Several issues, all virus/trojan related? Please help.

[DeviantDe]

Apparently because I sit in front of a computer most of the day and can do basic maintenance and fixes, I am now tech support for everyone I know.  I am not tech support, I do not know enough to be tech support.  So I'm here to beg for the help of some smarter folks. 

The receptionist at work brings me her mothers laptop - "fix it" she says. I ask "what's wrong". She says "It's slow and she can't open excel files and the internet is broken."  I sigh and begin what I think will be some quick issues.  I am incredibly wrong.  There are problems everywhere.  The 1st being that this woman has never updated anything (this includes windows updates), she once had virus software which has long since expired and I suspect she didn't ever use it to scan anything anyway.  So here we go:

This is a Compaq Presario CQ56
Windows 7 Home Premium, 64 bit
Intel Celeron 900 @ 2.20 GHZ
2 gig installed memory

I update windows about 100 times with all the restarting it's forced to do to get to the next update.  Things seems promising until there is a white box covering the center of the screen, I scan through programs to find what's running.  disable the extras one by one and find that her file-share program frostwire, is no longer compatible with the current version of windows, so I happily uninstall that.  I hit up trend micro to use the free scans and removal tools. Take care of all issues that pop up. Restart -  big window pops up telling me there are problems and must use system restore or try to get window to fix itself.  I first choose fix itself.  Computer sits for hours nothing happens, I choose restore... Restore sets us all the way back to service pack 1 on the windows updates.  I run scans again without updating all the windows stuff to see what that will do, all issues are back so I go through that again and restart, get the same restore option.  I update everything again, windows, java, explorer, firefox, everything adobe, etc. Restart and all is seemingly well. I install full internet security software from trend micro, run it, it fixes 3 things. She also had something redirecting her internet searches, that is now gone.  Restart, everything looks good.  Install open office so she can open her excel files since she doesn't have excel and doesn't want to buy it.  Restart again and we are back to the restore option which takes us all the way back to service pack 1 and all the crap back on the computer and all updates and new software gone.  I had created restore points along the way, but it wouldn't use those.  Every time I use any virus removal tool, I get sent back to the beginning.  Also I cannot turn on the firewall, I get some error, and seemed to have misplace whatever I wrote the error # on.  I'll find it later.  I am currently trying to go through all the suggested tools here, ccleaner, ad-aware, spybot, etc.  But I am under the suspicion that this will result in the same things occurring as before. 

So I guess that leaves us with the following issues:
Browser/search redirect
unable to use virus scanners/fixes without being forced to restore- which sets us back to before updates as well no matter that I had restore points and normal restarts in between.
unable to turn on the firewall
and probably more issues that I have yet to come across.

Please let me know what info you need from me to help, or what I should be doing (besides telling her that if she doesn't take it away I'm throwing it out LOL)

Thank you for reading, thank you for your help!

De

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

[DeviantDe]

Thank you Dave.

Thank you for the detailed instructions!  here are the logs for SuperAntiSpyware and Malwarebytes:

--------------------------------------------------------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/09/2012 at 04:14 PM

Application Version : 5.0.1144

Core Rules Database Version : 8222
Trace Rules Database Version: 6034

Scan type       : Complete Scan
Total Scan Time : 01:41:32

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 579
Memory threats detected   : 0
Registry items scanned    : 64460
Registry threats detected : 1
File items scanned        : 289818
File threats detected     : 8

PUP.MyWebSearch
   (x86) HKU\S-1-5-21-2747752953-3380905428-780208627-1000\Software\Microsoft\Internet Explorer\Main#Start Page [ http://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZLxdm389YYus&ptb=3A8AFE50-4429-46DC-9052-39E9A1D12528 ]

Trojan.Agent/Gen-Frauder
   C:\USERS\MARTINALANIZ\APPDATA\LOCAL\KEO.EXE
   C:\USERS\MARTINALANIZ\APPDATA\LOCAL\WXC.EXE
   C:\USERS\MARTINALANIZ\APPDATA\LOCAL\XKP.EXE

PUP.MyWebSearch/FunWebProducts
   C:\USERS\MARTINALANIZ\DOWNLOADS\IWON(1).EXE
   C:\USERS\MARTINALANIZ\DOWNLOADS\IWON(2).EXE
   C:\USERS\MARTINALANIZ\DOWNLOADS\IWON(3).EXE
   C:\USERS\MARTINALANIZ\DOWNLOADS\IWON(4).EXE
   C:\USERS\MARTINALANIZ\DOWNLOADS\IWON.EXE

