\mssrch.dll

2013-01-28 13:16:05 3236864 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll

2013-01-28 13:16:03 2206208 ----a-w- C:\Windows\System32\dwmcore.dll

2013-01-28 13:16:01 2380944 ----a-w- C:\Windows\explorer.exe

2013-01-28 13:16:01 2115952 ----a-w- C:\Windows\SysWow64\explorer.exe

2013-01-28 13:14:59 35328 ----a-w- C:\Windows\SysWow64\mssprxy.dll

2013-01-28 13:14:58 14336 ----a-w- C:\Windows\System32\msshooks.dll

2013-01-28 13:14:58 10752 ----a-w- C:\Windows\SysWow64\msshooks.dll

2013-01-28 13:14:57 111616 ----a-w- C:\Windows\System32\drivers\drmk.sys

2013-01-28 13:14:56 7680 ----a-w- C:\Windows\System32\kbdhebl3.dll

2013-01-28 13:14:56 74752 ----a-w- C:\Windows\System32\drivers\mpsdrv.sys

2013-01-28 13:14:55 7168 ----a-w- C:\Windows\SysWow64\kbdhebl3.dll

2013-01-28 13:14:55 5632 ----a-w- C:\Windows\System32\drivers\drmkaud.sys

2013-01-28 13:14:52 275968 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll

2013-01-28 13:09:47 11459584 ----a-w- C:\Windows\System32\glcndFilter.dll

2013-01-28 13:08:59 93696 ----a-w- C:\Windows\SysWow64\WcnApi.dll

2013-01-28 12:53:26 618496 ----a-w- C:\Windows\System32\drivers\srv2.sys

2013-01-28 12:53:24 109568 ----a-w- C:\Windows\System32\dskquota.dll

2013-01-28 12:53:21 82944 ----a-w- C:\Windows\SysWow64\dskquota.dll

2013-01-28 12:47:46 1131520 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll

2013-01-28 12:47:44 707584 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.dll

2013-01-28 12:17:36 178176 ----a-w- C:\Windows\System32\SystemEventsBrokerServer.dll

2013-01-28 12:17:36 170496 ----a-w- C:\Windows\System32\TimeBrokerServer.dll

2013-01-28 12:17:33 4055552 ----a-w- C:\Windows\System32\win32k.sys

2013-01-28 12:17:33 368640 ----a-w- C:\Windows\System32\sppwinob.dll

2013-01-28 12:07:37 6971624 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-01-28 12:07:36 83456 ----a-w- C:\Windows\System32\drivers\hidclass.sys

2013-01-28 12:07:36 1184256 ----a-w- C:\Windows\System32\Display.dll

2013-01-28 12:07:35 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll

2013-01-28 12:07:35 39936 ----a-w- C:\Windows\System32\drivers\hidi2c.sys

2013-01-28 12:07:35 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll

2013-01-28 12:07:35 1164800 ----a-w- C:\Windows\SysWow64\Display.dll

2013-01-28 12:07:34 7168 ----a-w- C:\Windows\System32\KBDKURD.DLL

2013-01-28 12:07:34 6656 ----a-w- C:\Windows\SysWow64\KBDKURD.DLL

2013-01-28 12:07:34 27136 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2013-01-28 12:07:31 1120768 ----a-w- C:\Windows\System32\msctf.dll

2013-01-28 12:07:30 890880 ----a-w- C:\Windows\SysWow64\msctf.dll

2013-01-25 11:05:30 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2013-01-25 11:05:29 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2013-01-24 07:13:53 17888 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll

2013-01-24 07:13:48 17888 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll

2013-01-24 06:40:47 94208 ----a-w- C:\Windows\System32\synceng.dll

2013-01-24 06:40:47 72192 ----a-w- C:\Windows\SysWow64\synceng.dll

2013-01-24 06:36:14 144384 ----a-w- C:\Windows\System32\tssdisai.dll

2013-01-24 06:36:13 135680 ----a-w- C:\Windows\System32\appserverai.dll

2013-01-24 06:36:13 126976 ----a-w- C:\Windows\System32\RDWebAI.dll

2013-01-24 06:36:13 122880 ----a-w- C:\Windows\System32\VmHostAI.dll

2013-01-24 06:36:10 148480 ----a-w- C:\Windows\System32\poqexec.exe

2013-01-24 06:36:10 132608 ----a-w- C:\Windows\SysWow64\poqexec.exe

2013-01-24 06:36:06 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-01-24 06:36:06 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-01-24 06:16:28 18528 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin

2013-01-23 08:27:35 -------- d-----w- C:\Program Files (x86)\DOSBox-0.74

2013-01-23 05:09:16 -------- d-----r- C:\Program Files (x86)\Skype

2013-01-23 05:02:41 -------- d-----w- C:\Users\Tran Family\AppData\Local\CRE

2013-01-23 05:02:35 -------- d-----w- C:\Program Files (x86)\Conduit

2013-01-23 05:02:34 -------- d-----w- C:\Users\Tran Family\AppData\Local\Conduit

2013-01-23 04:55:32 -------- d-----w- C:\Program Files (x86)\VideoLAN

2013-01-23 04:49:38 -------- d-----w- C:\Users\Tran Family\AppData\Roaming\Malwarebytes

2013-01-23 04:49:05 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-23 04:49:04 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-01-23 04:49:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-23 04:48:49 -------- d-----w- C:\Users\Tran Family\AppData\Local\Programs

2013-01-23 04:45:49 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-01-23 04:45:45 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-01-23 04:45:45 468144 ----a-w- C:\Windows\System32\drivers\aswnet.sys

2013-01-23 04:45:43 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-01-23 04:45:24 41224 ----a-w- C:\Windows\avastSS.scr

2013-01-23 04:45:14 -------- d-----w- C:\ProgramData\AVAST Software

2013-01-23 04:45:14 -------- d-----w- C:\Program Files\AVAST Software

2013-01-23 04:40:24 -------- d-----w- C:\Users\Tran Family\AppData\Local\Opera

2013-01-23 04:39:47 -------- d-----w- C:\Users\Tran Family\AppData\Local\Google

2013-01-23 04:22:37 -------- d-----w- C:\Users\Tran Family\AppData\Roaming\hpqlog

2013-01-23 03:33:01 -------- d-----w- C:\Users\Tran Family\AppData\Local\AMD

2013-01-23 03:32:48 -------- d-----w- C:\Users\Tran Family\AppData\Local\ATI

2013-01-23 03:31:52 -------- d-----w- C:\Users\Tran Family\AppData\Local\Hewlett-Packard

2013-01-23 03:31:18 -------- d-----r- C:\Users\Tran Family\Searches

2013-01-23 03:31:18 -------- d-----r- C:\Users\Tran Family\Contacts

2013-01-23 03:29:23 -------- d-----w- C:\Users\Tran Family\AppData\Local\Power2Go8

2013-01-23 03:29:07 -------- d-----w- C:\Users\Tran Family\AppData\Roaming\Synaptics

2013-01-23 03:29:02 -------- d-----w- C:\Users\Tran Family\AppData\Local\assembly

2013-01-23 03:28:33 -------- d-----w- C:\Users\Tran Family\AppData\Local\VirtualStore

2013-01-23 03:28:08 -------- d-----w- C:\Users\Tran Family\AppData\Local\Packages

.

==================== Find3M ====================

.

2013-02-04 21:36:29 81248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-04 21:36:29 693600 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-31 13:06:44 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-12-31 13:06:44 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-12-31 13:06:44 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2012-12-20 00:36:50 431616 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2012-12-20 00:28:04 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll

2012-12-16 08:28:20 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 08:20:01 35328 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-16 08:08:33 362496 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 07:57:09 300032 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-11-28 04:21:17 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll

2012-11-28 04:20:59 53760 ----a-w- C:\Windows\System32\UXInit.dll

2012-11-27 07:00:32 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys

2012-11-27 07:00:29 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys

2012-11-27 06:59:13 329960 ----a-w- C:\Windows\System32\drivers\storport.sys

2012-11-27 06:39:46 1122768 ----a-w- C:\Windows\System32\Taskmgr.exe

2012-11-27 04:49:20 1027152 ----a-w- C:\Windows\SysWow64\Taskmgr.exe

2012-11-27 04:20:50 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe

2012-11-27 04:20:42 179200 ----a-w- C:\Windows\SysWow64\wpnapps.dll

2012-11-27 04:20:35 891904 ----a-w- C:\Windows\SysWow64\winmde.dll

2012-11-27 04:20:31 798208 ----a-w- C:\Windows\SysWow64\WebcamUi.dll

2012-11-27 04:20:29 46592 ----a-w- C:\Windows\SysWow64\vds_ps.dll

2012-11-27 04:20:28 560128 ----a-w- C:\Windows\SysWow64\UserLanguagesCpl.dll

2012-11-27 04:20:23 1217536 ----a-w- C:\Windows\SysWow64\storagewmi.dll

2012-11-27 04:20:15 680960 ----a-w- C:\Windows\System32\vds.exe

2012-11-27 04:20:07 702464 ----a-w- C:\Windows\SysWow64\nshwfp.dll

2012-11-27 04:20:07 1123840 ----a-w- C:\Windows\System32\mstsc.exe

2012-11-27 04:18:59 888832 ----a-w- C:\Windows\System32\nshwfp.dll

2012-11-27 04:18:39 5974528 ----a-w- C:\Windows\System32\mstscax.dll

2012-11-27 04:18:13 1071104 ----a-w- C:\Windows\System32\IKEEXT.DLL

2012-11-27 04:18:06 378880 ----a-w- C:\Windows\System32\FWPUCLNT.DLL

2012-11-27 04:17:32 718848 ----a-w- C:\Windows\System32\BFE.DLL

2012-11-27 04:17:31 2302464 ----a-w- C:\Windows\System32\authui.dll

2012-11-27 03:57:32 18432 ----a-w- C:\Windows\System32\drivers\BtaMPM.sys

2012-11-27 03:56:29 31104 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys

2012-11-27 03:55:44 29952 ----a-w- C:\Windows\System32\drivers\BthhfHid.sys

2012-11-26 04:21:18 71168 ----a-w- C:\Windows\SysWow64\ncryptsslp.dll

2012-11-26 04:20:09 86016 ----a-w- C:\Windows\System32\ncryptsslp.dll

.

