Jump to content

cnote

Members
  • Posts

    18
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks Gringo Alas, threats were found: C:\Qoobox\Quarantine\C\ProgramData\jv8cuvrhmf.exe.vir Win32/Lyposit.A trojan C:\Qoobox\Quarantine\C\Users\Chris\AppData\Local\jv8cuvrhmf.exe.vir Win32/Lyposit.A trojan C:\Qoobox\Quarantine\C\Users\Chris\AppData\Roaming\jv8cuvrhmf.exe.vir Win32/Lyposit.A trojan C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application C:\Users\Chris\Desktop\programs\InstallRARFileOpenKnife.exe a variant of Win32/Somoto.A application C:\Users\Chris\Desktop\programs\itunes\BitZipperH2009.v4872231.TrialSetupEn.exe a variant of Win32/InstallIQ application C:\Users\Chris\Desktop\z.debug.prgm\cbsidlm-tr1_7-HitmanPro_3_64bit-SEO-75110395 (1).exe Win32/DownloadAdmin.D application Thanks ever so much for your time and attention. Please advise next step.
  2. Hi Gringo Thanks again for your throughness and patience. Here's the Log From MBAM Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.04.04 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Chris :: CHRIS-PC [administrator] 3/3/2013 11:57:00 PM mbam-log-2013-03-03 (23-57-00).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 238195 Time elapsed: 2 minute(s), 6 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) report from Hijackthis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:20:54 AM, on 3/4/2013 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\hp\Digital Imaging\bin\HpqSRmon.exe C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Chris\Desktop\HijackThis.exe C:\Windows\sysWow64\SearchProtocolHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing) O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe O4 - HKLM\..\Run: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe -tray O4 - HKLM\..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [Z1] cmd /c "C:\Users\Chris\Desktop\mbar-1.01.0.1021\mbar\mbar.exe" /cleanup /s O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-21-55118117-515544687-1280808464-1006\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-55118117-515544687-1280808464-1006\..\Run: [HPADVISOR] (User 'UpdatusUser') O4 - HKUS\S-1-5-21-55118117-515544687-1280808464-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: AD Blocker Service (ADBlockerSrv) - Unknown owner - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Anvi Smart Defender Realtime Guard Service (asdsrv) - Anvisoft - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: digiSPTIService - Avid Technology, Inc. - C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe O23 - Service: DTBService - Unknown owner - C:\Program Files (x86)\DVRMSToolbox\DTBFWService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP Easy Backup Button Service (HPBtnSrv) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15247 bytes Also, when I ran the Revo Uninstaller I recieved a message confirming it removed all instances of the p2p uTorrent yet i till still have a uTorrent shortcut on my desktop? Many Thanks.
  3. As per instructions: Update for Microsoft Office 2007 (KB2508958) µTorrent 5600 Acrobat.com Activate Norton Online Backup Activation Assistant for the 2007 Microsoft Office suites ActiveCheck component for HP Active Support Library AD Blocker Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Elements 7.0 Adobe Photoshop.com Inspiration Browser Adobe Reader X (10.1.6) AIO_CDB_ProductContext AIO_CDB_Software AIO_Scan Anvi Smart Defender 1.8 Apple Application Support Apple Software Update ArcSoft VideoImpression 2 ArcSoft WebCam Companion 2 Avid Pro Tools LE 8.0.5 BufferChm Button Manager C4700 Camersoft Skype Video Recorder 2.2.18 Compatibility Pack for the 2007 Office system Copy Coupon Printer for Windows CyberLink DVD Suite Deluxe Destinations DeviceDiscovery Digidesign Pro Tools LE 7.1 DirectX for Managed Code Update (Summer 2004) DiskAid 3.11 DocProc DVRMSToolbox Fax Final Draft Free DigiRack Plug-Ins 8.0.5 Free MP3 Sound Recorder v1.9 Google Toolbar for Internet Explorer Google Update Helper GPBaseService2 Hewlett-Packard ACLM.NET v1.1.0.0 Homepage Protection HP Advisor HP Customer Experience Enhancements HP Easy Backup HP Games HP MediaSmart Demo HP MediaSmart DVD HP MediaSmart Movie Themes HP MediaSmart Music/Photo/Video HP Odometer HP Photo Creations HP Product Detection HP Remote Solution HP Setup HP Support Assistant HP Support Information HP Update HP Webcam User's Guide HPAsset component for HP Active Support Library HPDiagnosticAlert HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply Instagram Bot Intel® Rapid Storage Technology InterLok Driver Kit ITCH iTunesDSM Java Auto Updater Java 6 Update 24 LabelPrint LightScribe System Software LoudMo Contextual Ad Assistant Malwarebytes Anti-Malware version 1.65.0.1400 MarkelSoft Dupe Eliminator for iTunes 9.2 MarketResearch Microsoft Live Search Toolbar Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Standard 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Works MIDI-OX MIDI Updater 1.0 Moleskinsoft Clone Remover 3.8 Mozilla Firefox (3.5.9) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MusicBrainz Picard NoClone 2010 Free Edition NVIDIA PhysX NVIDIA Stereoscopic 3D Driver NVIDIA StereoUSB Driver PhotoshopdotcomInspirationBrowser PictureMover Power2Go PowerDirector PowerRecover PS_AIO_06_C4700_SW_Min QuickTime QuickTransfer RAR File Open Knife - Free Opener Realtek High Definition Audio Driver Safari Scan Search Toolbar Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition SharewarePile iPodManager 1.0.0.2 ShowAnalyzerSuite ShufflePlusVLOI Skype Toolbars Skype™ 5.3 SmartWebPrinting SolutionCenter Spotify Status Toolbox TrayApp UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VC80CRTRedist - 8.0.50727.6195 VLC media player 1.1.8 VZAccess Manager WebReg Many Thanks Any other suggestions?
  4. for anyone still following this thread, i ended up bringing up a screen shot of the control panel on an adjacent laptop. i located the corresponding icon (since names and descriptions were not appearing due to the white background/prompt boxes/message windows). then i found the scroll up down arrow and drug it down to the 'basic and high contrast themes.' I clicked on 'windows 7 basic' and viola!! hope this helps someone. Thanks Gringo for your sage advice!
  5. <p><span style="color: rgb(0, 0, 0); font-family: Noteworthy-Light; font-size: 15px; line-height: 22px; ">for anyone still following this thread, i ended up bringing up a </span><span style="color: rgb(0, 0, 0); font-family: Noteworthy-Light; font-size: 15px; line-height: 22px; ">screen shot of </span><span style="color: rgb(0, 0, 0); font-family: Noteworthy-Light; font-size: 15px; line-height: 22px; ">the control panel on an adjacent laptop. i located the corresponding icon (since names and descriptions were not appearing due to the white background/prompt boxes/message windows). then i found the scroll up down arrow and drug it down to the 'basic and high contrast themes.' I clicked on 'windows 7 basic' and viola!! hope this helps someone.</span></p> <div style="color: rgb(0, 0, 0); font-family: Noteworthy-Light; font-size: 15px; ">Thanks Gringo for your sage advice!</div>
  6. huh? that's strange. it is now booting in normal mode?! Although the screen still appears just as fragmented as when i've been booting in 'safe mode with command prompt'? reference: ["simply reading ANY screen proves difficult, as i have to make sense of what the software prompts/ menus say by using screen shots (for corresponding software) on an adjacent laptop, in order to navigate to where correct buttons are located (i.e. 'next' , 'o.k.'. etc)" this was in reference to everything [screen prompt, window, explorer etc] while operating in safe mode with command prompt."] everything appears to be flushed out with 'white' & 'white background' Although, the desktop icons are visible and i can vaguely make out what items are on the start menu... Please advise next move. I am truly grateful for your help thus far!!