-------------------------------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.09.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
martinalaniz :: MARTINALANIZ-HP [administrator]

Protection: Enabled

2/9/2012 4:35:47 PM
mbam-log-2012-02-09 (16-35-47).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 353954
Time elapsed: 4 hour(s), 14 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Data: C:\Users\martinalaniz\AppData\Local\67f00e59\X -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 22
C:\Users\martinalaniz\AppData\LocalLow\iWonEI\Installr\Cache\00061DDC.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\martinalaniz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\20f32eec-4c5112ad (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\martinalaniz\Downloads\DictionaryBoss.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
C:\Users\martinalaniz\Downloads\Guffins(1).exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Users\martinalaniz\Downloads\Guffins(2).exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Users\martinalaniz\Downloads\Guffins(3).exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Users\martinalaniz\Downloads\Guffins(4).exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Users\martinalaniz\Downloads\Guffins.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Users\martinalaniz\Downloads\iWon(5).exe (Adware.FunWeb) -> Quarantined and deleted successfully.
C:\Users\martinalaniz\Downloads\iWon(6).exe (Adware.FunWeb) -> Quarantined and deleted successfully.
C:\Users\martinalaniz\Downloads\iWon(7).exe (Adware.FunWeb) -> Quarantined and deleted successfully.
C:\Users\martinalaniz\Downloads\iWon(.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
C:\Users\martinalaniz\Downloads\iWon(9).exe (Adware.FunWeb) -> Quarantined and deleted successfully.
C:\Users\martinalaniz\Downloads\oi_setup(1).exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.
C:\Users\martinalaniz\Downloads\oi_setup.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.
C:\Users\martinalaniz\Downloads\Setup(1).exe (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Users\martinalaniz\Downloads\Setup.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Windows\assembly\tmp\U\000000c0.@ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\assembly\tmp\U\000000cb.@ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\assembly\tmp\U\000000cf.@ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\martinalaniz\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.
C:\Windows\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.

(end)

[DeviantDe]