============= FINISH: 13:25:21.98 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8

Boot Device: \Device\HarddiskVolume2

Install Date: 1/22/2013 7:27:10 PM

System Uptime: 2/11/2013 11:24:44 PM (62 hours ago)

.

Motherboard: Hewlett-Packard | | 184B

Processor: AMD A6-4400M APU with Radeon HD Graphics | Socket FT1 | 2700/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 440 GiB total, 400.471 GiB free.

D: is FIXED (NTFS) - 25 GiB total, 2.993 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP4: 1/28/2013 5:22:00 AM - Windows Update

RP5: 2/8/2013 5:06:23 PM - Scheduled Checkpoint

RP6: 2/12/2013 4:10:28 PM - Windows Update

.

==== Installed Programs ======================

.

µTorrent

Adobe Flash Player 11 Plugin

Adobe Shockwave Player 11.6

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Fuel

AMD VISION Engine Control Center

avast! Free Antivirus

Bonjour

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CyberLink LabelPrint

CyberLink Media Suite 10

CyberLink PhotoDirector

CyberLink Power2Go 8

CyberLink PowerDirector 10

CyberLink PowerDVD

CyberLink YouCam

D3DX10

Energy Star

Hewlett-Packard ACLM.NET v1.2.1.1

HP 3D DriveGuard

HP Connected Music (Meridian - installer)

HP Connected Remote

HP CoolSense

HP Customer Experience Enhancements

HP Documentation

HP Games

HP MyRoom

HP Postscript Converter

HP Quick Launch

HP Recovery Manager

HP Registration Service

HP Support Assistant

HP Utility Center

HP Wireless Button Driver

IDT Audio

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft Application Error Reporting

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Movie Maker

MSVCRT

MSVCRT110

MSVCRT110_amd64

Opera 12.14

Photo Common

Photo Gallery

Qualcomm Atheros Driver Installation Program

Realtek Ethernet Controller Driver

Realtek PCIE Card Reader

Skype™ 6.1

swMSM

Synaptics Pointing Device Driver

VLC media player 2.0.5

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

.

==== Event Viewer Messages From Past Week ========

.

2/12/2013 11:45:40 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.

2/11/2013 11:25:25 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000be (0xfffff88006a73217, 0x000000011394c121, 0xfffff880009cd7b0, 0x000000000000000a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021113-35724-01.

.

==== End Of File ===========================

Security Check Report

Results of screen317's Security Check version 0.99.57

x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Antivirus

Windows Defender

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Adobe Flash Player 11.5.502.149

````````Process Check: objlist.exe by Laurent````````

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: %

````````````````````End of Log``````````````````````

If I did anything wrong, please tell me. I also ran the three programs while I was connected to the internet, is that okay?

[TheDarkKnight]

I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear.

I also ran the three programs while I was connected to the internet, is that okay?

That should be fine.

Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[R1].txt as well.

=====

Also, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

=====

In your reply please provide the contents of the following:

• AdwCleaner[R1].txt.
  
• ComboFix.txt.

How is the computer running?

[fosternguyen]

I was able to run AdwCleaner0 and here is the report for that.

# AdwCleaner v2.112 - Logfile created 02/15/2013 at 12:35:20

# Updated 10/02/2013 by Xplode

# Operating system : Windows 8 (64 bits)

# User : Tran Family - TRAN

# Boot Mode : Normal

# Running from : C:\Users\Tran Family\Desktop\adwcleaner0.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\Users\Tran Family\AppData\Local\Conduit

Folder Found : C:\Users\Tran Family\AppData\LocalLow\Conduit

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Cr_Installer

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16482

[OK] Registry is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Tran Family\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.14.1738.0

File : C:\Users\Tran Family\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1318 octets] - [15/02/2013 12:35:20]

########## EOF - C:\AdwCleaner[R1].txt - [1378 octets] ##########

I don't know whether or not to delete what AdwCleaner0 found so I just left it alone and exited.

I tried running ComboFix but I get an error message saying that it does not support Windows 8. What do I do from here?

[TheDarkKnight]

Good morning fosternguyen,

No worries about ComboFix.

Please do the following to re-run AdwCleaner:

• Please close all open programs and internet browsers.
  
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[s1].txt as well.
  Note: If you get a message that you must reboot the computer before starting deletion, please do. At reboot, only AdwCleaner will run and you can only click on the Delete button.
  When the deletion is done, AdwCleaner will reboot the computer again and open the logfile.

=====

Also, please download OTL.exe by OldTimer to your Desktop.

• Close all windows and double click OTL.exe.
  
• In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:
  
  netsvcs
  drivers32
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Click Run Scan and let the program run uninterrupted.
  
• When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  
• You may need to use two posts to get it all.

=====

In your reply please provide the contents of the following (you may need to use multiple posts):

• AdwCleaner[s1].txt.
  
• OTL.txt.
  
• Extras.txt.

How is the computer currently running?

[fosternguyen]

Here are the results from AdwCleaner0

# AdwCleaner v2.112 - Logfile created 02/15/2013 at 13:46:41

# Updated 10/02/2013 by Xplode

# Operating system : Windows 8 (64 bits)

# User : Tran Family - TRAN

# Boot Mode : Normal

# Running from : C:\Users\Tran Family\Desktop\adwcleaner0.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Users\Tran Family\AppData\Local\Conduit

Folder Deleted : C:\Users\Tran Family\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16482

[OK] Registry is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Tran Family\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.14.1738.0

File : C:\Users\Tran Family\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1447 octets] - [15/02/2013 12:35:20]

AdwCleaner[R2].txt - [1507 octets] - [15/02/2013 12:37:37]

AdwCleaner[R3].txt - [1507 octets] - [15/02/2013 13:44:25]

AdwCleaner[s1].txt - [1518 octets] - [15/02/2013 13:46:41]

########## EOF - C:\AdwCleaner[s1].txt - [1578 octets] ##########

Here are the results from OTL starting with OTL

OTL logfile created on: 2/15/2013 2:03:12 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tran Family\Desktop

64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16484)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.47 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 67.84% Memory free

6.97 Gb Paging File | 5.75 Gb Available in Paging File | 82.52% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 440.15 Gb Total Space | 399.18 Gb Free Space | 90.69% Space Free | Partition Type: NTFS

Drive D: | 24.84 Gb Total Space | 2.99 Gb Free Space | 12.05% Space Free | Partition Type: NTFS

Computer Name: TRAN | User Name: Tran Family | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/15 13:50:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tran Family\Desktop\OTL.exe

PRC - [2013/02/11 20:48:48 | 001,051,984 | ---- | M] (BitTorrent Inc.) -- C:\Users\Tran Family\AppData\Roaming\uTorrent\uTorrent.exe

PRC - [2012/10/30 15:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/10/12 14:16:50 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

PRC - [2012/09/14 17:42:14 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

PRC - [2012/09/07 16:33:08 | 000,581,024 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2012/09/07 16:33:08 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2012/07/13 15:50:00 | 000,093,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

PRC - [2012/06/07 19:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/08 11:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

MOD - [2012/06/07 19:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/12/05 20:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)

SRV:64bit: - [2012/12/05 20:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)

SRV:64bit: - [2012/11/05 20:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV:64bit: - [2012/11/05 20:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2012/10/20 13:31:25 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)

SRV:64bit: - [2012/10/20 13:31:00 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)

SRV:64bit: - [2012/10/20 13:31:00 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)

SRV:64bit: - [2012/09/18 03:11:46 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2012/09/18 02:38:00 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2012/08/23 09:45:42 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

SRV:64bit: - [2012/08/19 21:45:20 | 000,323,072 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2012/07/25 19:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV:64bit: - [2012/07/25 19:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)

SRV:64bit: - [2012/07/25 19:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)

SRV:64bit: - [2012/07/25 19:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)