  7. I saved the script in desktop, drug it into Combofix and re-scaned. Here is the results: ComboFix 13-03-02.01 - Chris 03/03/2013 10:00:06.2.8 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.9207.7945 [GMT -8:00] Running from: c:\users\Chris\Desktop\ComboFix.exe Command switches used :: c:\users\Chris\Desktop\CFScript.txt AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2013-02-03 to 2013-03-03 ))))))))))))))))))))))))))))))) . . 2013-03-03 18:07 . 2013-03-03 18:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-03-03 18:07 . 2013-03-03 18:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-02 05:21 . 2012-11-07 07:16 17232 ----a-w- c:\windows\system32\drivers\asdws.sys 2013-03-02 05:21 . 2012-11-07 07:16 23376 ----a-w- c:\windows\system32\drivers\asdrs.sys 2013-03-02 05:21 . 2012-11-07 07:16 18768 ----a-w- c:\windows\system32\drivers\asdrm.sys 2013-03-02 05:21 . 2013-03-02 05:21 -------- d-----w- c:\programdata\Anvisoft 2013-03-02 05:21 . 2013-03-02 05:21 -------- d-----w- c:\program files (x86)\Anvisoft 2013-03-02 03:01 . 2013-03-02 03:01 -------- d-----w- c:\programdata\MFAData 2013-03-02 03:01 . 2013-03-02 03:01 -------- d--h--w- c:\programdata\Common Files 2013-03-02 03:01 . 2013-03-02 03:01 -------- d-----w- c:\users\Chris\AppData\Local\MFAData 2013-03-02 03:01 . 2013-03-02 03:01 -------- d-----w- c:\users\Chris\AppData\Local\Avg2013 2013-03-02 00:59 . 2013-03-02 00:59 -------- d---a-w- C:\$Anvi Rescue Disk$ 2013-03-02 00:33 . 2013-03-02 09:44 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2013-03-01 20:18 . 2013-03-01 20:18 -------- d-----w- C:\FRST 2013-02-27 08:14 . 2013-02-27 08:14 16473456 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-02-25 06:52 . 2013-02-25 06:52 -------- d-----w- c:\users\Chris\AppData\Local\DDMSettings 2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll 2013-02-12 01:03 . 2013-02-12 01:03 -------- d-----w- C:\found.003 2013-02-08 07:03 . 2013-02-08 07:03 -------- d-----w- C:\found.001 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-27 08:14 . 2012-04-10 00:04 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-27 08:14 . 2011-06-08 16:44 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-14 05:01 . 2009-12-21 07:16 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2013-02-13 05:16 . 2010-01-29 03:52 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2013-02-13 05:07 . 2009-12-21 07:16 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2013-02-13 05:07 . 2010-06-03 03:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2013-01-27 04:36 . 2010-05-19 03:12 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2013-01-27 04:36 . 2010-05-19 03:12 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-12-29 10:54 . 2012-12-29 10:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-12-29 10:34 . 2013-01-21 18:27 9389888 ----a-w- c:\windows\system32\nvcuda.dll 2012-12-29 10:34 . 2013-01-21 18:27 7931896 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-12-29 10:34 . 2013-01-21 18:27 7565240 ----a-w- c:\windows\system32\nvopencl.dll 2012-12-29 10:34 . 2013-01-21 18:27 6263784 ----a-w- c:\windows\SysWow64\nvopencl.dll 2012-12-29 10:34 . 2013-01-21 18:27 2904504 ----a-w- c:\windows\system32\nvcuvid.dll 2012-12-29 10:34 . 2013-01-21 18:27 2720696 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-12-29 10:34 . 2013-01-21 18:27 26931128 ----a-w- c:\windows\system32\nvoglv64.dll 2012-12-29 10:34 . 2013-01-21 18:27 25256376 ----a-w- c:\windows\system32\nvcompiler.dll 2012-12-29 10:34 . 2013-01-21 18:27 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-12-29 10:34 . 2013-01-21 18:27 2344888 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-12-29 10:34 . 2013-01-21 18:27 20450232 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-12-29 10:34 . 2013-01-21 18:27 1985976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-12-29 10:34 . 2013-01-21 18:27 1813432 ----a-w- c:\windows\system32\nvdispco64.dll 2012-12-29 10:34 . 2013-01-21 18:27 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-12-29 10:34 . 2013-01-21 18:27 17560504 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-12-29 10:34 . 2013-01-21 18:27 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-12-29 10:34 . 2013-01-21 18:27 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-12-29 10:34 . 2013-01-21 18:27 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-12-29 10:34 . 2013-01-21 18:27 10997176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-12-29 10:34 . 2009-09-15 19:52 2824656 ----a-w- c:\windows\system32\nvapi64.dll 2012-12-29 10:34 . 2009-08-14 11:14 12641120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-12-29 08:40 . 2010-03-25 06:44 6382008 ----a-w- c:\windows\system32\nvcpl.dll 2012-12-29 08:40 . 2010-03-25 06:44 3455416 ----a-w- c:\windows\system32\nvsvc64.dll 2012-12-29 08:40 . 2010-03-25 06:44 884152 ----a-w- c:\windows\system32\nvvsvc.exe 2012-12-29 08:40 . 2010-03-25 06:44 118712 ----a-w- c:\windows\system32\nvmctray.dll 2012-12-29 08:40 . 2009-06-27 00:00 63928 ----a-w- c:\windows\system32\nvshext.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}] 2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{0C8413C1-FAD1-446C-8584-BE50576F863E}"= "c:\program files (x86)\Search Toolbar\tbcore3.dll" [bU] . [HKEY_CLASSES_ROOT\clsid\{0c8413c1-fad1-446c-8584-be50576f863e}] [HKEY_CLASSES_ROOT\TBSB05974.TBSB05974.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\TBSB05974.TBSB05974] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280] "com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-09-05 59280] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-23 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952] "ADBlocker"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe" [2012-12-21 979816] "Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-12-21 1434984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . R1 asdnet;asdnet;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2012-09-07 19280] R1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys [2012-11-07 18768] R2 ADBlockerSrv;AD Blocker Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2012-11-13 279368] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312] R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys [2012-11-07 23376] R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-21 735592] R2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys [2012-11-07 17232] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 21520] R2 DTBService;DTBService;c:\program files (x86)\DVRMSToolbox\DTBFWService.exe [2010-01-13 8192] R2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416] R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2008-12-04 162832] R3 DGUSBAP;Service for Digidesign Mbox2 (WDM);c:\windows\system32\DRIVERS\dgmbx2.sys [2011-02-13 194864] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-12 287960] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928] R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2008-12-04 32400] R3 NUMARK_NS6_MIDI;Numark NS6 MIDI device;c:\windows\system32\drivers\ns6_midi.sys [2012-11-10 31296] R3 NUMARK_NS6_USB;Numark NS6 USB driver service;c:\windows\system32\Drivers\ns6_usb.sys [2012-11-10 416320] R3 NUMARK_NS6_WDM;Numark NS6 WDM device;c:\windows\system32\drivers\ns6_wdm.sys [2012-11-10 54336] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-10 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856] S0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\System32\drivers\SMR250.SYS [2012-03-18 96376] S3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;c:\windows\system32\DRIVERS\dgmbx2fu.sys [2011-02-13 32944] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 08:14] . 2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 05:48] . 2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 05:48] . 2013-02-12 c:\windows\Tasks\HPCeeScheduleForChris.job - c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-09-15 21:38] . 2013-02-14 c:\windows\Tasks\PCDRScheduledMaintenance.job - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt mStart Page = hxxp://search.myheritage.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\ FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/ FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q= FF - Ext: LoudMo Contextual Ad Assistant: {158add88-df90-3fd8-e66d-1d794ef4109e} - c:\program files (x86)\Mozilla Firefox\extensions\{158add88-df90-3fd8-e66d-1d794ef4109e} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-4g0_SkAiMSrNe5 - c:\windows\system32\4g0_SkAiMSrNe5.exe AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-03 10:09:57 ComboFix-quarantined-files.txt 2013-03-03 18:09 ComboFix2.txt 2013-03-03 17:11 . Pre-Run: 708,666,429,440 bytes free Post-Run: 708,579,418,112 bytes free . - - End Of File - - 515DF3C107F833C327456937020497B1 Also, when i stated earlier that "simply reading ANY screen proves difficult, as i have to make sense of what the software prompts/ menus say by using screen shots (for corresponding software) on an adjacent laptop, in order to navigate to where correct buttons are located (i.e. 'next' , 'o.k.'. etc)" this was in reference to everything [screen prompt, window, explorer etc] while operating in safe mode with command prompt. Thank you for your continued guidance and support!