Here are the DDS and Attach logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by martinalaniz at 21:02:07 on 2012-02-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1979.1074 [GMT -8:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: Interfaces\{AFC762C9-2CB1-4E41-A6AE-93E39F04D764}\05259454451474F4E4A514C454A5 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AFC762C9-2CB1-4E41-A6AE-93E39F04D764}\157756374775966496 : DhcpNameServer = 192.168.9.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{AFC762C9-2CB1-4E41-A6AE-93E39F04D764}\34862796374797D27657563747 : DhcpNameServer = 192.168.0.1 205.171.3.25 192.168.33.1
TCP: Interfaces\{AFC762C9-2CB1-4E41-A6AE-93E39F04D764}\6457E6E697D41607C656D27657563747 : DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
TCP: Interfaces\{AFC762C9-2CB1-4E41-A6AE-93E39F04D764}\65944414C45435 : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64:     0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64:     HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO-X64:     Symantec NCO BHO - No File
BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64:     Ad-Aware Security Toolbar - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO-X64:     Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64:     Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64:     WeCareReminder - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64:     HP Smart BHO Class - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\martinalaniz\AppData\Roaming\Mozilla\Firefox\Profiles\uv3puyf0.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110615.001\IDSviA64.sys [2011-6-15 488056]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-12-1 98208]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-9-17 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-9-28 26680]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-9 652360]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-6-17 1143416]
S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-8 1153368]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]
S4 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
.
=============== Created Last 30 ================
.
2012-02-10 00:34:22   --------   d-----w-   C:\Users\martinalaniz\AppData\Roaming\Malwarebytes
2012-02-10 00:33:55   23152   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2012-02-10 00:33:55   --------   d-----w-   C:\ProgramData\Malwarebytes
2012-02-10 00:33:54   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-09 22:27:26   0   ----a-w-   C:\Windows\SysWow64\shoD03A.tmp
2012-02-09 22:04:49   --------   d-----w-   C:\Users\martinalaniz\AppData\Roaming\SUPERAntiSpyware.com
2012-02-09 22:03:49   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2012-02-09 22:03:49   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2012-02-09 01:14:33   16200   ----a-w-   C:\Windows\stinger.sys
2012-02-09 01:13:31   --------   d-----w-   C:\Program Files (x86)\stinger
2012-02-09 01:12:36   --------   d-----w-   C:\ProgramData\Spybot - Search & Destroy
2012-02-09 01:12:36   --------   d-----w-   C:\Program Files (x86)\Spybot - Search & Destroy
2012-02-09 01:08:35   55384   ----a-w-   C:\Windows\System32\drivers\SBREDrv.sys
2012-02-09 00:57:44   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\adaware
2012-02-09 00:57:43   --------   d-----w-   C:\ProgramData\Ad-Aware Browsing Protection
2012-02-09 00:57:42   --------   d-----w-   C:\Program Files (x86)\Toolbar Cleaner
2012-02-09 00:57:36   --------   d-----w-   C:\Program Files (x86)\adawaretb
2012-02-09 00:57:32   69376   ----a-w-   C:\Windows\System32\drivers\Lbd.sys
2012-02-09 00:57:25   --------   d-----w-   C:\Program Files (x86)\Lavasoft
2012-02-08 23:03:31   --------   d-----w-   C:\Program Files\CCleaner
2012-02-08 21:50:33   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{3588838A-A6AC-42B0-A377-C26F52FE1569}
2012-02-08 21:50:19   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{2201DDAA-0C1B-4D5E-9C6F-DE986AE8CFD0}
2012-02-04 01:01:50   --------   d-----w-   C:\Program Files (x86)\WinPcap
2012-02-03 21:36:54   --------   d-----w-   C:\temp
2012-02-03 21:24:41   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\Trend Micro
2012-02-03 21:15:02   --------   d-----w-   C:\Program Files\Trend Micro
2012-02-03 21:14:11   --------   d-----w-   C:\ProgramData\Trend Micro
2012-02-03 20:59:58   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{8B8E78AA-537E-4B90-B7DB-E33BE4952A6E}
2012-02-03 20:59:45   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{CC046E9F-E6D3-4EAD-95F8-9B4352328A86}
2012-01-31 05:49:57   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{A138E950-8998-4789-BC07-D741A294DCFC}
2012-01-31 05:49:35   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{04827844-1FE5-4CDE-BAA5-C0DBCBC8C338}
2012-01-31 04:30:32   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{85A01AA7-178E-414D-A6D8-1C7F8D50E6B3}
2012-01-31 04:30:07   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{B02D52B1-C121-4C14-9EC4-3F56AC4BDB7E}
2012-01-31 04:21:26   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{CCBCDCD6-A6C1-42D3-9B9F-DB1BB5F9E9CD}
2012-01-29 05:08:34   --------   d-----w-   C:\sh4ldr
2012-01-29 05:08:34   --------   d-----w-   C:\Program Files\Enigma Software Group
2012-01-29 05:07:57   --------   d-----w-   C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-01-29 05:07:54   --------   d-----w-   C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-01-29 04:46:47   102400   ----a-w-   C:\Windows\RegBootClean.exe
2012-01-29 04:30:35   200976   ----a-w-   C:\Windows\SysWow64\drivers\tmcomm.sys