SRV:64bit: - [2012/07/25 19:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)

SRV:64bit: - [2012/07/25 19:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)

SRV:64bit: - [2012/07/25 19:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)

SRV:64bit: - [2012/07/25 19:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)

SRV:64bit: - [2012/07/25 19:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)

SRV:64bit: - [2012/07/25 19:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)

SRV:64bit: - [2012/07/25 19:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)

SRV:64bit: - [2012/07/25 19:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)

SRV:64bit: - [2012/07/25 19:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)

SRV:64bit: - [2012/07/25 19:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)

SRV:64bit: - [2012/07/25 19:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)

SRV:64bit: - [2012/07/25 19:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)

SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)

SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)

SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)

SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)

SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)

SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)

SRV - [2013/02/07 15:41:37 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/11/05 20:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)

SRV - [2012/10/12 16:22:08 | 000,035,744 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe -- (HPConnectedRemote)

SRV - [2012/09/27 10:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2012/09/07 16:33:08 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2012/07/25 19:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

SRV - [2012/07/25 19:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2012/07/25 19:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2012/07/13 17:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/23 22:14:32 | 000,468,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswnet.sys -- (aswnet)

DRV:64bit: - [2012/11/26 23:00:32 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2012/11/26 19:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)

DRV:64bit: - [2012/11/26 19:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)

DRV:64bit: - [2012/11/19 20:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)

DRV:64bit: - [2012/11/05 23:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)

DRV:64bit: - [2012/11/05 23:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)

DRV:64bit: - [2012/11/05 19:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)

DRV:64bit: - [2012/10/30 15:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2012/10/30 15:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2012/10/30 15:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2012/10/30 15:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2012/10/20 13:30:56 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2012/10/20 13:30:56 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2012/10/20 13:30:56 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)

DRV:64bit: - [2012/10/20 13:30:56 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)

DRV:64bit: - [2012/10/20 13:30:56 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)

DRV:64bit: - [2012/10/20 13:30:56 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)

DRV:64bit: - [2012/10/20 13:30:56 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)

DRV:64bit: - [2012/10/15 08:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2012/10/12 00:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/10/10 23:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)

DRV:64bit: - [2012/10/10 23:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)

DRV:64bit: - [2012/09/28 20:59:32 | 003,666,944 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)

DRV:64bit: - [2012/09/28 10:37:04 | 000,650,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)

DRV:64bit: - [2012/09/18 04:15:48 | 010,316,800 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/09/18 02:12:42 | 000,370,688 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/09/02 09:16:38 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2012/09/02 09:16:36 | 000,079,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2012/08/31 09:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)

DRV:64bit: - [2012/08/24 17:38:28 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2012/08/24 17:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)

DRV:64bit: - [2012/08/24 17:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv)

DRV:64bit: - [2012/08/23 09:45:42 | 000,042,400 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2012/08/23 09:45:42 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2012/08/21 12:56:38 | 000,091,648 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)

DRV:64bit: - [2012/08/19 21:45:20 | 000,542,208 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2012/07/31 00:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)

DRV:64bit: - [2012/07/25 21:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/07/25 21:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)

DRV:64bit: - [2012/07/25 21:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)

DRV:64bit: - [2012/07/25 21:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)

DRV:64bit: - [2012/07/25 21:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)

DRV:64bit: - [2012/07/25 21:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)

DRV:64bit: - [2012/07/25 21:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)

DRV:64bit: - [2012/07/25 21:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)

DRV:64bit: - [2012/07/25 21:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)

DRV:64bit: - [2012/07/25 21:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2012/07/25 21:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2012/07/25 21:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)

DRV:64bit: - [2012/07/25 21:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2012/07/25 21:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)

DRV:64bit: - [2012/07/25 21:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)

DRV:64bit: - [2012/07/25 21:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2012/07/25 21:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)

DRV:64bit: - [2012/07/25 21:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2012/07/25 21:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2012/07/25 20:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)

DRV:64bit: - [2012/07/25 20:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)

DRV:64bit: - [2012/07/25 20:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)

DRV:64bit: - [2012/07/25 20:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)

DRV:64bit: - [2012/07/25 20:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)

DRV:64bit: - [2012/07/25 19:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2012/07/25 18:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)

DRV:64bit: - [2012/07/25 18:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)

DRV:64bit: - [2012/07/25 18:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)

DRV:64bit: - [2012/07/25 18:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)

DRV:64bit: - [2012/07/25 18:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)

DRV:64bit: - [2012/07/25 18:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)

DRV:64bit: - [2012/07/25 18:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)

DRV:64bit: - [2012/07/25 18:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)

DRV:64bit: - [2012/07/25 18:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)

DRV:64bit: - [2012/07/25 18:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)

DRV:64bit: - [2012/07/25 18:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)

DRV:64bit: - [2012/07/25 18:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)

DRV:64bit: - [2012/07/25 18:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)

DRV:64bit: - [2012/07/25 18:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/07/25 18:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)

DRV:64bit: - [2012/07/25 18:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2012/07/25 18:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/07/25 18:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)

DRV:64bit: - [2012/07/25 18:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)

DRV:64bit: - [2012/07/25 18:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)

DRV:64bit: - [2012/07/25 18:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)

DRV:64bit: - [2012/07/03 14:09:08 | 000,269,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR)

DRV:64bit: - [2012/06/25 10:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)

DRV:64bit: - [2012/06/18 18:07:50 | 000,057,000 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2012/06/02 06:32:26 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wdcsam64.sys -- (WDC_SAM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS

IE:64bit: - HKLM\..\SearchScopes\{53472826-A144-40A4-A8CA-1AA315AD7A54}: "URL" = http://www.amazon.co...s={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS

IE - HKLM\..\SearchScopes\{53472826-A144-40A4-A8CA-1AA315AD7A54}: "URL" = http://www.amazon.co...s={searchTerms}

IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1

IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope =

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS

IE - HKCU\..\SearchScopes\{53472826-A144-40A4-A8CA-1AA315AD7A54}: "URL" = http://www.amazon.co...s={searchTerms}

IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

[2013/01/22 21:02:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tran Family\AppData\Roaming\Mozilla\Firefox\extensions

[2013/01/22 21:02:39 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Tran Family\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

========== Chrome ==========

O1 HOSTS File: ([2012/07/25 21:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)

O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [uTorrent] C:\Users\Tran Family\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F06A3C15-0BC2-447F-8A7A-F0F2E353253F}: DhcpNameServer = 75.75.76.76 75.75.75.75

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6A23103-1AF9-43FE-A15A-723B769931C8}: DhcpNameServer = 40.20.1.201 40.20.1.203 40.20.1.202

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O30 - LSA: Security Packages - (livessp) - File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)

NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)

NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)

NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/15 13:50:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tran Family\Desktop\OTL.exe

[2013/02/15 13:05:39 | 005,033,715 | ---- | C] (Swearware) -- C:\Users\Tran Family\Desktop\ComboFix.exe

[2013/02/14 13:24:41 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Tran Family\Desktop\dds.scr

[2013/02/12 15:38:16 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/02/12 15:38:13 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/02/12 15:38:11 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll

[2013/02/12 15:38:11 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/02/12 15:38:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/02/12 15:38:10 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/02/12 15:38:10 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/02/12 15:38:09 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll

[2013/02/12 15:38:09 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/02/12 15:38:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll

[2013/02/12 15:38:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/02/12 15:38:08 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/02/12 15:33:07 | 006,967,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013/02/11 20:47:39 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Roaming\uTorrent

[2013/01/28 20:25:40 | 000,000,000 | ---D | C] -- C:\DOSGAMES

[2013/01/28 20:24:06 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Local\DOSBox

[2013/01/28 05:16:13 | 003,554,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll

[2013/01/28 05:16:07 | 002,116,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll

[2013/01/28 05:16:03 | 002,206,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll

[2013/01/28 05:16:01 | 002,380,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2013/01/28 05:16:01 | 002,115,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe

[2013/01/28 05:15:59 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Immersive.dll

[2013/01/28 05:15:58 | 001,610,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll

[2013/01/28 05:15:57 | 001,265,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll

[2013/01/28 05:15:56 | 001,226,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Immersive.dll

[2013/01/28 05:15:56 | 000,579,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll

[2013/01/28 05:15:55 | 000,793,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll

[2013/01/28 05:15:54 | 001,841,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll

[2013/01/28 05:15:52 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SHCore.dll

[2013/01/28 05:15:50 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe

[2013/01/28 05:15:49 | 001,403,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi

[2013/01/28 05:15:48 | 000,612,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll

[2013/01/28 05:15:48 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll

[2013/01/28 05:15:47 | 000,517,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe

[2013/01/28 05:15:47 | 000,441,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys

[2013/01/28 05:15:46 | 000,561,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4srcsnk.dll

[2013/01/28 05:15:44 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys

[2013/01/28 05:15:44 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Storage.Compression.dll

[2013/01/28 05:15:43 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll

[2013/01/28 05:15:43 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll

[2013/01/28 05:15:43 | 000,336,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys

[2013/01/28 05:15:41 | 001,045,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usercpl.dll

[2013/01/28 05:15:40 | 002,764,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll

[2013/01/28 05:15:38 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4srcsnk.dll

[2013/01/28 05:15:38 | 000,058,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dam.sys

[2013/01/28 05:15:37 | 000,962,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\usercpl.dll

[2013/01/28 05:15:37 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll

[2013/01/28 05:15:36 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SpaceControl.dll

[2013/01/28 05:15:35 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll

[2013/01/28 05:15:33 | 000,033,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\battc.sys

[2013/01/28 05:15:32 | 001,093,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe

[2013/01/28 05:15:31 | 001,267,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe

[2013/01/28 05:15:30 | 001,217,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi

[2013/01/28 05:15:29 | 000,056,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdstor.sys

[2013/01/28 05:15:28 | 000,460,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SHCore.dll

[2013/01/28 05:15:28 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Storage.Compression.dll

[2013/01/28 05:15:27 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\input.dll

[2013/01/28 05:15:26 | 001,636,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMALFXGFXDSP.dll

[2013/01/28 05:15:25 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\input.dll

[2013/01/28 05:15:24 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll

[2013/01/28 05:15:21 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll

[2013/01/28 05:15:19 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll

[2013/01/28 05:15:19 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\microsoft-windows-pdc.dll

[2013/01/28 05:15:17 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PCPKsp.dll

[2013/01/28 05:15:13 | 001,294,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll

[2013/01/28 05:15:12 | 000,757,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FirewallAPI.dll

[2013/01/28 05:15:11 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll

[2013/01/28 05:15:11 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll

[2013/01/28 05:15:11 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AppxSip.dll

[2013/01/28 05:15:09 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppxSip.dll

[2013/01/28 05:15:08 | 001,836,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2013/01/28 05:15:08 | 000,370,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SysFxUI.dll

[2013/01/28 05:15:06 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll

[2013/01/28 05:15:06 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe

[2013/01/28 05:15:05 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icfupgd.dll

[2013/01/28 05:15:05 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BdeUISrv.exe

[2013/01/28 05:15:04 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PCPKsp.dll

[2013/01/28 05:15:02 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssitlb.dll

[2013/01/28 05:15:01 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssitlb.dll

[2013/01/28 05:15:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll

[2013/01/28 05:15:00 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll

[2013/01/28 05:15:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll

[2013/01/28 05:15:00 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wfapigp.dll

[2013/01/28 05:15:00 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wfapigp.dll

[2013/01/28 05:14:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll

[2013/01/28 05:14:58 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll

[2013/01/28 05:14:57 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys

[2013/01/28 05:14:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kbdhebl3.dll

[2013/01/28 05:14:55 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbdhebl3.dll

[2013/01/28 05:13:44 | 005,974,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll

[2013/01/28 05:13:43 | 005,088,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll

[2013/01/28 05:13:43 | 001,096,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll

[2013/01/28 05:13:41 | 003,245,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll

[2013/01/28 05:13:41 | 001,145,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll

[2013/01/28 05:13:40 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll

[2013/01/28 05:13:37 | 001,122,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Taskmgr.exe

[2013/01/28 05:13:37 | 001,027,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Taskmgr.exe

[2013/01/28 05:13:36 | 001,536,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storagewmi.dll

[2013/01/28 05:13:36 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WebcamUi.dll

[2013/01/28 05:13:35 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll

[2013/01/28 05:13:35 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WebcamUi.dll

[2013/01/28 05:13:34 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll

[2013/01/28 05:13:33 | 000,891,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll

[2013/01/28 05:13:33 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UserLanguagesCpl.dll

[2013/01/28 05:13:33 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys

[2013/01/28 05:13:32 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys

[2013/01/28 05:13:32 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnapps.dll

[2013/01/28 05:13:32 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys

[2013/01/28 05:13:31 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe

[2013/01/28 05:13:30 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UserLanguagesCpl.dll

[2013/01/28 05:13:30 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll

[2013/01/28 05:13:30 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpnapps.dll

[2013/01/28 05:13:29 | 000,027,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys

[2013/01/28 05:13:28 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe

[2013/01/28 05:13:27 | 001,217,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\storagewmi.dll

[2013/01/28 05:13:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll

[2013/01/28 05:13:26 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe

[2013/01/28 05:13:25 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll

[2013/01/28 05:13:24 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll

[2013/01/28 05:13:23 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL

[2013/01/28 05:13:23 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL

[2013/01/28 05:13:23 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll

[2013/01/28 05:13:22 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll

[2013/01/28 05:13:22 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vds_ps.dll

[2013/01/28 05:13:22 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rfxvmt.dll

[2013/01/28 05:13:21 | 000,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys

[2013/01/28 05:13:21 | 000,029,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthhfHid.sys

[2013/01/28 05:13:21 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BtaMPM.sys

[2013/01/28 05:09:47 | 011,459,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\glcndFilter.dll

[2013/01/28 05:09:41 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll

[2013/01/28 05:09:38 | 008,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll

[2013/01/28 05:09:32 | 008,552,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\glcndFilter.dll

[2013/01/28 05:09:26 | 001,526,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll

[2013/01/28 05:09:26 | 000,976,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2013/01/28 05:09:25 | 001,566,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll

[2013/01/28 05:09:24 | 001,451,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll

[2013/01/28 05:09:22 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll

[2013/01/28 05:09:20 | 000,447,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll

[2013/01/28 05:09:19 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe

[2013/01/28 05:09:18 | 000,767,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll

[2013/01/28 05:09:17 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll

[2013/01/28 05:09:15 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys

[2013/01/28 05:09:14 | 000,549,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll

[2013/01/28 05:09:14 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairing.dll

[2013/01/28 05:09:14 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll

[2013/01/28 05:09:13 | 000,445,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS

[2013/01/28 05:09:13 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dafWCN.dll

[2013/01/28 05:09:12 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll

[2013/01/28 05:09:11 | 000,522,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll

[2013/01/28 05:09:11 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanmsm.dll

[2013/01/28 05:09:11 | 000,463,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll

[2013/01/28 05:09:11 | 000,253,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe

[2013/01/28 05:09:11 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthprops.cpl

[2013/01/28 05:09:10 | 000,490,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll

[2013/01/28 05:09:10 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll

[2013/01/28 05:09:09 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairing.dll

[2013/01/28 05:09:09 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpclip.exe

[2013/01/28 05:09:09 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll

[2013/01/28 05:09:09 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bthprops.cpl

[2013/01/28 05:09:09 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFCaptureEngine.dll

[2013/01/28 05:09:08 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll

[2013/01/28 05:09:08 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll

[2013/01/28 05:09:07 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll

[2013/01/28 05:09:07 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll

[2013/01/28 05:09:06 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll

[2013/01/28 05:09:05 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll

[2013/01/28 05:09:05 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll

[2013/01/28 05:09:05 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll

[2013/01/28 05:09:05 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFCaptureEngine.dll

[2013/01/28 05:09:05 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

[2013/01/28 05:09:05 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe

[2013/01/28 05:09:03 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanapi.dll

[2013/01/28 05:09:03 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll

[2013/01/28 05:09:02 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll

[2013/01/28 05:09:02 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe

[2013/01/28 05:09:02 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe

[2013/01/28 05:09:01 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanapi.dll

[2013/01/28 05:09:01 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll

[2013/01/28 05:08:59 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlansec.dll

[2013/01/28 05:08:59 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlansec.dll

[2013/01/28 05:08:59 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnApi.dll

[2013/01/28 05:08:59 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WcnApi.dll

[2013/01/28 05:08:57 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdWCN.dll

[2013/01/28 05:08:56 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnEapAuthProxy.dll

[2013/01/28 05:08:54 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wfdprov.dll

[2013/01/28 05:08:54 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnEapPeerProxy.dll

[2013/01/28 05:08:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wfdprov.dll

[2013/01/28 05:08:52 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll

[2013/01/28 05:08:52 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll

[2013/01/28 05:08:51 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll

[2013/01/28 05:08:51 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll

[2013/01/28 05:08:50 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuaext.dll

[2013/01/28 05:08:49 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fxppm.sys

[2013/01/28 05:08:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsilog.dll

[2013/01/28 05:08:48 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanhlp.dll

[2013/01/28 05:08:48 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanhlp.dll

[2013/01/28 05:08:47 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wushareduxresources.dll

[2013/01/28 04:53:24 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dskquota.dll

[2013/01/28 04:53:21 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dskquota.dll

[2013/01/28 04:52:50 | 000,396,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hal.dll

[2013/01/28 04:47:46 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentServer.dll

[2013/01/28 04:47:44 | 000,707,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.dll