  8. ComboFix 13-03-02.01 - Chris 03/03/2013 8:57.1.8 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.9207.8270 [GMT -8:00] Running from: c:\users\Chris\Desktop\ComboFix.exe AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\1538587.bat c:\programdata\1538587.pad c:\programdata\1538587.reg c:\programdata\3714350546BC48A6006D3713C83A914C c:\programdata\3714350546BC48A6006D3713C83A914C\3714350546BC48A6006D3713C83A914C c:\programdata\3714350546BC48A6006D3713C83A914C\3714350546BC48A6006D3713C83A914C.ico c:\programdata\jv8cuvrhmf.exe c:\users\Chris\AppData\Local\jv8cuvrhmf.exe c:\users\Chris\AppData\Roaming\jv8cuvrhmf.exe c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\searchplugins\bing-zugo.xml c:\users\Public\Documents\~WRL2687.tmp c:\users\Public\Documents\~WRL3057.tmp c:\users\Public\Documents\~WRL3655.tmp c:\users\Public\Documents\Documents\~WRL0005.tmp c:\users\Public\Documents\Documents\~WRL0078.tmp c:\users\Public\Documents\Documents\~WRL1217.tmp c:\users\Public\Documents\Documents\~WRL1450.tmp c:\users\Public\Documents\Documents\~WRL1774.tmp c:\users\Public\Documents\Documents\~WRL2055.tmp c:\users\Public\Documents\Documents\~WRL2071.tmp . . ((((((((((((((((((((((((( Files Created from 2013-02-03 to 2013-03-03 ))))))))))))))))))))))))))))))) . . 2013-03-03 17:07 . 2013-03-03 17:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-03-03 17:07 . 2013-03-03 17:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-02 05:21 . 2012-11-07 07:16 17232 ----a-w- c:\windows\system32\drivers\asdws.sys 2013-03-02 05:21 . 2012-11-07 07:16 23376 ----a-w- c:\windows\system32\drivers\asdrs.sys 2013-03-02 05:21 . 2012-11-07 07:16 18768 ----a-w- c:\windows\system32\drivers\asdrm.sys 2013-03-02 05:21 . 2013-03-02 05:21 -------- d-----w- c:\programdata\Anvisoft 2013-03-02 05:21 . 2013-03-02 05:21 -------- d-----w- c:\program files (x86)\Anvisoft 2013-03-02 03:01 . 2013-03-02 03:01 -------- d-----w- c:\programdata\MFAData 2013-03-02 03:01 . 2013-03-02 03:01 -------- d--h--w- c:\programdata\Common Files 2013-03-02 03:01 . 2013-03-02 03:01 -------- d-----w- c:\users\Chris\AppData\Local\MFAData 2013-03-02 03:01 . 2013-03-02 03:01 -------- d-----w- c:\users\Chris\AppData\Local\Avg2013 2013-03-02 00:59 . 2013-03-02 00:59 -------- d---a-w- C:\$Anvi Rescue Disk$ 2013-03-02 00:33 . 2013-03-02 09:44 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2013-03-01 20:18 . 2013-03-01 20:18 -------- d-----w- C:\FRST 2013-02-27 08:14 . 2013-02-27 08:14 16473456 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-02-25 06:52 . 2013-02-25 06:52 -------- d-----w- c:\users\Chris\AppData\Local\DDMSettings 2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll 2013-02-12 01:03 . 2013-02-12 01:03 -------- d-----w- C:\found.003 2013-02-08 07:03 . 2013-02-08 07:03 -------- d-----w- C:\found.001 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-27 08:14 . 2012-04-10 00:04 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-27 08:14 . 2011-06-08 16:44 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-14 05:01 . 2009-12-21 07:16 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2013-02-13 05:16 . 2010-01-29 03:52 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2013-02-13 05:07 . 2009-12-21 07:16 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2013-02-13 05:07 . 2010-06-03 03:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2013-01-27 04:36 . 2010-05-19 03:12 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2013-01-27 04:36 . 2010-05-19 03:12 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-12-29 10:54 . 2012-12-29 10:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-12-29 10:34 . 2013-01-21 18:27 9389888 ----a-w- c:\windows\system32\nvcuda.dll 2012-12-29 10:34 . 2013-01-21 18:27 7931896 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-12-29 10:34 . 2013-01-21 18:27 7565240 ----a-w- c:\windows\system32\nvopencl.dll 2012-12-29 10:34 . 2013-01-21 18:27 6263784 ----a-w- c:\windows\SysWow64\nvopencl.dll 2012-12-29 10:34 . 2013-01-21 18:27 2904504 ----a-w- c:\windows\system32\nvcuvid.dll 2012-12-29 10:34 . 2013-01-21 18:27 2720696 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-12-29 10:34 . 2013-01-21 18:27 26931128 ----a-w- c:\windows\system32\nvoglv64.dll 2012-12-29 10:34 . 2013-01-21 18:27 25256376 ----a-w- c:\windows\system32\nvcompiler.dll 2012-12-29 10:34 . 2013-01-21 18:27 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-12-29 10:34 . 2013-01-21 18:27 2344888 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-12-29 10:34 . 2013-01-21 18:27 20450232 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-12-29 10:34 . 2013-01-21 18:27 1985976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-12-29 10:34 . 2013-01-21 18:27 1813432 ----a-w- c:\windows\system32\nvdispco64.dll 2012-12-29 10:34 . 2013-01-21 18:27 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-12-29 10:34 . 2013-01-21 18:27 17560504 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-12-29 10:34 . 2013-01-21 18:27 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-12-29 10:34 . 2013-01-21 18:27 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-12-29 10:34 . 2013-01-21 18:27 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-12-29 10:34 . 2013-01-21 18:27 10997176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-12-29 10:34 . 2009-09-15 19:52 2824656 ----a-w- c:\windows\system32\nvapi64.dll 2012-12-29 10:34 . 2009-08-14 11:14 12641120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-12-29 08:40 . 2010-03-25 06:44 6382008 ----a-w- c:\windows\system32\nvcpl.dll 2012-12-29 08:40 . 2010-03-25 06:44 3455416 ----a-w- c:\windows\system32\nvsvc64.dll 2012-12-29 08:40 . 2010-03-25 06:44 884152 ----a-w- c:\windows\system32\nvvsvc.exe 2012-12-29 08:40 . 2010-03-25 06:44 118712 ----a-w- c:\windows\system32\nvmctray.dll 2012-12-29 08:40 . 2009-06-27 00:00 63928 ----a-w- c:\windows\system32\nvshext.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}] 2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280] "com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-09-05 59280] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-23 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952] "ADBlocker"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe" [2012-12-21 979816] "Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-12-21 1434984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . R1 asdnet;asdnet;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2012-09-07 19280] R1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys [2012-11-07 18768] R2 ADBlockerSrv;AD Blocker Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2012-11-13 279368] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312] R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys [2012-11-07 23376] R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-21 735592] R2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys [2012-11-07 17232] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 21520] R2 DTBService;DTBService;c:\program files (x86)\DVRMSToolbox\DTBFWService.exe [2010-01-13 8192] R2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416] R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2008-12-04 162832] R3 DGUSBAP;Service for Digidesign Mbox2 (WDM);c:\windows\system32\DRIVERS\dgmbx2.sys [2011-02-13 194864] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-12 287960] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928] R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2008-12-04 32400] R3 NUMARK_NS6_MIDI;Numark NS6 MIDI device;c:\windows\system32\drivers\ns6_midi.sys [2012-11-10 31296] R3 NUMARK_NS6_USB;Numark NS6 USB driver service;c:\windows\system32\Drivers\ns6_usb.sys [2012-11-10 416320] R3 NUMARK_NS6_WDM;Numark NS6 WDM device;c:\windows\system32\drivers\ns6_wdm.sys [2012-11-10 54336] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-10 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856] S0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\System32\drivers\SMR250.SYS [2012-03-18 96376] S3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;c:\windows\system32\DRIVERS\dgmbx2fu.sys [2011-02-13 32944] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 08:14] . 2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 05:48] . 2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 05:48] . 2013-02-12 c:\windows\Tasks\HPCeeScheduleForChris.job - c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-09-15 21:38] . 2013-02-14 c:\windows\Tasks\PCDRScheduledMaintenance.job - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt mStart Page = hxxp://search.myheritage.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\ FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/ FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q= FF - Ext: LoudMo Contextual Ad Assistant: {158add88-df90-3fd8-e66d-1d794ef4109e} - c:\program files (x86)\Mozilla Firefox\extensions\{158add88-df90-3fd8-e66d-1d794ef4109e} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files (x86)\Search Toolbar\tbcore3.dll Wow6432Node-HKLM-Run-<NO NAME> - (no file) WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file) AddRemove-4g0_SkAiMSrNe5 - c:\windows\system32\4g0_SkAiMSrNe5.exe AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-03 09:10:59 ComboFix-quarantined-files.txt 2013-03-03 17:10 . Pre-Run: 708,977,143,808 bytes free Post-Run: 708,577,980,416 bytes free . - - End Of File - - 2C1BC04D1639D3E39D8A89DCEA4A7A8D
  9. don't know why it's sending it to you in that weird format? the log looks normal when i copy and paste it into here, but changes into "<div>'s" after i press the 'post' button? Awaiting your next instruction... Thanks again for your patience and generosity.