2012-01-29 03:36:31   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{71F553B3-AFC2-4774-A99A-BA0C1798F52C}
2012-01-29 03:36:08   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{CD32C33C-ABD3-4A79-88F0-8C23651374FC}
2012-01-29 03:32:03   0   ----a-w-   C:\Windows\SysWow64\sho228E.tmp
2012-01-29 00:48:10   --------   d-----w-   C:\Windows\System32\SPReview
2012-01-29 00:01:24   --------   d-----w-   C:\Windows\pss
2012-01-27 20:07:56   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{9A13B9F4-D1D5-4D81-9E4B-1DFE897AC9BE}
2012-01-27 20:07:44   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{79117029-4B02-4981-8A2E-4CDAC3D8324D}
2012-01-27 20:05:02   --------   d-----w-   C:\Windows\en
2012-01-27 20:02:25   18328   ----a-w-   C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-27 20:01:22   69464   ----a-w-   C:\Windows\SysWow64\XAPOFX1_3.dll
2012-01-27 20:01:22   515416   ----a-w-   C:\Windows\SysWow64\XAudio2_5.dll
2012-01-27 20:01:21   523088   ----a-w-   C:\Windows\System32\d3dx10_42.dll
2012-01-27 20:01:21   453456   ----a-w-   C:\Windows\SysWow64\d3dx10_42.dll
2012-01-27 20:00:14   4398360   ----a-w-   C:\Windows\System32\d3dx9_32.dll
2012-01-27 20:00:14   3426072   ----a-w-   C:\Windows\SysWow64\d3dx9_32.dll
2012-01-27 19:56:34   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{6D517429-FD31-45D8-9E6A-0B626E2E2CA0}
2012-01-27 19:56:20   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{4B92DD37-CB15-4AA3-BE6E-BB1B41ECE427}
2012-01-27 03:48:26   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{70017FB2-1FE9-4851-B508-E7DEF8E045AC}
2012-01-27 03:48:03   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{937951DF-2D0F-499D-A5E7-374052E41B72}
2012-01-27 03:39:54   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{B1EA5B28-CF00-4424-B0CB-5F1EB9830E4B}
2012-01-27 03:39:41   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{9FB5E2D5-A55A-4E9C-BD8D-23E1EED9ED70}
2012-01-27 03:36:26   --------   d-sh--w-   C:\found.000
2012-01-27 02:30:15   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{943BD91C-1207-411A-8088-8BB1A39C79C5}
2012-01-27 02:30:02   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{BA00931B-EBF6-484E-861C-0306C0DE1E11}
2012-01-27 00:25:53   --------   d-----w-   C:\Windows\System32\EventProviders
2012-01-27 00:07:18   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\Browser Guard
2012-01-27 00:06:55   --------   d-----w-   C:\Program Files (x86)\Trend Micro
2012-01-26 23:39:22   --------   d-----w-   C:\Users\martinalaniz\AppData\Roaming\OpenOffice.org
2012-01-26 23:33:46   --------   d-----w-   C:\Program Files (x86)\OpenOffice.org 3
2012-01-26 22:48:28   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{EE029777-132B-4241-9BEA-9EDA5B313098}
2012-01-26 22:47:51   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{32DEACDA-2B21-429D-A94F-534D9D73A10E}
2012-01-26 20:58:44   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{E5F5E582-D0B5-491A-BE7B-81AB0E1891D3}
2012-01-26 20:58:30   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{B482A80A-87DC-4E98-93B7-C3E64C265CFD}
2012-01-26 14:53:40   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{AC4BA932-2AEF-4452-B1DE-E782F28E5791}
2012-01-26 14:52:43   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{8A1C8B1A-C793-4124-AD6F-24903A914D6C}
2012-01-26 03:42:48   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{A48F6437-53F5-4B1E-8217-FBD8E5E8F080}
2012-01-26 03:42:15   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{A1CFD461-A5A7-41CB-B4D3-0F938F595543}
2012-01-25 22:51:54   --------   d-----w-   C:\Users\martinalaniz\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
2012-01-25 22:51:40   --------   d-----w-   C:\ProgramData\Virtualized Applications
2012-01-25 21:32:14   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{F2169DFC-EA06-430F-9CEA-987F505AF481}
2012-01-25 16:49:13   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{287D7831-0640-49A0-8215-4FF1CE339F86}
2012-01-25 16:48:17   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{12F1382B-1BA3-4FD0-8665-DF04D07AB475}
2012-01-25 04:01:37   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{ED186208-FBA3-4F1A-B9EA-09828A5B0E87}
2012-01-25 04:01:20   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{FD490F5A-0519-433C-AA4F-3E8238F185C0}
2012-01-25 00:59:21   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{B1AA7F8A-6D88-4532-A692-5537AEEAADD5}
2012-01-24 23:22:02   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{7DF5359F-C4B6-4B46-A229-7FC45A414211}
2012-01-24 23:21:40   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{483C5B97-1341-4AB0-A7A5-B18AF984AB4D}
2012-01-24 16:57:54   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{7A0C8815-9897-453B-990B-C5F6748FE403}
2012-01-24 16:57:30   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{660CC90B-2E03-41F7-9FD6-EB0575D522D3}
2012-01-24 08:12:20   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{DFB4671E-9E58-414B-AFCC-62571FD30B3D}
2012-01-24 08:12:05   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{6FD4CB15-91EE-4AA7-B3D2-9BBC370EB6CE}
2012-01-24 04:10:58   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{AE0D18D9-8929-4E00-9A2E-CD119A9D2E16}
2012-01-24 04:10:36   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{3EA004E1-BCB5-42A0-9D97-AB0CA10CAE90}
2012-01-24 02:53:43   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{94D9D201-8228-436F-B00F-79BE7776DE7C}
2012-01-24 02:53:28   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{7290FBE1-F20C-4C78-8A86-96BAA9845399}