[2013/01/28 04:37:59 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll

[2013/01/28 04:37:59 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll

[2013/01/28 04:37:59 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll

[2013/01/28 04:37:58 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.dll

[2013/01/28 04:37:58 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll

[2013/01/28 04:37:58 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll

[2013/01/28 04:37:51 | 001,172,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfnetsrc.dll

[2013/01/28 04:37:50 | 000,929,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfnetsrc.dll

[2013/01/28 04:37:50 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfnetcore.dll

[2013/01/28 04:37:49 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfnetcore.dll

[2013/01/28 04:37:49 | 000,513,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmpeg2srcsnk.dll

[2013/01/28 04:37:48 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll

[2013/01/28 04:37:48 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll

[2013/01/28 04:37:48 | 000,673,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmpeg2srcsnk.dll

[2013/01/28 04:17:36 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll

[2013/01/28 04:17:36 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll

[2013/01/28 04:17:33 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll

[2013/01/28 04:07:36 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Display.dll

[2013/01/28 04:07:36 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys

[2013/01/28 04:07:35 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Display.dll

[2013/01/28 04:07:35 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll

[2013/01/28 04:07:35 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidi2c.sys

[2013/01/28 04:07:35 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll

[2013/01/28 04:07:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDKURD.DLL

[2013/01/28 04:07:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDKURD.DLL

[2013/01/28 04:07:31 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll

[2013/01/24 01:02:41 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Roaming\vlc

[2013/01/23 23:13:53 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100_clr0400.dll

[2013/01/23 23:13:48 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100_clr0400.dll

[2013/01/23 22:41:11 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptsslp.dll

[2013/01/23 22:41:11 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptsslp.dll

[2013/01/23 22:41:10 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2013/01/23 22:41:10 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2013/01/23 22:41:10 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2013/01/23 22:41:09 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll

[2013/01/23 22:41:09 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll

[2013/01/23 22:41:09 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2013/01/23 22:41:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll

[2013/01/23 22:41:09 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll

[2013/01/23 22:41:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll

[2013/01/23 22:41:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll

[2013/01/23 22:41:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll

[2013/01/23 22:41:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll

[2013/01/23 22:40:47 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll

[2013/01/23 22:40:47 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll

[2013/01/23 22:36:14 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tssdisai.dll

[2013/01/23 22:36:13 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appserverai.dll

[2013/01/23 22:36:13 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RDWebAI.dll

[2013/01/23 22:36:13 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VmHostAI.dll

[2013/01/23 22:36:10 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe

[2013/01/23 22:36:10 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe

[2013/01/23 22:35:55 | 000,945,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\resetengmig.dll

[2013/01/23 22:35:55 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll

[2013/01/23 22:35:55 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll

[2013/01/23 22:35:54 | 001,009,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll

[2013/01/23 22:35:54 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysreset.exe

[2013/01/23 22:35:36 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgentc.exe

[2013/01/23 22:35:36 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgentc.exe

[2013/01/23 22:35:31 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcadm.dll

[2013/01/23 22:35:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcalua.exe

[2013/01/23 22:35:31 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcaevts.dll

[2013/01/23 22:35:29 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll

[2013/01/23 22:35:29 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll

[2013/01/23 22:35:29 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll

[2013/01/23 22:35:29 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnathlp.dll

[2013/01/23 22:35:29 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe

[2013/01/23 22:35:29 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe

[2013/01/23 22:35:29 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnhupnp.dll

[2013/01/23 22:35:29 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnhpast.dll

[2013/01/23 22:35:29 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnhupnp.dll

[2013/01/23 22:35:29 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnhpast.dll

[2013/01/23 22:35:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnlobby.dll

[2013/01/23 22:35:28 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnaddr.dll

[2013/01/23 22:35:28 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnlobby.dll

[2013/01/23 22:35:28 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnaddr.dll

[2013/01/23 22:30:22 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/01/23 22:30:22 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/01/23 00:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74

[2013/01/23 00:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOSBox-0.74

[2013/01/22 23:15:07 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2013/01/22 21:09:20 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Roaming\Skype

[2013/01/22 21:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2013/01/22 21:09:16 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2013/01/22 21:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2013/01/22 21:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2013/01/22 21:02:41 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Local\CRE

[2013/01/22 21:02:37 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Roaming\Mozilla

[2013/01/22 20:55:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2013/01/22 20:55:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN

[2013/01/22 20:49:38 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Roaming\Malwarebytes

[2013/01/22 20:49:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/01/22 20:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/01/22 20:49:04 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/01/22 20:49:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/01/22 20:48:49 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Local\Programs

[2013/01/22 20:45:50 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2013/01/22 20:45:50 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2013/01/22 20:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2013/01/22 20:45:49 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2013/01/22 20:45:45 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2013/01/22 20:45:45 | 000,468,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswnet.sys

[2013/01/22 20:45:43 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2013/01/22 20:45:43 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2013/01/22 20:45:24 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2013/01/22 20:45:24 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2013/01/22 20:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2013/01/22 20:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2013/01/22 20:41:43 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Roaming\Macromedia

[2013/01/22 20:40:24 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Roaming\Opera

[2013/01/22 20:40:24 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Local\Opera

[2013/01/22 20:40:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera

[2013/01/22 20:39:47 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Local\Google

[2013/01/22 20:22:37 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Roaming\hpqlog

[2013/01/22 19:33:01 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Local\AMD

[2013/01/22 19:32:48 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Roaming\ATI

[2013/01/22 19:32:48 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Local\ATI

[2013/01/22 19:31:52 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Local\Hewlett-Packard

[2013/01/22 19:31:18 | 000,000,000 | R--D | C] -- C:\Users\Tran Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2013/01/22 19:31:18 | 000,000,000 | R--D | C] -- C:\Users\Tran Family\Searches

[2013/01/22 19:31:18 | 000,000,000 | R--D | C] -- C:\Users\Tran Family\Contacts

[2013/01/22 19:31:18 | 000,000,000 | R--D | C] -- C:\Users\Tran Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2013/01/22 19:31:18 | 000,000,000 | -H-D | C] -- C:\Users\Tran Family\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2013/01/22 19:31:13 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Roaming\Adobe

[2013/01/22 19:30:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services

[2013/01/22 19:29:23 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Local\Power2Go8

[2013/01/22 19:29:07 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Roaming\Synaptics

[2013/01/22 19:29:02 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Local\assembly

[2013/01/22 19:29:00 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Roaming\Hewlett-Packard

[2013/01/22 19:28:33 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Local\VirtualStore

[2013/01/22 19:28:09 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information

[2013/01/22 19:28:08 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Local\Packages

[2013/01/22 19:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Tran Family\AppData\Local\Temporary Internet Files

[2013/01/22 19:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Tran Family\Templates

[2013/01/22 19:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Tran Family\Local Settings

[2013/01/22 19:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Tran Family\AppData\Local\History

[2013/01/22 19:27:51 | 000,000,000 | -HSD | C] -- C:\Users\Tran Family\AppData\Local\Application Data

[2013/01/22 19:27:50 | 000,000,000 | -HSD | C] -- C:\Users\Tran Family\Start Menu

[2013/01/22 19:27:50 | 000,000,000 | -HSD | C] -- C:\Users\Tran Family\SendTo

[2013/01/22 19:27:50 | 000,000,000 | -HSD | C] -- C:\Users\Tran Family\Recent

[2013/01/22 19:27:50 | 000,000,000 | -HSD | C] -- C:\Users\Tran Family\PrintHood

[2013/01/22 19:27:50 | 000,000,000 | -HSD | C] -- C:\Users\Tran Family\NetHood

[2013/01/22 19:27:50 | 000,000,000 | -HSD | C] -- C:\Users\Tran Family\Documents\My Videos

[2013/01/22 19:27:50 | 000,000,000 | -HSD | C] -- C:\Users\Tran Family\Documents\My Pictures

[2013/01/22 19:27:50 | 000,000,000 | -HSD | C] -- C:\Users\Tran Family\Documents\My Music

[2013/01/22 19:27:50 | 000,000,000 | -HSD | C] -- C:\Users\Tran Family\My Documents

[2013/01/22 19:27:50 | 000,000,000 | -HSD | C] -- C:\Users\Tran Family\Cookies

[2013/01/22 19:27:50 | 000,000,000 | -HSD | C] -- C:\Users\Tran Family\Application Data

[2013/01/22 19:27:19 | 000,000,000 | --SD | C] -- C:\Users\Tran Family\AppData\Roaming\Microsoft

[2013/01/22 19:27:19 | 000,000,000 | R--D | C] -- C:\Users\Tran Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

[2013/01/22 19:27:19 | 000,000,000 | R--D | C] -- C:\Users\Tran Family\Desktop

[2013/01/22 19:27:19 | 000,000,000 | R--D | C] -- C:\Users\Tran Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2013/01/22 19:27:19 | 000,000,000 | R--D | C] -- C:\Users\Tran Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

[2013/01/22 19:27:19 | 000,000,000 | -H-D | C] -- C:\Users\Tran Family\AppData

[2013/01/22 19:27:19 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Local\Temp

[2013/01/22 19:27:19 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Local\Microsoft