  10. <p> </p> <div>ComboFix 13-03-02.01 - Chris 03/03/2013 8:57.1.8 - x64 MINIMAL</div> <div>Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.9207.8270 [GMT -8:00]</div> <div>Running from: c:\users\Chris\Desktop\ComboFix.exe</div> <div>AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}</div> <div>FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}</div> <div>SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}</div> <div>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div> <div> * Created a new restore point</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>c:\programdata\1538587.bat</div> <div>c:\programdata\1538587.pad</div> <div>c:\programdata\1538587.reg</div> <div>c:\programdata\3714350546BC48A6006D3713C83A914C</div> <div>c:\programdata\3714350546BC48A6006D3713C83A914C\3714350546BC48A6006D3713C83A914C</div> <div>c:\programdata\3714350546BC48A6006D3713C83A914C\3714350546BC48A6006D3713C83A914C.ico</div> <div>c:\programdata\jv8cuvrhmf.exe</div> <div>c:\users\Chris\AppData\Local\jv8cuvrhmf.exe</div> <div>c:\users\Chris\AppData\Roaming\jv8cuvrhmf.exe</div> <div>c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\searchplugins\bing-zugo.xml</div> <div>c:\users\Public\Documents\~WRL2687.tmp</div> <div>c:\users\Public\Documents\~WRL3057.tmp</div> <div>c:\users\Public\Documents\~WRL3655.tmp</div> <div>c:\users\Public\Documents\Documents\~WRL0005.tmp</div> <div>c:\users\Public\Documents\Documents\~WRL0078.tmp</div> <div>c:\users\Public\Documents\Documents\~WRL1217.tmp</div> <div>c:\users\Public\Documents\Documents\~WRL1450.tmp</div> <div>c:\users\Public\Documents\Documents\~WRL1774.tmp</div> <div>c:\users\Public\Documents\Documents\~WRL2055.tmp</div> <div>c:\users\Public\Documents\Documents\~WRL2071.tmp</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((( Files Created from 2013-02-03 to 2013-03-03 )))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>2013-03-03 17:07 . 2013-03-03 17:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\UpdatusUser\AppData\Local\temp</div> <div>2013-03-03 17:07 . 2013-03-03 17:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div> <div>2013-03-02 05:21 . 2012-11-07 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>17232<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\asdws.sys</div> <div>2013-03-02 05:21 . 2012-11-07 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>23376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\asdrs.sys</div> <div>2013-03-02 05:21 . 2012-11-07 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>18768<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\asdrm.sys</div> <div>2013-03-02 05:21 . 2013-03-02 05:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Anvisoft</div> <div>2013-03-02 05:21 . 2013-03-02 05:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Anvisoft</div> <div>2013-03-02 03:01 . 2013-03-02 03:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\MFAData</div> <div>2013-03-02 03:01 . 2013-03-02 03:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d--h--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Common Files</div> <div>2013-03-02 03:01 . 2013-03-02 03:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Chris\AppData\Local\MFAData</div> <div>2013-03-02 03:01 . 2013-03-02 03:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Chris\AppData\Local\Avg2013</div> <div>2013-03-02 00:59 . 2013-03-02 00:59<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d---a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\$Anvi Rescue Disk$</div> <div>2013-03-02 00:33 . 2013-03-02 09:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d---a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Kaspersky Rescue Disk 10.0</div> <div>2013-03-01 20:18 . 2013-03-01 20:18<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\FRST</div> <div>2013-02-27 08:14 . 2013-02-27 08:14<span class="Apple-tab-span" style="white-space:pre"> </span>16473456<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerInstaller.exe</div> <div>2013-02-25 06:52 . 2013-02-25 06:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Chris\AppData\Local\DDMSettings</div> <div>2013-02-15 22:31 . 2013-02-15 22:31<span class="Apple-tab-span" style="white-space:pre"> </span>186432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll</div> <div>2013-02-15 22:31 . 2013-02-15 22:31<span class="Apple-tab-span" style="white-space:pre"> </span>186432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll</div> <div>2013-02-12 01:03 . 2013-02-12 01:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\found.003</div> <div>2013-02-08 07:03 . 2013-02-08 07:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\found.001</div> <div>.</div> <div>.</div> <div>.</div> <div>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>2013-02-27 08:14 . 2012-04-10 00:04<span class="Apple-tab-span" style="white-space:pre"> </span>691568<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerApp.exe</div> <div>2013-02-27 08:14 . 2011-06-08 16:44<span class="Apple-tab-span" style="white-space:pre"> </span>71024<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerCPLApp.cpl</div> <div>2013-02-14 05:01 . 2009-12-21 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>737072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll</div> <div>2013-02-13 05:16 . 2010-01-29 03:52<span class="Apple-tab-span" style="white-space:pre"> </span>737072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll</div> <div>2013-02-13 05:07 . 2009-12-21 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>2876528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll</div> <div>2013-02-13 05:07 . 2010-06-03 03:55<span class="Apple-tab-span" style="white-space:pre"> </span>42776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll</div> <div>2013-01-27 04:36 . 2010-05-19 03:12<span class="Apple-tab-span" style="white-space:pre"> </span>2876528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll</div> <div>2013-01-27 04:36 . 2010-05-19 03:12<span class="Apple-tab-span" style="white-space:pre"> </span>42776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll</div> <div>2012-12-29 10:54 . 2012-12-29 10:54<span class="Apple-tab-span" style="white-space:pre"> </span>550328<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvStreaming.exe</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>9389888<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcuda.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>7931896<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvcuda.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>7565240<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvopencl.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>6263784<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvopencl.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>2904504<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcuvid.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>2720696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvcuvid.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>26931128<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvoglv64.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>25256376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcompiler.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>2504248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvapi.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>2344888<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcuvenc.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>20450232<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvoglv32.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>1985976<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvcuvenc.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>1813432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvdispco64.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>18054312<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvd3dumx.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>17560504<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvcompiler.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>15129064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvd3dum.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>15052368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvwgf2umx.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>1504696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvdispgenco64.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>10997176<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\nvlddmkm.sys</div> <div>2012-12-29 10:34 . 2009-09-15 19:52<span class="Apple-tab-span" style="white-space:pre"> </span>2824656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvapi64.dll</div> <div>2012-12-29 10:34 . 2009-08-14 11:14<span class="Apple-tab-span" style="white-space:pre"> </span>12641120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvwgf2um.dll</div> <div>2012-12-29 08:40 . 2010-03-25 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>6382008<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcpl.dll</div> <div>2012-12-29 08:40 . 2010-03-25 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>3455416<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvsvc64.dll</div> <div>2012-12-29 08:40 . 2010-03-25 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>884152<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvvsvc.exe</div> <div>2012-12-29 08:40 . 2010-03-25 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>118712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvmctray.dll</div> <div>2012-12-29 08:40 . 2009-06-27 00:00<span class="Apple-tab-span" style="white-space:pre"> </span>63928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvshext.dll</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>*Note* empty entries & legit default entries are not shown </div> <div>REGEDIT4</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]</div> <div>2009-06-08 21:41<span class="Apple-tab-span" style="white-space:pre"> </span>120104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll</div> <div>.</div> <div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]</div> <div>"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-09-05 59280]</div> <div>"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-23 39408]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</div> <div>"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]</div> <div>"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]</div> <div>"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]</div> <div>"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]</div> <div>"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]</div> <div>"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]</div> <div>"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]</div> <div>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]</div> <div>"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]</div> <div>"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]</div> <div>"ADBlocker"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe" [2012-12-21 979816]</div> <div>"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-12-21 1434984]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div> <div>"ConsentPromptBehaviorAdmin"= 5 (0x5)</div> <div>"ConsentPromptBehaviorUser"= 3 (0x3)</div> <div>"EnableUIADesktopToggle"= 0 (0x0)</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]</div> <div>@=""</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]</div> <div>@=""</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]</div> <div>@=""</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]</div> <div>@=""</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]</div> <div>@="Service"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\security center]</div> <div>"AntiVirusOverride"=dword:00000001</div> <div>"FirewallOverride"=dword:00000001</div> <div>.</div> <div>R1 asdnet;asdnet;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2012-09-07 19280]</div> <div>R1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys [2012-11-07 18768]</div> <div>R2 ADBlockerSrv;AD Blocker Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2012-11-13 279368]</div> <div>R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]</div> <div>R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys [2012-11-07 23376]</div> <div>R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-21 735592]</div> <div>R2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys [2012-11-07 17232]</div> <div>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]</div> <div>R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 21520]</div> <div>R2 DTBService;DTBService;c:\program files (x86)\DVRMSToolbox\DTBFWService.exe [2010-01-13 8192]</div> <div>R2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]</div> <div>R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]</div> <div>R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]</div> <div>R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]</div> <div>R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]</div> <div>R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2008-12-04 162832]</div> <div>R3 DGUSBAP;Service for Digidesign Mbox2 (WDM);c:\windows\system32\DRIVERS\dgmbx2.sys [2011-02-13 194864]</div> <div>R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-12 287960]</div> <div>R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]</div> <div>R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2008-12-04 32400]</div> <div>R3 NUMARK_NS6_MIDI;Numark NS6 MIDI device;c:\windows\system32\drivers\ns6_midi.sys [2012-11-10 31296]</div> <div>R3 NUMARK_NS6_USB;Numark NS6 USB driver service;c:\windows\system32\Drivers\ns6_usb.sys [2012-11-10 416320]</div> <div>R3 NUMARK_NS6_WDM;Numark NS6 WDM device;c:\windows\system32\drivers\ns6_wdm.sys [2012-11-10 54336]</div> <div>R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]</div> <div>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-10 1255736]</div> <div>S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]</div> <div>S0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\System32\drivers\SMR250.SYS [2012-03-18 96376]</div> <div>S3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;c:\windows\system32\DRIVERS\dgmbx2fu.sys [2011-02-13 32944]</div> <div>.