2012-01-24 00:06:49   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{794B0D1E-C165-4B40-968F-79A9876F8EFC}
2012-01-24 00:06:30   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{0288B436-82B8-4519-96A2-6C6A31C7EE50}
2012-01-23 16:55:23   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{0CC04E66-5638-47EF-96DA-D595E18DA6E2}
2012-01-23 16:54:09   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{A33925A2-4522-4D42-8E26-E2E42AFE8027}
2012-01-22 19:06:53   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{0D1E072A-ACDE-49EC-BD39-5669A6E1FAA4}
2012-01-22 19:06:14   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{D3F302DD-79E7-4BCD-AEB8-E7119F37D392}
2012-01-22 16:10:00   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{B56298F9-AA30-45F9-8C1C-3E03013A6574}
2012-01-22 16:09:49   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{968BCDC0-77EC-46BA-A391-C6739D763AD1}
2012-01-22 15:42:12   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{1ECE6B21-FDB4-44C6-BE27-3CE70DFAD74E}
2012-01-21 23:55:45   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{D122B988-D342-413C-B051-425BCCD59841}
2012-01-21 22:39:00   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{5DACA47A-92F5-41E6-B9F9-56CD845D9823}
2012-01-21 22:38:45   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{CFA2722E-C328-4827-A854-12D664FD4049}
2012-01-21 19:06:26   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{F8706628-FB41-4B6A-9ABE-5BCDA02D143B}
2012-01-21 19:06:11   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{4173C237-07C4-4EAE-9088-CAAD8A81B9F2}
2012-01-21 16:27:02   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{A6059665-87F4-499C-87A1-02CAA6A2549C}
2012-01-21 03:50:47   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{37B710EF-60D5-4D9F-81EA-B6BD1B5D9733}
2012-01-21 03:47:32   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{EE2A80E6-06BF-488F-A53C-1A91D8B8BC5C}
2012-01-21 00:16:28   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{9BCDED2D-1293-439E-858D-E749BD0A56B4}
2012-01-20 18:40:12   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{70FD5D82-9D50-4292-9FB0-F1357F485A89}
2012-01-20 17:38:33   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{7E80F5D1-4036-48E6-8D60-84995B8DE5C8}
2012-01-20 17:38:09   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{940D90EE-80F9-4BE6-9BCB-6ADAEF385DB6}
2012-01-20 16:43:59   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{B2FDF591-3561-43A1-86E6-C50EBFB2B789}
2012-01-20 02:57:50   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{FBB27A8B-2781-4A38-92CF-3AE12461342A}
2012-01-20 02:57:27   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{455CC995-6706-488F-9A3A-445547C2562F}
2012-01-20 01:29:39   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{EF5DDCF7-F339-4D9F-B8CA-AA875DED0E70}
2012-01-20 01:29:26   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{2AD31B05-C093-4A50-AABC-96981FAD5768}
2012-01-19 23:38:21   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{5172EEE8-DC45-474A-9301-A107EE944E1B}
2012-01-19 22:49:41   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{E15B399F-9833-49D2-9A13-29DFEEF9FCC5}
2012-01-19 22:49:27   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{2C25B580-771D-4E4C-A278-7E4F6F05E85F}
2012-01-19 21:01:39   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{7E339431-51CC-47C6-8B9C-0BDF4542D099}
2012-01-19 21:01:15   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{E77A5094-9328-4036-9596-FF34A25B31A7}
2012-01-19 19:57:09   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{3F294198-CB15-47F5-96C6-425B331F67C2}
2012-01-19 16:26:02   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{63917151-3CBD-4B0A-9133-B0298E45192F}
2012-01-19 16:25:47   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{330B0B89-277D-4CDE-A8B7-671A5F6FB9A8}
2012-01-19 15:25:23   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{0A13E12F-D461-439C-BAE7-F33BADF55C9D}
2012-01-19 15:25:10   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{B7233CED-EB3A-4A2A-998A-8096CEE37387}
2012-01-19 08:40:27   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{54A77E08-94BC-478F-AB95-5455641BEC3E}
2012-01-19 04:16:51   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{EE37139B-2AF4-4F16-BD03-5AFC8A251A0E}
2012-01-19 03:52:03   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{5AD08666-45ED-4F81-A909-06E37F6B0E01}
2012-01-19 03:51:49   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{D144EAA0-001E-4992-B8D0-E06648D85233}
2012-01-18 20:25:12   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{40D10595-4AF0-451E-AA32-9598E91AA44C}
2012-01-18 20:24:16   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{29319CF2-F225-44BF-A0F3-F6F575E94471}
2012-01-18 16:32:45   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{B3208425-E390-49C2-A371-C2DDEAFB8165}
2012-01-18 16:32:20   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{1844A12C-2580-45E7-AF97-BCEC012E336F}
2012-01-18 15:50:50   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{07C478EE-B7A0-46E9-B673-44996D1E5A2F}
2012-01-18 15:50:39   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{0AD0D1AC-A2DC-459A-9691-846757C344C5}
2012-01-18 02:15:34   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{F4DF971E-46C5-489F-B7CA-56D10E251673}
2012-01-17 18:45:02   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{69E146A0-EC18-4B7C-B6A8-F7799682145B}
2012-01-17 18:44:49   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{E4D7948C-0872-480E-9621-108C30DACEE1}
2012-01-17 15:11:09   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{583BE700-520A-40B8-9F4C-3A20FEAE9EC6}