[2013/01/22 19:27:19 | 000,000,000 | ---D | C] -- C:\Users\Tran Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2013/01/22 19:27:18 | 000,000,000 | R--D | C] -- C:\Users\Tran Family\Videos

[2013/01/22 19:27:18 | 000,000,000 | R--D | C] -- C:\Users\Tran Family\Saved Games

[2013/01/22 19:27:18 | 000,000,000 | R--D | C] -- C:\Users\Tran Family\Pictures

[2013/01/22 19:27:18 | 000,000,000 | R--D | C] -- C:\Users\Tran Family\Music

[2013/01/22 19:27:18 | 000,000,000 | R--D | C] -- C:\Users\Tran Family\Links

[2013/01/22 19:27:18 | 000,000,000 | R--D | C] -- C:\Users\Tran Family\Favorites

[2013/01/22 19:27:18 | 000,000,000 | R--D | C] -- C:\Users\Tran Family\Downloads

[2013/01/22 19:27:18 | 000,000,000 | R--D | C] -- C:\Users\Tran Family\Documents

[2013/01/22 19:27:18 | 000,000,000 | -H-D | C] -- C:\Users\Tran Family\Documents\hp.system.package.metadata

[2013/01/22 19:27:18 | 000,000,000 | -H-D | C] -- C:\Users\Tran Family\Documents\hp.applications.package.appdata

[2013/01/22 19:27:06 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[fosternguyen]

Here is the remaining results from OTL

========== Files - Modified Within 30 Days ==========

[2013/02/15 13:52:48 | 000,941,050 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/02/15 13:52:48 | 000,783,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/02/15 13:52:48 | 000,158,368 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/02/15 13:50:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tran Family\Desktop\OTL.exe

[2013/02/15 13:50:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/02/15 13:48:05 | 000,291,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/02/15 13:47:48 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2013/02/15 13:47:45 | 2981,527,552 | -HS- | M] () -- C:\hiberfil.sys

[2013/02/15 13:41:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/02/15 13:05:39 | 005,033,715 | ---- | M] (Swearware) -- C:\Users\Tran Family\Desktop\ComboFix.exe

[2013/02/15 12:34:46 | 000,587,671 | ---- | M] () -- C:\Users\Tran Family\Desktop\adwcleaner0.exe

[2013/02/14 13:24:41 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Tran Family\Desktop\dds.scr

[2013/02/14 13:22:47 | 000,881,914 | ---- | M] () -- C:\Users\Tran Family\Desktop\SecurityCheck.exe

[2013/02/14 13:22:01 | 000,000,000 | ---- | M] () -- C:\Users\Tran Family\defogger_reenable

[2013/02/14 13:21:33 | 000,050,477 | ---- | M] () -- C:\Users\Tran Family\Desktop\Defogger.exe

[2013/02/11 23:25:04 | 338,780,291 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013/02/11 20:48:49 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk

[2013/02/08 22:03:44 | 000,007,601 | ---- | M] () -- C:\Users\Tran Family\AppData\Local\Resmon.ResmonCfg

[2013/02/06 15:06:14 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/02/06 15:06:14 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/01/23 22:14:32 | 000,468,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswnet.sys

[2013/01/23 22:14:32 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswnet.sys.sum

[2013/01/23 00:27:36 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk

[2013/01/22 21:09:16 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2013/01/22 20:55:43 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2013/01/22 20:49:06 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/01/22 20:45:50 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2013/01/22 20:45:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2013/01/22 20:40:09 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk

[2013/01/22 20:24:31 | 000,001,424 | ---- | M] () -- C:\Users\Tran Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013/01/22 19:29:23 | 000,000,141 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

========== Files Created - No Company Name ==========

[2013/02/15 13:47:51 | 000,291,288 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/02/15 12:34:46 | 000,587,671 | ---- | C] () -- C:\Users\Tran Family\Desktop\adwcleaner0.exe

[2013/02/14 13:22:47 | 000,881,914 | ---- | C] () -- C:\Users\Tran Family\Desktop\SecurityCheck.exe

[2013/02/14 13:22:01 | 000,000,000 | ---- | C] () -- C:\Users\Tran Family\defogger_reenable

[2013/02/14 13:21:33 | 000,050,477 | ---- | C] () -- C:\Users\Tran Family\Desktop\Defogger.exe

[2013/02/11 20:48:49 | 000,000,849 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk

[2013/02/08 22:03:44 | 000,007,601 | ---- | C] () -- C:\Users\Tran Family\AppData\Local\Resmon.ResmonCfg

[2013/01/28 05:09:13 | 000,385,604 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml

[2013/01/23 22:14:32 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswnet.sys.sum

[2013/01/23 00:27:36 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk

[2013/01/22 23:14:50 | 338,780,291 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2013/01/22 21:09:16 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2013/01/22 20:55:43 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2013/01/22 20:49:06 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/01/22 20:45:50 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2013/01/22 20:45:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt

[2013/01/22 20:41:29 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/01/22 20:40:09 | 000,001,801 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

[2013/01/22 20:40:09 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk

[2013/01/22 20:24:31 | 000,001,424 | ---- | C] () -- C:\Users\Tran Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013/01/22 19:31:13 | 000,001,430 | ---- | C] () -- C:\Users\Tran Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2013/01/22 19:29:23 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

[2013/01/22 19:27:37 | 000,002,100 | ---- | C] () -- C:\Users\Tran Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk

[2013/01/22 19:27:37 | 000,000,352 | ---- | C] () -- C:\Users\Tran Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2013/01/22 19:27:37 | 000,000,334 | ---- | C] () -- C:\Users\Tran Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2012/10/20 13:31:00 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll

[2012/10/20 12:45:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012/09/18 02:40:14 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/09/18 02:40:14 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012/08/03 14:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/07/26 00:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2012/07/26 00:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2012/07/25 23:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2012/07/25 17:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2012/07/25 12:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2012/07/25 12:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2012/07/25 12:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2012/07/25 12:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2012/07/25 12:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2012/06/02 06:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2012/05/10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2011/09/12 18:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2012/10/20 12:58:49 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/11/05 20:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/11/05 20:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 19:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 19:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 19:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2013/02/15 12:35:25 | 000,001,447 | ---- | M] () -- C:\AdwCleaner[R1].txt

[2013/02/15 12:37:41 | 000,001,507 | ---- | M] () -- C:\AdwCleaner[R2].txt

[2013/02/15 13:44:30 | 000,001,507 | ---- | M] () -- C:\AdwCleaner[R3].txt

[2013/02/15 13:46:51 | 000,001,647 | ---- | M] () -- C:\AdwCleaner[s1].txt

[2012/07/25 19:44:30 | 000,398,156 | RHS- | M] () -- C:\bootmgr

[2012/06/02 06:30:55 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT

[2012/08/03 15:21:37 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2013/02/15 13:47:45 | 2981,527,552 | -HS- | M] () -- C:\hiberfil.sys

[2013/02/15 13:47:48 | 3758,096,384 | -HS- | M] () -- C:\pagefile.sys

[2013/02/15 13:47:48 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Here is the final report from OTL, Extras

OTL Extras logfile created on: 2/15/2013 2:03:12 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tran Family\Desktop

64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16484)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.47 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 67.84% Memory free

6.97 Gb Paging File | 5.75 Gb Available in Paging File | 82.52% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 440.15 Gb Total Space | 399.18 Gb Free Space | 90.69% Space Free | Partition Type: NTFS

Drive D: | 24.84 Gb Total Space | 2.99 Gb Free Space | 12.05% Space Free | Partition Type: NTFS

Computer Name: TRAN | User Name: Tran Family | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{54DDB52F-8CD0-4A63-9D4B-760D08229043}" = lport=53000 | protocol=6 | dir=in | name=hpconnectedremoteservice.exe |

"{9C9403E7-1D9F-4EA3-9187-C5DB56268CB1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{C250084B-83C0-4ADA-B510-E6D7D4081F70}" = lport=52000 | protocol=6 | dir=in | name=hpconnectedremoteuser.exe |

"{FB6D9234-8B02-4AF8-B27F-FE16EDCA631E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01984368-5865-4FC2-879B-56F38DA1388B}" = dir=out | name=savings center featured offers |

"{0250D603-B387-4963-9F74-24805C4FBAD1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{09478FDB-AB24-4B19-B981-F689D6133D9E}" = dir=out | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe |

"{12E71572-1488-4E6A-B21A-BECCF4E263BC}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |

"{15E50445-7644-4078-9B53-6538F4719042}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |

"{1A80036F-A11E-44D4-8CEC-B4B562D415B9}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{1F85FE15-9D88-407A-894B-4C0F69BDB2AA}" = dir=out | name=microsoft solitaire collection |

"{21071E29-8729-4833-B009-630E879985EA}" = dir=out | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe |

"{252A5526-D817-4FE8-B9CA-E4F720E77DF3}" = dir=in | name=kindle |

"{2BE8CD6B-7385-4BE3-9EDC-871BE9723EA0}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{30F40077-8C23-44FB-A80C-A7B338C4E7DF}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |

"{3565E0CC-B867-4B4D-957C-9047ED791162}" = dir=out | name=hp connected photo powered by snapfish |

"{367D3EEC-9361-426D-A87F-B6EE273B275D}" = protocol=17 | dir=in | name=hpconnectedremoteservice.exe |

"{3A8169AF-6FE0-4698-8389-4651A2641428}" = dir=in | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe |

"{3E2EA670-5EA5-41DC-8DFF-20B046D05AED}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |

"{40E69DA4-7BFC-4C33-BCA5-A4CEF139B0B7}" = dir=out | name=ebay |

"{499411B3-4B8A-414F-9EFC-999871D13889}" = dir=out | name=microsoft mahjong |

"{5A3AA879-CC22-43CA-A64E-D6C1A7B0BFAA}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |

"{5E3D92C5-43EE-487A-9A97-7906FB2537D0}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |

"{6186D9BB-E8C9-4103-BD7F-1DB242BC3703}" = dir=out | name=hp registration |

"{64FD120F-2719-4512-92DD-E63C90565425}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |

"{68D5559A-68B3-4425-8E36-9E862622FE59}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |

"{6A5F6973-413A-4ABA-9975-66D66B6634EB}" = dir=out | name=hp+ |

"{6F88DF0E-7D84-4ADF-9CC1-B9CDD71159DF}" = dir=out | name=iheartradio |

"{73A264FF-87F8-44DB-A201-ED34F49D61DF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{7A61A213-1501-43CE-9969-C4134A33D076}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{7C482EFD-5C0B-4874-8A43-22B48A7101FC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{7C78058E-8A45-4FE2-87FE-0D08B37C5665}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{809835B0-0CF2-43BB-9A87-C0DBC759551B}" = dir=in | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe |

"{80CF7E02-87CE-48B5-8CE5-C031D5D58FAF}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |

"{8474669F-EFF6-4D4C-95B4-AFAFDD7CDCD0}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |

"{8F521087-5D7E-487C-87C1-C35A4B4E0C63}" = dir=out | name=norton studio |

"{922522E4-999C-4E69-9AF8-03D8332DC1F3}" = dir=in | name=savings center featured offers |

"{9AA7EBEE-076F-4373-BF59-64781970534A}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |

"{9ABA05A4-3E98-4F3D-95AB-1E3296201F13}" = dir=out | name=kindle |

"{9EC401B7-348F-448B-8E93-C42026219EA3}" = dir=out | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe |

"{A723FB69-CBDE-479F-A165-E4057D3ED7F4}" = protocol=17 | dir=in | app=c:\users\tran family\appdata\roaming\utorrent\utorrent.exe |

"{A894A549-29F4-4CC3-9B99-E49601B47A99}" = dir=out | name=hp games |

"{ACC7E1F5-5B13-4647-8C25-56AE09E374F8}" = dir=out | name=windows_ie_ac_001 |

"{AE7E3507-0074-4E75-A6FC-DC80D08AD325}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |

"{B5E3F806-C30B-45B8-A44D-6D5514A1B4CC}" = dir=in | name=skype |

"{B6189CBD-ABA0-4D9B-AD22-A443A7751A7C}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |

"{B6BAC4B6-2AF1-44CC-B55D-4DDB40264B83}" = dir=out | name=netflix |

"{C1028E86-37FB-4DC2-AFA2-B1DF2EEDF574}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe |

"{C62A4D45-5A4F-4A89-B114-7A9EC3558F77}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{C9F778C0-4A6E-4873-896D-8090D889A67F}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |

"{CF66BBB5-C798-4A97-A103-082876306EAB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |

"{D603B6DB-60FE-4CCA-892A-0C1F3C80FAE2}" = dir=out | name=getting started with windows 8 |

"{DB20D012-10E3-452F-AD27-BACC9CAFF598}" = dir=out | name=skype |

"{E000A449-68DE-438B-AE7B-46C519B8EE93}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |

"{E046B0A5-F405-4748-B69D-57AA7F5F80DD}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |

"{E20D9CBD-6651-481E-BB0F-866A6D07ABDD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{E60D0684-A36C-4D2C-8695-AE2B3D0EB354}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |

"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{FDCA9D85-CB4E-474A-9743-0702C061CB7E}" = dir=in | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe |

"{FE20A73E-40F6-44AE-8168-80D9A3886404}" = dir=in | name=ebay |

"{FE8B7E2C-17C2-4556-A0FD-9EAC607C59A4}" = protocol=6 | dir=in | app=c:\users\tran family\appdata\roaming\utorrent\utorrent.exe |

"TCP Query User{CC4808D4-1A3C-422B-A287-EB0B76A49135}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"UDP Query User{DCFED1D7-AB1D-4859-8BFC-B65A06741C49}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{256D3424-92D8-FA96-125D-0700B58667BA}" = ccc-utility64

"{3CEC10BE-CD7C-8E99-E3AC-DD31F4416C1C}" = AMD Catalyst Install Manager

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{6821D775-9303-46DD-977A-2D97CA18B054}" = HP 3D DriveGuard

"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}" = HP Registration Service

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{EDE23522-7F0D-FB7F-BE3F-50FAF10A7315}" = AMD Fuel

"{F56E1723-78D2-E94E-FDF4-6B6B313A9E93}" = AMD Accelerated Video Transcoding

"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center

"{0DCCD5F4-29E7-4AA0-8C1D-F8E1503B91F4}" = Catalyst Control Center - Branding

"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform

"{12404376-8B4D-6DC3-7A24-A0733542EC27}" = AMD VISION Engine Control Center

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F43F3B1-97D6-D5AA-5563-BF4C15D728D6}" = CCC Help Hungarian

"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10

"{23C74C03-680C-455D-933F-5BC8683CAE52}" = HP Documentation

"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform

"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8

"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack

"{303DEA22-6554-3CA4-089A-B6AE6C758310}" = CCC Help Korean

"{312F8C1E-4E5A-59FA-1B1A-3012CE06AD52}" = CCC Help French

"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker

"{44D111C5-BF92-77AF-AA3E-B88CF44BD25B}" = CCC Help German

"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials

"{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector

"{4C1F8B61-15CF-3E63-11AB-E2408945F814}" = CCC Help Czech

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1

"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE

"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions

"{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager

"{546816AA-54F2-F015-0A84-55602C4F5EB9}" = CCC Help Swedish

"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common

"{5E98C043-BA3C-DB7B-B50D-2608F4264411}" = CCC Help Norwegian

"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common

"{6D96E21A-323A-A74A-4308-97DEE6520B26}" = CCC Help Italian

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{73EEB538-A9EB-0B56-DEC0-415CD210C088}" = Catalyst Control Center InstallProxy

"{75652759-10D5-405C-F1AB-51DA2BB5AE37}" = CCC Help Danish

"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer

"{795C2356-1DCD-056C-4200-5EB321C2EBE4}" = CCC Help Japanese

"{81B4F7A5-7640-8F88-FBF9-378114A07742}" = CCC Help Thai

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8704FEEF-A6A8-4E7E-B124-BD6122C66E2C}" = HP CoolSense

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110

"{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver

"{97BAD78F-A180-0847-601C-E17FC5B3A2FC}" = Catalyst Control Center Localization All

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery

"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom

"{A41A2E10-D0A8-EDB9-D3F2-9925A5F0622F}" = CCC Help Chinese Traditional

"{A65BE769-2D1F-59E1-B562-5ADBE6580A63}" = CCC Help Greek

"{AAEA701B-847A-B89A-FBB3-3EB57603A031}" = CCC Help Polish

"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10

"{B12DE754-0AB6-9CCF-0F5E-A5FF154BAD1A}" = CCC Help Portuguese

"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform

"{BD083B26-55E0-9946-A54E-5E0DF4EAC842}" = CCC Help Dutch

"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Qualcomm Atheros Driver Installation Program

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C7906616-7599-D41D-0571-05079B1DFF5F}" = CCC Help Finnish

"{CBC80763-5461-9694-40DE-88631826C64E}" = CCC Help Russian

"{CE8C0A62-66A1-06F2-EE0C-B5F18A4902EB}" = CCC Help Turkish

"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker

"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E39D60BC-4AA6-7C3C-EC66-3B9C7C6D0FB4}" = CCC Help English

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E5823036-6F09-4D0A-B05C-E2BAA129288A}" = HP Quick Launch

"{ECD18A31-E89D-AE44-5D47-BC4A4EA3C00C}" = Catalyst Control Center Graphics Previews Common

"{ED991A16-D96E-CE4E-6F8C-026F53F5EED8}" = CCC Help Chinese Standard

"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F243A34B-AB7F-4065-B770-B85B767C247C}" = HP Connected Remote

"{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}" = Energy Star

"{FEFB5F73-1B5D-01F7-2F85-60F841B1B3C7}" = CCC Help Spanish

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"avast" = avast! Free Antivirus

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10

"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8

"InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector

"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"Opera 12.14.1738" = Opera 12.14

"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)

"uTorrent" = µTorrent

"VLC media player" = VLC media player 2.0.5

"WildTangent hp Master Uninstall" = HP Games

"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 2/4/2013 9:58:47 PM | Computer Name = Tran | Source = Application Hang | ID = 1002

Description = The program AvastUI.exe version 7.0.1474.765 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 14a10 Start

Time: 01ce03347ef2bff5 Termination Time: 60000 Application Path: C:\Program Files\AVAST

Software\Avast\AvastUI.exe Report Id: 66fb0e7d-6f37-11e2-be80-38eaa7e7cb85 Faulting

package full name: Faulting package-relative application ID:

Error - 2/5/2013 2:23:01 AM | Computer Name = Tran | Source = Microsoft-Windows-Immersive-Shell | ID = 2486

Description = App Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo did not

launch within its allotted time.