</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]</div> <div>hpdevmgmt<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>hpqcxs08 hpqddsvc</div> <div>.</div> <div>Contents of the 'Scheduled Tasks' folder</div> <div>.</div> <div>2013-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job</div> <div>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 08:14]</div> <div>.</div> <div>2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div> <div>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 05:48]</div> <div>.</div> <div>2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div> <div>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 05:48]</div> <div>.</div> <div>2013-02-12 c:\windows\Tasks\HPCeeScheduleForChris.job</div> <div>- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-09-15 21:38]</div> <div>.</div> <div>2013-02-14 c:\windows\Tasks\PCDRScheduledMaintenance.job</div> <div>- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]</div> <div>.</div> <div>.</div> <div>--------- X64 Entries -----------</div> <div>.</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]</div> <div>.</div> <div>------- Supplementary Scan -------</div> <div>.</div> <div>uStart Page = hxxp://www.google.com/</div> <div>uLocal Page = c:\windows\system32\blank.htm</div> <div>mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt</div> <div>mStart Page = hxxp://search.myheritage.com</div> <div>mLocal Page = c:\windows\SysWOW64\blank.htm</div> <div>uInternet Settings,ProxyOverride = *.local</div> <div>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000</div> <div>IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html</div> <div>TCP: DhcpNameServer = 192.168.2.1</div> <div>FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\</div> <div>FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/</div> <div>FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=</div> <div>FF - Ext: LoudMo Contextual Ad Assistant: {158add88-df90-3fd8-e66d-1d794ef4109e} - c:\program files (x86)\Mozilla Firefox\extensions\{158add88-df90-3fd8-e66d-1d794ef4109e}</div> <div>FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</div> <div>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}</div> <div>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}</div> <div>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}</div> <div>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}</div> <div>FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3</div> <div>FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3</div> <div>.</div> <div>- - - - ORPHANS REMOVED - - - -</div> <div>.</div> <div>Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files (x86)\Search Toolbar\tbcore3.dll</div> <div>Wow6432Node-HKLM-Run-<NO NAME> - (no file)</div> <div>WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)</div> <div>AddRemove-4g0_SkAiMSrNe5 - c:\windows\system32\4g0_SkAiMSrNe5.exe</div> <div>AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe</div> <div>.</div> <div>.</div> <div>.</div> <div>--------------------- LOCKED REGISTRY KEYS ---------------------</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="FlashBroker"</div> <div>"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</div> <div>"Enabled"=dword:00000001</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</div> <div>@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="IFlashBroker5"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</div> <div>@="{00020424-0000-0000-C000-000000000046}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>"Version"="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="FlashBroker"</div> <div>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</div> <div>"Enabled"=dword:00000001</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="Shockwave Flash Object"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"</div> <div>"ThreadingModel"="Apartment"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</div> <div>@="0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</div> <div>@="ShockwaveFlash.ShockwaveFlash.11"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</div> <div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</div> <div>@="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div> <div>@="ShockwaveFlash.ShockwaveFlash"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="Macromedia Flash Factory Object"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"</div> <div>"ThreadingModel"="Apartment"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</div> <div>@="FlashFactory.FlashFactory.1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</div> <div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</div> <div>@="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div> <div>@="FlashFactory.FlashFactory"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="IFlashBroker5"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</div> <div>@="{00020424-0000-0000-C000-000000000046}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>"Version"="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]</div> <div>"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,</div> <div> 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]</div> <div>@Denied: (Full) (Everyone)</div> <div>.</div> <div>Completion time: 2013-03-03 09:10:59</div> <div>ComboFix-quarantined-files.txt 2013-03-03 17:10</div> <div>.</div> <div>Pre-Run: 708,977,143,808 bytes free</div> <div>Post-Run: 708,577,980,416 bytes free</div> <div>.</div> <div>- - End Of File - - 2C1BC04D1639D3E39D8A89DCEA4A7A8D</div> <div> </div>
  11. in the bottom right hand corner, whenever i attempt to turn off any security software running, it reads 'not connected. no connections are available' also, simply reading ANY screen proves difficult, as i have to make sense of what the software prompts/ menus say by using screen shots (for corresponding software) on an adjacent laptop, in order to navigate to where correct buttons are located (i.e. 'next' , 'o.k.'. Combofix kept showing that Norton 360 was still active and left me no options to disable it, so i simply uninstalled it, re-booted, and re-attemted to run Combofix. When i did i received the same message that "Combofix has detected the following realtime scanner(s) to be active antivirus: Norton 360 antispyware Norton 360 i went ahead with the scan and received the following log:
  12. <p> </p> <div><span style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">in the bottom right hand corner, whenever i attempt to turn off any security software running, it reads 'not connected. no connections are available'</span><br style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; " /> <span style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">also, simply reading ANY screen proves difficult, as i have to make sense of what the software prompts/ menus say by using screen shots (for corresponding software) on an adjacent laptop, in order to navigate to where correct buttons are located (i.e. 'next' , 'o.k.'.</span><br style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; " /> <span style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">Combofix kept showing that Norton 360 was still active and left me no options to disable it, so i simply uninstalled it, re-booted, and re-attemted to run Combofix. When i did i received the same message that</span><br style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; " /> <span style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">"Combofix has detected the following realtime scanner(s) to be active</span><br style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; " /> <span style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">antivirus: Norton 360</span><br style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; " /> <span style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">antispyware Norton 360"</span><br style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; " /> <span style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">i went ahead with the scan and received the following log:</span></div> <div> </div> <div>ComboFix 13-03-02.01 - Chris 03/03/2013 8:57.1.8 - x64 MINIMAL</div> <div>Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.9207.8270 [GMT -8:00]</div> <div>Running from: c:\users\Chris\Desktop\ComboFix.exe</div> <div>AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}</div> <div>FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}</div> <div>SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}</div> <div>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div> <div> * Created a new restore point</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>c:\programdata\1538587.bat</div> <div>c:\programdata\1538587.pad</div> <div>c:\programdata\1538587.reg</div> <div>c:\programdata\3714350546BC48A6006D3713C83A914C</div> <div>c:\programdata\3714350546BC48A6006D3713C83A914C\3714350546BC48A6006D3713C83A914C</div> <div>c:\programdata\3714350546BC48A6006D3713C83A914C\3714350546BC48A6006D3713C83A914C.ico</div> <div>c:\programdata\jv8cuvrhmf.exe</div> <div>c:\users\Chris\AppData\Local\jv8cuvrhmf.exe</div> <div>c:\users\Chris\AppData\Roaming\jv8cuvrhmf.exe</div> <div>c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\searchplugins\bing-zugo.xml</div> <div>c:\users\Public\Documents\~WRL2687.tmp</div> <div>c:\users\Public\Documents\~WRL3057.tmp</div> <div>c:\users\Public\Documents\~WRL3655.tmp</div> <div>c:\users\Public\Documents\Documents\~WRL0005.tmp</div> <div>c:\users\Public\Documents\Documents\~WRL0078.tmp</div> <div>c:\users\Public\Documents\Documents\~WRL1217.tmp</div> <div>c:\users\Public\Documents\Documents\~WRL1450.tmp</div> <div>c:\users\Public\Documents\Documents\~WRL1774.tmp</div> <div>c:\users\Public\Documents\Documents\~WRL2055.tmp</div> <div>c:\users\Public\Documents\Documents\~WRL2071.tmp</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((( Files Created from 2013-02-03 to 2013-03-03 )))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>2013-03-03 17:07 . 2013-03-03 17:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\UpdatusUser\AppData\Local\temp</div> <div>2013-03-03 17:07 . 2013-03-03 17:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div> <div>2013-03-02 05:21 . 2012-11-07 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>17232<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\asdws.sys</div> <div>2013-03-02 05:21 . 2012-11-07 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>23376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\asdrs.sys</div> <div>2013-03-02 05:21 . 2012-11-07 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>18768<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\asdrm.sys</div> <div>2013-03-02 05:21 . 2013-03-02 05:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Anvisoft</div> <div>2013-03-02 05:21 . 2013-03-02 05:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Anvisoft</div> <div>2013-03-02 03:01 . 2013-03-02 03:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\MFAData</div> <div>2013-03-02 03:01 . 2013-03-02 03:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d--h--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Common Files</div> <div>2013-03-02 03:01 . 2013-03-02 03:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Chris\AppData\Local\MFAData</div> <div>2013-03-02 03:01 . 2013-03-02 03:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Chris\AppData\Local\Avg2013</div> <div>2013-03-02 00:59 . 2013-03-02 00:59<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d---a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\$Anvi Rescue Disk$</div> <div>2013-03-02 00:33 . 2013-03-02 09:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d---a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Kaspersky Rescue Disk 10.0</div> <div>2013-03-01 20:18 . 2013-03-01 20:18<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\FRST</div> <div>2013-02-27 08:14 . 2013-02-27 08:14<span class="Apple-tab-span" style="white-space:pre"> </span>16473456<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerInstaller.exe</div> <div>2013-02-25 06:52 . 2013-02-25 06:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Chris\AppData\Local\DDMSettings</div> <div>2013-02-15 22:31 . 2013-02-15 22:31<span class="Apple-tab-span" style="white-space:pre"> </span>186432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll</div> <div>2013-02-15 22:31 . 2013-02-15 22:31<span class="Apple-tab-span" style="white-space:pre"> </span>186432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll</div> <div>2013-02-12 01:03 . 2013-02-12 01:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\found.003</div> <div>2013-02-08 07:03 . 2013-02-08 07:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\found.001</div> <div>.</div> <div>.</div> <div>.</div> <div>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>2013-02-27 08:14 . 2012-04-10 00:04<span class="Apple-tab-span" style="white-space:pre"> </span>691568<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerApp.exe</div> <div>2013-02-27 08:14 . 