2012-01-17 15:10:55   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{AF971627-D21B-4631-876B-2268A9C91996}
2012-01-17 05:24:15   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{99ADE160-5A3C-43CB-BC05-14BAFAA3EA72}
2012-01-17 05:23:58   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{D9973BA3-2653-4593-8E7D-4B64B55789B9}
2012-01-16 20:48:13   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{421BF1A3-A1D7-485F-B3E1-C15054AA4BCD}
2012-01-16 20:47:56   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{398BC4FD-5D53-458A-AB86-1E7F932801E6}
2012-01-16 17:23:14   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{43269017-FABF-4808-A616-7FC712444088}
2012-01-16 17:22:46   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{D54AF0C1-B76A-419B-A7B8-53652BB0722B}
2012-01-16 16:05:24   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{4B11ACD5-2D1B-4568-BE39-234242340CF5}
2012-01-16 16:05:04   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{D5B96934-5659-458C-B7D6-74901BE08546}
2012-01-16 05:22:15   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{61C7EE98-3A83-47A4-B695-F139333106C0}
2012-01-16 05:21:50   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{A127C81E-2A23-45FD-8382-EFC785CD57FB}
2012-01-16 01:58:48   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{E02A92FA-D00B-4ED9-B524-244038B67EF7}
2012-01-16 01:58:36   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{4FAF5862-3E09-4E8E-9189-8A383BC953A2}
2012-01-16 00:31:29   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{45E1CF5D-AD1B-41A3-9952-645995A87668}
2012-01-16 00:30:57   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{6FFE3FE2-158E-4246-AEED-7CC27B313E69}
2012-01-14 15:45:06   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{00EC8B80-5D3D-4176-BD10-69F5415CB5B9}
2012-01-14 15:44:50   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{7CAC57CC-3916-46A9-A0CD-E4E44FCF20E2}
2012-01-14 06:53:35   0   ----a-w-   C:\Windows\SysWow64\sho1946.tmp
2012-01-14 00:17:20   --------   d-----w-   C:\Program Files (x86)\Masque IGT Slots Little Green Men
2012-01-13 20:21:35   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{87FFF2AA-E5A0-4650-934C-C7BC3BBA4801}
2012-01-13 20:21:19   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{879A8765-99D3-4C1D-9010-A9445E56BEFB}
2012-01-13 15:31:35   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{29EBD7CA-92CE-4BB6-8E7D-F7AD370B131A}
2012-01-13 15:31:22   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{EFD2A365-5D94-45D8-BC02-D5C03A35BC85}
2012-01-13 00:09:59   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{9D8744F9-23B9-411A-8A86-BF39C9166E8F}
2012-01-13 00:09:30   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{30841055-C0A6-4649-A51B-32C6D2812759}
2012-01-12 15:53:04   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{982C79F9-2B39-4B5B-A862-8A7D2E200E95}
2012-01-12 15:52:34   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{7D01A69F-36E4-4D2F-A366-B032F6FC2002}
2012-01-12 02:49:58   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{74BC2F5E-637C-45F7-B63E-0A4A4F34AC0B}
2012-01-12 02:49:45   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{87C73EA6-B859-4CBF-B89F-F5D63A426701}
2012-01-11 18:50:56   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{38EB9F98-C5D5-4A91-8F5D-27D7053CBB5D}
2012-01-11 18:50:44   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{B33130CB-BFAE-45E0-B49E-55FF9F5B5699}
2012-01-11 16:30:01   1328128   ----a-w-   C:\Windows\SysWow64\quartz.dll
2012-01-11 16:30:00   514560   ----a-w-   C:\Windows\SysWow64\qdvd.dll
2012-01-11 16:30:00   366592   ----a-w-   C:\Windows\System32\qdvd.dll
2012-01-11 16:30:00   1572864   ----a-w-   C:\Windows\System32\quartz.dll
2012-01-11 16:29:55   77312   ----a-w-   C:\Windows\System32\packager.dll
2012-01-11 16:29:55   67072   ----a-w-   C:\Windows\SysWow64\packager.dll
2012-01-11 16:28:42   1731920   ----a-w-   C:\Windows\System32\ntdll.dll
2012-01-11 16:28:42   1292080   ----a-w-   C:\Windows\SysWow64\ntdll.dll
2012-01-11 16:03:43   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{926697A8-32DB-40F5-9C1A-F6834082EFB0}
2012-01-11 16:03:30   --------   d-----w-   C:\Users\martinalaniz\AppData\Local\{B3F19E87-5CAB-4072-8467-062E388BD991}
.
==================== Find3M  ====================
.
2012-01-29 04:14:24   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 01:00:13   152576   ----a-w-   C:\Windows\SysWow64\msclmd.dll
2012-01-29 01:00:12   175616   ----a-w-   C:\Windows\System32\msclmd.dll
2011-11-27 21:06:33   0   ----a-w-   C:\Windows\SysWow64\shoC598.tmp
2011-11-24 04:52:09   3145216   ----a-w-   C:\Windows\System32\win32k.sys
2011-11-17 06:49:14   95600   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14   152432   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43   459232   ----a-w-   C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28   395776   ----a-w-   C:\Windows\System32\webio.dll
2011-11-17 06:35:26   29184   ----a-w-   C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26   136192   ----a-w-   C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25   340992   ----a-w-   C:\Windows\System32\schannel.dll
2011-11-17 06:35:25   28160   ----a-w-   C:\Windows\System32\secur32.dll
2011-11-17 06:35:19   1447936   ----a-w-   C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55   31232   ----a-w-   C:\Windows\System32\lsass.exe
2011-11-17 05:35:02   314880   ----a-w-   C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52   224768   ----a-w-   C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 21:04:44.10 ===============