Error - 2/5/2013 2:24:02 AM | Computer Name = Tran | Source = Application Hang | ID = 1002

Description = The program wwahost.exe version 6.2.9200.16420 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 2afc Start

Time: 01ce0369363b5881 Termination Time: 4294967295 Application Path: C:\Windows\system32\wwahost.exe

Report

Id: 7fd5b24a-6f5c-11e2-be80-38eaa7e7cb85 Faulting package full name: Microsoft.ZuneVideo_1.0.927.0_x64__8wekyb3d8bbwe

Faulting

package-relative application ID: Microsoft.ZuneVideo

Error - 2/6/2013 11:17:57 PM | Computer Name = Tran | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/6/2013 11:17:57 PM | Computer Name = Tran | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 61807206

Error - 2/6/2013 11:17:57 PM | Computer Name = Tran | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 61807206

Error - 2/6/2013 11:20:27 PM | Computer Name = Tran | Source = ESENT | ID = 489

Description = taskhostex (11160) WebCacheLocal: An attempt to open the file "C:\Users\Tran

Family\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed

with system error 32 (0x00000020): "The process cannot access the file because

it is being used by another process. ". The open file operation will fail with

error -1032 (0xfffffbf8).

Error - 2/6/2013 11:20:27 PM | Computer Name = Tran | Source = ESENT | ID = 455

Description = taskhostex (11160) WebCacheLocal: Error -1032 (0xfffffbf8) occurred

while opening logfile C:\Users\Tran Family\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error - 2/6/2013 11:20:37 PM | Computer Name = Tran | Source = ESENT | ID = 489

Description = taskhostex (11160) WebCacheLocal: An attempt to open the file "C:\Users\Tran

Family\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed

with system error 32 (0x00000020): "The process cannot access the file because

it is being used by another process. ". The open file operation will fail with

error -1032 (0xfffffbf8).

Error - 2/6/2013 11:20:37 PM | Computer Name = Tran | Source = ESENT | ID = 455

Description = taskhostex (11160) WebCacheLocal: Error -1032 (0xfffffbf8) occurred

while opening logfile C:\Users\Tran Family\AppData\Local\Microsoft\Windows\WebCache\V01.log.

[ System Events ]

Error - 1/31/2013 3:19:07 AM | Computer Name = Tran | Source = cdrom | ID = 262155

Description = The driver detected a controller error on \Device\CdRom0.

Error - 1/31/2013 3:19:07 AM | Computer Name = Tran | Source = cdrom | ID = 262155

Description = The driver detected a controller error on \Device\CdRom0.

Error - 1/31/2013 3:19:07 AM | Computer Name = Tran | Source = cdrom | ID = 262155

Description = The driver detected a controller error on \Device\CdRom0.

Error - 1/31/2013 3:19:07 AM | Computer Name = Tran | Source = cdrom | ID = 262155

Description = The driver detected a controller error on \Device\CdRom0.

Error - 1/31/2013 3:19:07 AM | Computer Name = Tran | Source = cdrom | ID = 262155

Description = The driver detected a controller error on \Device\CdRom0.

Error - 2/4/2013 9:57:00 PM | Computer Name = Tran | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the avast! Antivirus service.

Error - 2/5/2013 3:02:42 AM | Computer Name = Tran | Source = EventLog | ID = 6008

Description = The previous system shutdown at 10:59:06 PM on ?2/?4/?2013 was unexpected.

Error - 2/5/2013 3:02:43 AM | Computer Name = TRAN | Source = BugCheck | ID = 1001

Description =

Error - 2/6/2013 5:54:11 AM | Computer Name = Tran | Source = cdrom | ID = 262155

Description = The driver detected a controller error on \Device\CdRom0.

Error - 2/6/2013 11:18:23 PM | Computer Name = Tran | Source = cdrom | ID = 262155

Description = The driver detected a controller error on \Device\CdRom0.

< End of report >

[fosternguyen]

I have yet to run into any problems with my browser or my computer today but that's probably because I'm not doing as much as I normally would.

[TheDarkKnight]

Good morning fosternguyen,

***Your log shows you have the uTorrent client installed, which is a P2P (Peer-to-Peer) file sharing program.***

I highly recommend that you consider uninstalling it. P2P programs represent a security threat to the information on your system as they allow others to access your system. Just look at the number of high profile compromises in the news as a result of P2P software:

Data about Obama's helicopter breached via P2P?

Leak of congressional ethics document prompts calls for cybersecurity probe

Walter Reed suffers peer-to-peer data breach

Update: Seattle man arrested for p-to-p ID theft

More listed here:

Data Security Threats And Breaches

You should read the link at the bottom of that page:

Why File Sharing Networks Are Dangerous (Dartmouth study, .pdf file)

In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it's often the newest, most difficult to-remove malware. There are many risks associated with P2P programs; none are worth the risks.

If you don't uninstall the P2P software, I will continue to help clean your system, but please realise that it's likely only a matter of time before you are infected again.

=====

Please download Junkware Removal Tool to your Desktop.

• Please close your security software to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete, depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  
• Please post the contents of JRT.txt into your reply.

[fosternguyen]

Here is the report from JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.6.3 (02.12.2013:1)

OS: Windows 8 x64

Ran by Tran Family on Fri 02/15/2013 at 15:55:27.53

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 02/15/2013 at 16:00:33.43

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I've also uninstalled uTorrent from my computer and I don't plan on using any other P2P software. Not worth the risk of infection and the issues that can arise from it.

[TheDarkKnight]

Howdy fosternguyen,

How do things seem on your computer at the moment?

[fosternguyen]

My computer is running a lot smoother and my browser hasn't stalled out on me since before you came and helped me. Thank You.

[TheDarkKnight]

Hello fosternguyen,

Great to hear!

Please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start.
  
• When asked, allow the ActiveX control to install.
  
• Click Start.
  
• Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  
• Click Scan.
  Wait for the scan to finish.
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  
• Copy and paste that log as a reply to this topic.

[fosternguyen]

ESET Scanner is asking me to install the add-on OnlineScanner.cab, is it safe?

[TheDarkKnight]

Hey fosternguyen,

Yes, please proceed.

[fosternguyen]

Hello, sorry for the late reply but here is the log for ESET

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=1

esets_scanner_update returned -1 esets_gle=1

esets_scanner_update returned -1 esets_gle=1

The ESET scan found an infected file

C:\Users\Tran Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\41D6CQEV\cbsidlm-cbsi5_3_0_93-Opera-ORG-10005498.exe a variant of Win32/CNETInstaller.A application

I have yet to take any action with the infected file

[TheDarkKnight]

Hey fosternguyen,

Please download this tool.

Please download TFC to your Desktop.

• Open the file and close any other windows.
  
• It will close all programs itself when run; make sure to let it run uninterrupted.
  
• Click the Start button to begin the process. The program should not take long to finish its job.
  
• Once its finished it should reboot your machine; if not, do this yourself to ensure a complete clean.

=====

Then, please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

[fosternguyen]

Hello,

Here is the report for security check

Results of screen317's Security Check version 0.99.58

x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Antivirus

Windows Defender

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Adobe Flash Player 11.5.502.149

````````Process Check: objlist.exe by Laurent````````

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: %

````````````````````End of Log``````````````````````

[TheDarkKnight]

Good morning fosternguyen,

A little housekeeping to uninstall ComboFix:

Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK:

ComboFix /uninstall

And AdwCleaner:

• Please double click on adwcleaner.exe to run the tool.
  
• Click on Uninstall.
  
• Confirm with Yes.

To remove all of the tools we used and the files and folders they created do the following:

Double click OTL.exe.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Right-click the Recycle Bin and please select Empty Recycle Bin.

=====

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:

IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running the following program (there is a free version available):

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options.

Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates.

Please also read Tony Klein's excellent article: How did I get infected in the first place.

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

[fosternguyen]

Hello TheDarkKnight,

Thanks for helping me out with my computer issues. I was able to uninstall/delete all the security programs used in my computer's analysis. I also installed SpywareBlaster, Web of Trust, and Secunia and I read Tony Klein's article and took all preventive measures mentioned in the article.

My only question is, is it safe to make online transactions now?

[TheDarkKnight]

Good afternoon fosternguyen,

My only question is, is it safe to make online transactions now?

I didn't see any evidence of any nasty infections, so it should be fine.

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!