2011-06-08 16:44<span class="Apple-tab-span" style="white-space:pre"> </span>71024<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerCPLApp.cpl</div> <div>2013-02-14 05:01 . 2009-12-21 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>737072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll</div> <div>2013-02-13 05:16 . 2010-01-29 03:52<span class="Apple-tab-span" style="white-space:pre"> </span>737072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll</div> <div>2013-02-13 05:07 . 2009-12-21 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>2876528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll</div> <div>2013-02-13 05:07 . 2010-06-03 03:55<span class="Apple-tab-span" style="white-space:pre"> </span>42776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll</div> <div>2013-01-27 04:36 . 2010-05-19 03:12<span class="Apple-tab-span" style="white-space:pre"> </span>2876528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll</div> <div>2013-01-27 04:36 . 2010-05-19 03:12<span class="Apple-tab-span" style="white-space:pre"> </span>42776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll</div> <div>2012-12-29 10:54 . 2012-12-29 10:54<span class="Apple-tab-span" style="white-space:pre"> </span>550328<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvStreaming.exe</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>9389888<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcuda.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>7931896<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvcuda.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>7565240<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvopencl.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>6263784<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvopencl.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>2904504<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcuvid.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>2720696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvcuvid.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>26931128<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvoglv64.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>25256376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcompiler.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>2504248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvapi.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>2344888<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcuvenc.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>20450232<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvoglv32.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>1985976<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvcuvenc.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>1813432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvdispco64.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>18054312<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvd3dumx.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>17560504<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvcompiler.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>15129064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvd3dum.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>15052368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvwgf2umx.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>1504696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvdispgenco64.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>10997176<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\nvlddmkm.sys</div> <div>2012-12-29 10:34 . 2009-09-15 19:52<span class="Apple-tab-span" style="white-space:pre"> </span>2824656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvapi64.dll</div> <div>2012-12-29 10:34 . 2009-08-14 11:14<span class="Apple-tab-span" style="white-space:pre"> </span>12641120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvwgf2um.dll</div> <div>2012-12-29 08:40 . 2010-03-25 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>6382008<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcpl.dll</div> <div>2012-12-29 08:40 . 2010-03-25 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>3455416<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvsvc64.dll</div> <div>2012-12-29 08:40 . 2010-03-25 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>884152<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvvsvc.exe</div> <div>2012-12-29 08:40 . 2010-03-25 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>118712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvmctray.dll</div> <div>2012-12-29 08:40 . 2009-06-27 00:00<span class="Apple-tab-span" style="white-space:pre"> </span>63928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvshext.dll</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>*Note* empty entries & legit default entries are not shown </div> <div>REGEDIT4</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]</div> <div>2009-06-08 21:41<span class="Apple-tab-span" style="white-space:pre"> </span>120104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll</div> <div>.</div> <div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]</div> <div>"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-09-05 59280]</div> <div>"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-23 39408]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</div> <div>"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]</div> <div>"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]</div> <div>"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]</div> <div>"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]</div> <div>"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]</div> <div>"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]</div> <div>"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]</div> <div>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]</div> <div>"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]</div> <div>"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]</div> <div>"ADBlocker"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe" [2012-12-21 979816]</div> <div>"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-12-21 1434984]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div> <div>"ConsentPromptBehaviorAdmin"= 5 (0x5)</div> <div>"ConsentPromptBehaviorUser"= 3 (0x3)</div> <div>"EnableUIADesktopToggle"= 0 (0x0)</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]</div> <div>@=""</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]</div> <div>@=""</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]</div> <div>@=""</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]</div> <div>@=""</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]</div> <div>@="Service"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\security center]</div> <div>"AntiVirusOverride"=dword:00000001</div> <div>"FirewallOverride"=dword:00000001</div> <div>.</div> <div>R1 asdnet;asdnet;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2012-09-07 19280]</div> <div>R1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys [2012-11-07 18768]</div> <div>R2 ADBlockerSrv;AD Blocker Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2012-11-13 279368]</div> <div>R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]</div> <div>R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys [2012-11-07 23376]</div> <div>R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-21 735592]</div> <div>R2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys [2012-11-07 17232]</div> <div>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]</div> <div>R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 21520]</div> <div>R2 DTBService;DTBService;c:\program files (x86)\DVRMSToolbox\DTBFWService.exe [2010-01-13 8192]</div> <div>R2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]</div> <div>R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]</div> <div>R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]</div> <div>R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]</div> <div>R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]</div> <div>R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2008-12-04 162832]</div> <div>R3 DGUSBAP;Service for Digidesign Mbox2 (WDM);c:\windows\system32\DRIVERS\dgmbx2.sys [2011-02-13 194864]</div> <div>R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-12 287960]</div> <div>R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]</div> <div>R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2008-12-04 32400]</div> <div>R3 NUMARK_NS6_MIDI;Numark NS6 MIDI device;c:\windows\system32\drivers\ns6_midi.sys [2012-11-10 31296]</div> <div>R3 NUMARK_NS6_USB;Numark NS6 USB driver service;c:\windows\system32\Drivers\ns6_usb.sys [2012-11-10 416320]</div> <div>R3 NUMARK_NS6_WDM;Numark NS6 WDM device;c:\windows\system32\drivers\ns6_wdm.sys [2012-11-10 54336]</div> <div>R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]</div> <div>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-10 1255736]</div> <div>S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]</div> <div>S0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\System32\drivers\SMR250.SYS [2012-03-18 96376]</div> <div>S3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;c:\windows\system32\DRIVERS\dgmbx2fu.sys [2011-02-13 32944]</div> <div>.</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]</div> <div>hpdevmgmt<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>hpqcxs08 hpqddsvc</div> <div>.</div> <div>Contents of the 'Scheduled Tasks' folder</div> <div>.</div> <div>2013-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job</div> <div>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 08:14]</div> <div>.</div> <div>2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div> <div>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 05:48]</div> <div>.</div> <div>2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div> <div>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 05:48]</div> <div>.</div> <div>2013-02-12 c:\windows\Tasks\HPCeeScheduleForChris.job</div> <div>- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-09-15 21:38]</div> <div>.</div> <div>2013-02-14 c:\windows\Tasks\PCDRScheduledMaintenance.job</div> <div>- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]</div> <div>.</div> <div>.</div> <div>--------- X64 Entries -----------</div> <div>.</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]</div> <div>.</div> <div>------- Supplementary Scan -------</div> <div>.</div> <div>uStart Page = hxxp://www.google.com/</div> <div>uLocal Page = c:\windows\system32\blank.htm</div> <div>mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt</div> <div>mStart Page = hxxp://search.myheritage.com</div> <div>mLocal Page = c:\windows\SysWOW64\blank.htm</div> <div>uInternet Settings,ProxyOverride = *.local</div> <div>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000</div> <div>IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html</div> <div>TCP: DhcpNameServer = 192.168.2.1</div> <div>FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\</div> <div>FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/</div> <div>FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=</div> <div>FF - Ext: LoudMo Contextual Ad Assistant: {158add88-df90-3fd8-e66d-1d794ef4109e} - c:\program files (x86)\Mozilla Firefox\extensions\{158add88-df90-3fd8-e66d-1d794ef4109e}</div> <div>FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</div> <div>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}</div> <div>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}</div> <div>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}</div> <div>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}</div> <div>FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3</div> <div>FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3</div> <div>.</div> <div>- - - - ORPHANS REMOVED - - - -</div> <div>.</div> <div>Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files (x86)\Search Toolbar\tbcore3.dll</div> <div>Wow6432Node-HKLM-Run-<NO NAME> - (no file)</div> <div>WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)</div> <div>AddRemove-4g0_SkAiMSrNe5 - c:\windows\system32\4g0_SkAiMSrNe5.exe</div> <div>AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe</div> <div>.</div> <div>.</div> <div>.</div> <div>--------------------- LOCKED REGISTRY KEYS ---------------------</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="FlashBroker"</div> <div>"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</div> <div>"Enabled"=dword:00000001</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</div> <div>@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="IFlashBroker5"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</div> <div>@="{00020424-0000-0000-C000-000000000046}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>"Version"="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="FlashBroker"</div> <div>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</div> <div>"Enabled"=dword:00000001</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="Shockwave Flash Object"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"</div> <div>"ThreadingModel"="Apartment"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</div> <div>@="0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</div> <div>@="ShockwaveFlash.ShockwaveFlash.11"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</div> <div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</div> <div>@="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div> <div>@="ShockwaveFlash.ShockwaveFlash"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="Macromedia Flash Factory Object"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"</div> <div>"ThreadingModel"="Apartment"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</div> <div>@="FlashFactory.FlashFactory.1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</div> <div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</div> <div>@="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div> <div>@="FlashFactory.FlashFactory"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="IFlashBroker5"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</div> <div>@="{00020424-0000-0000-C000-000000000046}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>"Version"="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]</div> <div>"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,</div> <div> 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]</div> <div>@Denied: (Full) (Everyone)</div> <div>.</div> <div>Completion time: 2013-03-03 09:10:59</div> <div>ComboFix-quarantined-files.txt 2013-03-03 17:10</div> <div>.</div> <div>Pre-Run: 708,977,143,808 bytes free</div> <div>Post-Run: 708,577,980,416 bytes free</div> <div>.</div> <div>- - End Of File - - 2C1BC04D1639D3E39D8A89DCEA4A7A8D</div> <div> </div> <div><span style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">Awaiting your next instruction...</span></div> <div><span style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">Thanks again for your patience and generosity.</span></div> <div> </div>