--------------------------------------------------------------------------------------------------------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/24/2011 7:03:22 PM
System Uptime: 2/9/2012 8:58:02 PM (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 1605
Processor: Intel(R) Celeron(R) CPU          900  @ 2.20GHz | CPU | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 214 GiB total, 170.687 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 1.999 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Symantec Iron Driver
Device ID: ROOT\LEGACY_SYMIRON\0000
Manufacturer:
Name: Symantec Iron Driver
PNP Device ID: ROOT\LEGACY_SYMIRON\0000
Service: SymIRON
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart D110 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: BHDrvx64
Device ID: ROOT\LEGACY_BHDRVX64\0000
Manufacturer:
Name: BHDrvx64
PNP Device ID: ROOT\LEGACY_BHDRVX64\0000
Service: BHDrvx64
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
==== System Restore Points ===================
.
RP104: 2/8/2012 4:56:37 PM - Installed Ad-Aware
RP106: 2/8/2012 4:57:15 PM - Installed Ad-Aware
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Ad-Aware
Ad-Aware Security Toolbar
Adobe AIR
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.5
Adobe Shockwave Player 11.6
Agatha Christie - Peril at End House
ASPCA Tri Reminder by We-Care.com
Bejeweled 2 Deluxe
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
BufferChm
Build-a-lot 2
Cake Mania
Chuzzle Deluxe
Compaq Setup Manager
Coupon Printer for Windows
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink YouCam
D110
D3DX10
Destinations
DeviceDiscovery
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Farm Frenzy
FATE
Final Drive Nitro
GPBaseService2
Heroes of Hellas 2 - Olympia
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP MovieStore
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HP Update
HPAppStudio
HPAsset component for HP Active Support Library
HPPhotoGadget
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
Itibiti RTC
Java Auto Updater
Java(TM) 6 Update 21
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Masque IGT Slots Little Green Men
Masque IGT Slots Wolf Run
McAfee Security Scan Plus
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
Norton Internet Security
Norton Online Backup
Penguins!
PhotoNow!
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PS_AIO_07_D110_SW_Min
QuickTransfer
Ralink RT5390 802.11b/g/n WiFi Adapter
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Recovery Manager
RoxioNow Player
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
swMSM
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Virtual Families
Virtual Villagers 4 - The Tree of Life
WebReg
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
2/9/2012 8:59:43 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/9/2012 8:58:47 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  BHDrvx64 SymIRON
2/9/2012 8:58:35 PM, Error: Service Control Manager [7003]  - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
2/9/2012 8:58:34 PM, Error: Service Control Manager [7003]  - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
2/9/2012 8:58:31 PM, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
2/9/2012 8:58:28 PM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
2/9/2012 8:57:43 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
2/9/2012 8:57:13 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
2/9/2012 8:56:43 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
2/9/2012 8:56:13 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
2/9/2012 8:55:43 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
2/9/2012 8:49:38 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.
2/9/2012 8:48:38 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TabletInputService service.
2/9/2012 8:47:07 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
2/9/2012 5:21:06 PM, Error: Disk [11]  - The driver detected a controller error on \...\DR1.
2/9/2012 1:21:24 PM, Error: Service Control Manager [7043]  - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
2/9/2012 1:20:51 PM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
2/9/2012 1:20:50 PM, Error: Service Control Manager [7000]  - The Network Connections service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/9/2012 1:15:19 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/8/2012 4:53:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa80017f9b60, 0xfffff80000b9c4d0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020812-25521-01.
2/8/2012 4:51:11 PM, Error: volsnap [35]  - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
2/8/2012 3:43:05 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RoxioNow Service service.
2/8/2012 1:49:51 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
2/3/2012 5:04:06 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WdiSystemHost service.
2/3/2012 5:04:06 PM, Error: Service Control Manager [7000]  - The Diagnostic System Host service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/3/2012 2:00:32 PM, Error: Service Control Manager [7034]  - The Trend Micro Solution Platform service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================