  13. <p>in the bottom right hand corner, <span style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; line-height: 19px; ">whenever i attempt to turn off any security software running,</span> it reads "not connected. no connections are available"</p> <p>also, simply reading ANY screen proves difficult, as i have to make sense of what the software prompts/ menus say by using screen shots (for corresponding software) on an adjacent laptop, in order to navigate to where correct buttons are located (i.e. 'next', 'o.k.').</p> <p>Combofix kept showing that Norton 360 was still active and left me no options to disable it, so i simply uninstalled it, re-booted, and re-attemted to run Combofix. When i did i received the same message that</p> <p>"Combofix has detected the following realtime scanner(s) to be active</p> <p>antivirus: Norton 360</p> <p>antispyware Norton 360"</p> <p>i went ahead with the scan and received the following log:</p> <p> </p> <p> </p> <div>ComboFix 13-03-02.01 - Chris 03/03/2013 8:57.1.8 - x64 MINIMAL</div> <div>Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.9207.8270 [GMT -8:00]</div> <div>Running from: c:\users\Chris\Desktop\ComboFix.exe</div> <div>AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}</div> <div>FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}</div> <div>SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}</div> <div>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div> <div> * Created a new restore point</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>c:\programdata\1538587.bat</div> <div>c:\programdata\1538587.pad</div> <div>c:\programdata\1538587.reg</div> <div>c:\programdata\3714350546BC48A6006D3713C83A914C</div> <div>c:\programdata\3714350546BC48A6006D3713C83A914C\3714350546BC48A6006D3713C83A914C</div> <div>c:\programdata\3714350546BC48A6006D3713C83A914C\3714350546BC48A6006D3713C83A914C.ico</div> <div>c:\programdata\jv8cuvrhmf.exe</div> <div>c:\users\Chris\AppData\Local\jv8cuvrhmf.exe</div> <div>c:\users\Chris\AppData\Roaming\jv8cuvrhmf.exe</div> <div>c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\searchplugins\bing-zugo.xml</div> <div>c:\users\Public\Documents\~WRL2687.tmp</div> <div>c:\users\Public\Documents\~WRL3057.tmp</div> <div>c:\users\Public\Documents\~WRL3655.tmp</div> <div>c:\users\Public\Documents\Documents\~WRL0005.tmp</div> <div>c:\users\Public\Documents\Documents\~WRL0078.tmp</div> <div>c:\users\Public\Documents\Documents\~WRL1217.tmp</div> <div>c:\users\Public\Documents\Documents\~WRL1450.tmp</div> <div>c:\users\Public\Documents\Documents\~WRL1774.tmp</div> <div>c:\users\Public\Documents\Documents\~WRL2055.tmp</div> <div>c:\users\Public\Documents\Documents\~WRL2071.tmp</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((( Files Created from 2013-02-03 to 2013-03-03 )))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>2013-03-03 17:07 . 2013-03-03 17:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\UpdatusUser\AppData\Local\temp</div> <div>2013-03-03 17:07 . 2013-03-03 17:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div> <div>2013-03-02 05:21 . 2012-11-07 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>17232<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\asdws.sys</div> <div>2013-03-02 05:21 . 2012-11-07 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>23376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\asdrs.sys</div> <div>2013-03-02 05:21 . 2012-11-07 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>18768<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\asdrm.sys</div> <div>2013-03-02 05:21 . 2013-03-02 05:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Anvisoft</div> <div>2013-03-02 05:21 . 2013-03-02 05:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Anvisoft</div> <div>2013-03-02 03:01 . 2013-03-02 03:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\MFAData</div> <div>2013-03-02 03:01 . 2013-03-02 03:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d--h--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Common Files</div> <div>2013-03-02 03:01 . 2013-03-02 03:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Chris\AppData\Local\MFAData</div> <div>2013-03-02 03:01 . 2013-03-02 03:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Chris\AppData\Local\Avg2013</div> <div>2013-03-02 00:59 . 2013-03-02 00:59<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d---a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\$Anvi Rescue Disk$</div> <div>2013-03-02 00:33 . 2013-03-02 09:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d---a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Kaspersky Rescue Disk 10.0</div> <div>2013-03-01 20:18 . 2013-03-01 20:18<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\FRST</div> <div>2013-02-27 08:14 . 2013-02-27 08:14<span class="Apple-tab-span" style="white-space:pre"> </span>16473456<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerInstaller.exe</div> <div>2013-02-25 06:52 . 2013-02-25 06:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Chris\AppData\Local\DDMSettings</div> <div>2013-02-15 22:31 . 2013-02-15 22:31<span class="Apple-tab-span" style="white-space:pre"> </span>186432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll</div> <div>2013-02-15 22:31 . 2013-02-15 22:31<span class="Apple-tab-span" style="white-space:pre"> </span>186432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll</div> <div>2013-02-12 01:03 . 2013-02-12 01:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\found.003</div> <div>2013-02-08 07:03 . 2013-02-08 07:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\found.001</div> <div>.</div> <div>.</div> <div>.</div> <div>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>2013-02-27 08:14 . 2012-04-10 00:04<span class="Apple-tab-span" style="white-space:pre"> </span>691568<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerApp.exe</div> <div>2013-02-27 08:14 . 2011-06-08 16:44<span class="Apple-tab-span" style="white-space:pre"> </span>71024<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerCPLApp.cpl</div> <div>2013-02-14 05:01 . 2009-12-21 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>737072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll</div> <div>2013-02-13 05:16 . 2010-01-29 03:52<span class="Apple-tab-span" style="white-space:pre"> </span>737072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll</div> <div>2013-02-13 05:07 . 2009-12-21 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>2876528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll</div> <div>2013-02-13 05:07 . 2010-06-03 03:55<span class="Apple-tab-span" style="white-space:pre"> </span>42776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll</div> <div>2013-01-27 04:36 . 2010-05-19 03:12<span class="Apple-tab-span" style="white-space:pre"> </span>2876528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll</div> <div>2013-01-27 04:36 . 2010-05-19 03:12<span class="Apple-tab-span" style="white-space:pre"> </span>42776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll</div> <div>2012-12-29 10:54 . 2012-12-29 10:54<span class="Apple-tab-span" style="white-space:pre"> </span>550328<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvStreaming.exe</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>9389888<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcuda.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>7931896<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvcuda.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>7565240<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvopencl.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>6263784<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvopencl.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>2904504<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcuvid.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>2720696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvcuvid.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>26931128<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvoglv64.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>25256376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcompiler.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>2504248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvapi.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>2344888<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcuvenc.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>20450232<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvoglv32.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>1985976<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvcuvenc.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>1813432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvdispco64.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>18054312<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvd3dumx.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>17560504<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvcompiler.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>15129064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvd3dum.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>15052368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvwgf2umx.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>1504696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvdispgenco64.dll</div> <div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>10997176<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\nvlddmkm.sys</div> <div>2012-12-29 10:34 . 2009-09-15 19:52<span class="Apple-tab-span" style="white-space:pre"> </span>2824656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvapi64.dll</div> <div>2012-12-29 10:34 . 2009-08-14 11:14<span class="Apple-tab-span" style="white-space:pre"> </span>12641120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvwgf2um.dll</div> <div>2012-12-29 08:40 . 2010-03-25 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>6382008<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcpl.dll</div> <div>2012-12-29 08:40 . 2010-03-25 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>3455416<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvsvc64.dll</div> <div>2012-12-29 08:40 . 2010-03-25 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>884152<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvvsvc.exe</div> <div>2012-12-29 08:40 . 2010-03-25 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>118712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvmctray.dll</div> <div>2012-12-29 08:40 . 2009-06-27 00:00<span class="Apple-tab-span" style="white-space:pre"> </span>63928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvshext.dll</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>*Note* empty entries & legit default entries are not shown </div> <div>REGEDIT4</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]</div> <div>2009-06-08 21:41<span class="Apple-tab-span" style="white-space:pre"> </span>120104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll</div> <div>.</div> <div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]</div> <div>"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-09-05 59280]</div> <div>"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-23 39408]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</div> <div>"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]</div> <div>"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]</div> <div>"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]</div> <div>"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]</div> <div>"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]</div> <div>"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]</div> <div>"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]</div> <div>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]</div> <div>"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]</div> <div>"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]</div> <div>"ADBlocker"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe" [2012-12-21 979816]</div> <div>"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-12-21 1434984]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div> <div>"ConsentPromptBehaviorAdmin"= 5 (0x5)</div> <div>"ConsentPromptBehaviorUser"= 3 (0x3)</div> <div>"EnableUIADesktopToggle"= 0 (0x0)</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]</div> <div>@=""</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]</div> <div>@=""</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]</div> <div>@=""</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]</div> <div>@=""</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]</div> <div>@="Service"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\security center]</div> <div>"AntiVirusOverride"=dword:00000001</div> <div>"FirewallOverride"=dword:00000001</div> <div>.