[SuperDave]

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

Read this article: Danger: Remote Access Trojans.

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one! If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.

I would counsel you to disconnect this PC from the Internet immediately.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall?

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post

[DeviantDe]

Thank you Dave.

She never made any recovery discs and she has no discs from compaq/hp. 
They include something called HP Recovery Manager program on the computer itself. 

It claims that it has this option:
Factory Reset: Removes all partitions, reformats the entire hard drive, re-installs the original operating system, and all the original hardware drivers and software. Also, re-creates the required Recovery partition (normally D:) and UEFI partition (normally E:), and re-installs the required software.
This Factory Reset option returns all of the notebook's software to the condition it was in at the time of purchase. All user changes or additions are removed.

Would it be safe to use this or is it most likely compromised from the trojans as well?
If not I will ask her about ordering the discs.

[SuperDave]

Would it be safe to use this or is it most likely compromised from the trojans as well?

As mentioned earlier, that computer cannot be considered clean but if you don't use it for financial transactions and such we can attempt to clean it.

This Factory Reset option returns all of the notebook's software to the condition it was in at the time of purchase. All user changes or additions are removed.

That's correct. It will restore it to the day it was purchased. No need to order disks. If you choose to go that route, be sure to save all your important data to DVD-RW's and scan them before replacing them with at least two good AV scanners. Please let me know what you decide.

[DeviantDe]

Well she finally got back to me and a Factory Reset is the way we are going.  It is in the process right now. 
Dave, I want to say thank you again for all of your help here. 
I'll mark this as solved as soon as the reset is done, just in case I have any issues before then.