</div> <div>R1 asdnet;asdnet;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2012-09-07 19280]</div> <div>R1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys [2012-11-07 18768]</div> <div>R2 ADBlockerSrv;AD Blocker Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2012-11-13 279368]</div> <div>R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]</div> <div>R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys [2012-11-07 23376]</div> <div>R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-21 735592]</div> <div>R2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys [2012-11-07 17232]</div> <div>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]</div> <div>R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 21520]</div> <div>R2 DTBService;DTBService;c:\program files (x86)\DVRMSToolbox\DTBFWService.exe [2010-01-13 8192]</div> <div>R2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]</div> <div>R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]</div> <div>R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]</div> <div>R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]</div> <div>R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]</div> <div>R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2008-12-04 162832]</div> <div>R3 DGUSBAP;Service for Digidesign Mbox2 (WDM);c:\windows\system32\DRIVERS\dgmbx2.sys [2011-02-13 194864]</div> <div>R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-12 287960]</div> <div>R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]</div> <div>R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2008-12-04 32400]</div> <div>R3 NUMARK_NS6_MIDI;Numark NS6 MIDI device;c:\windows\system32\drivers\ns6_midi.sys [2012-11-10 31296]</div> <div>R3 NUMARK_NS6_USB;Numark NS6 USB driver service;c:\windows\system32\Drivers\ns6_usb.sys [2012-11-10 416320]</div> <div>R3 NUMARK_NS6_WDM;Numark NS6 WDM device;c:\windows\system32\drivers\ns6_wdm.sys [2012-11-10 54336]</div> <div>R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]</div> <div>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-10 1255736]</div> <div>S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]</div> <div>S0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\System32\drivers\SMR250.SYS [2012-03-18 96376]</div> <div>S3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;c:\windows\system32\DRIVERS\dgmbx2fu.sys [2011-02-13 32944]</div> <div>.</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]</div> <div>hpdevmgmt<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>hpqcxs08 hpqddsvc</div> <div>.</div> <div>Contents of the 'Scheduled Tasks' folder</div> <div>.</div> <div>2013-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job</div> <div>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 08:14]</div> <div>.</div> <div>2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div> <div>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 05:48]</div> <div>.</div> <div>2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div> <div>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 05:48]</div> <div>.</div> <div>2013-02-12 c:\windows\Tasks\HPCeeScheduleForChris.job</div> <div>- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-09-15 21:38]</div> <div>.</div> <div>2013-02-14 c:\windows\Tasks\PCDRScheduledMaintenance.job</div> <div>- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]</div> <div>.</div> <div>.</div> <div>--------- X64 Entries -----------</div> <div>.</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]</div> <div>.</div> <div>------- Supplementary Scan -------</div> <div>.</div> <div>uStart Page = hxxp://www.google.com/</div> <div>uLocal Page = c:\windows\system32\blank.htm</div> <div>mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt</div> <div>mStart Page = hxxp://search.myheritage.com</div> <div>mLocal Page = c:\windows\SysWOW64\blank.htm</div> <div>uInternet Settings,ProxyOverride = *.local</div> <div>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000</div> <div>IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html</div> <div>TCP: DhcpNameServer = 192.168.2.1</div> <div>FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\</div> <div>FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/</div> <div>FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=</div> <div>FF - Ext: LoudMo Contextual Ad Assistant: {158add88-df90-3fd8-e66d-1d794ef4109e} - c:\program files (x86)\Mozilla Firefox\extensions\{158add88-df90-3fd8-e66d-1d794ef4109e}</div> <div>FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</div> <div>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}</div> <div>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}</div> <div>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}</div> <div>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}</div> <div>FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3</div> <div>FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3</div> <div>.</div> <div>- - - - ORPHANS REMOVED - - - -</div> <div>.</div> <div>Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files (x86)\Search Toolbar\tbcore3.dll</div> <div>Wow6432Node-HKLM-Run-<NO NAME> - (no file)</div> <div>WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)</div> <div>AddRemove-4g0_SkAiMSrNe5 - c:\windows\system32\4g0_SkAiMSrNe5.exe</div> <div>AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe</div> <div>.</div> <div>.</div> <div>.</div> <div>--------------------- LOCKED REGISTRY KEYS ---------------------</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="FlashBroker"</div> <div>"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</div> <div>"Enabled"=dword:00000001</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</div> <div>@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="IFlashBroker5"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</div> <div>@="{00020424-0000-0000-C000-000000000046}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>"Version"="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="FlashBroker"</div> <div>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</div> <div>"Enabled"=dword:00000001</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="Shockwave Flash Object"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"</div> <div>"ThreadingModel"="Apartment"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</div> <div>@="0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</div> <div>@="ShockwaveFlash.ShockwaveFlash.11"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</div> <div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</div> <div>@="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div> <div>@="ShockwaveFlash.ShockwaveFlash"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="Macromedia Flash Factory Object"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"</div> <div>"ThreadingModel"="Apartment"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</div> <div>@="FlashFactory.FlashFactory.1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</div> <div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</div> <div>@="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div> <div>@="FlashFactory.FlashFactory"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="IFlashBroker5"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</div> <div>@="{00020424-0000-0000-C000-000000000046}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>"Version"="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]</div> <div>"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,</div> <div> 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]</div> <div>@Denied: (Full) (Everyone)</div> <div>.</div> <div>Completion time: 2013-03-03 09:10:59</div> <div>ComboFix-quarantined-files.txt 2013-03-03 17:10</div> <div>.</div> <div>Pre-Run: 708,977,143,808 bytes free</div> <div>Post-Run: 708,577,980,416 bytes free</div> <div>.</div> <div>- - End Of File - - 2C1BC04D1639D3E39D8A89DCEA4A7A8D</div> <div> </div> <div>Awaiting your next instruction...</div> <div>Thanks again for your patience and generosity.</div>
  14. Thanks Gringo! Here's the C:\AdwCleaner[s1].txt you requested: # AdwCleaner v2.113 - Logfile created 03/01/2013 at 21:23:45 # Updated 23/02/2013 by Xplode # Operating system : Windows 7 Home Premium (64 bits) # User : Chris - CHRIS-PC # Boot Mode : Safe mode # Running from : C:\Users\Chris\Desktop\debug\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg Folder Deleted : C:\Program Files (x86)\Search Toolbar Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\Chris\AppData\Local\SanctionedMedia Folder Deleted : C:\Users\Chris\AppData\LocalLow\boost_interprocess Folder Deleted : C:\Users\Chris\AppData\LocalLow\Toolbar4 Folder Deleted : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\extensions\plugin@yontoo.com ***** [Registry] ***** Key Deleted : HKCU\Software\1ClickDownload Key Deleted : HKCU\Software\AppDataLow\HavingFunOnline Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA3EB689-8F09-4026-AA10-B9534C691CE0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smad Key Deleted : HKCU\Software\SanctionedMedia Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\TBSB05974.IEToolbar Key Deleted : HKLM\SOFTWARE\Classes\TBSB05974.IEToolbar.1 Key Deleted : HKLM\SOFTWARE\Classes\TBSB05974.TBSB05974 Key Deleted : HKLM\SOFTWARE\Classes\TBSB05974.TBSB05974.3 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB05974 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB05974.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E} Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1 Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Software Key Deleted : HKLM\SOFTWARE\Tarma Installer Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Deleted : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Deleted : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v3.5.9 (en-US) File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\prefs.js C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\user.js ... Deleted ! [OK] File is clean. ************************* AdwCleaner[R1].txt - [6955 octets] - [01/03/2013 21:23:12] AdwCleaner[s1].txt - [6879 octets] - [01/03/2013 21:23:45] ########## EOF - C:\AdwCleaner[s1].txt - [6939 octets] ########## When it ran the RogueKiller scan, an internet explorer message came up saying, "cannot display the webpage." Here is the resulting RKreport[1].txt results: RogueKiller V8.5.2 [Feb 23 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Safe mode User : Chris [Admin rights] Mode : Remove -- Date : 03/03/2013 01:52:42 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST31000528AS +++++ --- User --- [MBR] 17ee88ba57d6f04265904abbb37ecbb6 [bSP] e282619863f6cedf88d055f819eacc19 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 941200 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1927784448 | Size: 12567 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3]_D_03032013_02d0152.txt >> RKreport[1]_S_03032013_02d0146.txt ; RKreport[2]_D_03032013_02d0151.txt ; RKreport[3]_D_03032013_02d0152.txt I really appreciate your skill and expertise. Enjoy the rest of your weekend!
  15. As per your instructions: 1. checkup.txt Results of screen317's Security Check version 0.99.60 Windows 7 x64 (UAC is disabled!) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Norton 360 WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 Java 6 Update 24 Java version out of Date! Adobe Flash Player 11.6.602.171 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox (3.5.9) Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` 2. DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24 Run by Chris at 18:29:41 on 2013-03-02 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.9207.8378 [GMT -8:00] . AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\ctfmon.exe C:\Windows\explorer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt mStart Page = hxxp://search.myheritage.com mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt mWinlogon: Shell = C:\PROGRA~3\1538587.bat BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Search Toolbar: {0C8413C1-FAD1-446C-8584-BE50576F863E} - TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll TB: Search Toolbar: {0C8413C1-FAD1-446C-8584-BE50576F863E} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [uTorrent] "C:\Users\Chris\Desktop\utorrent-2.0.1-beta-18284.upx.exe" uRunOnce: [Report] C:\AdwCleaner[s2].txt mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe mRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe -tray mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\runctf.lnk - C:\Windows\System32\rundll32.exe uPolicies-Explorer: HideSCAHealth = dword:1 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{53B4974C-A469-4FD2-9855-FA7E8561B5AC} : DHCPNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{D0929FD7-D2D5-4BE3-9A7A-53F8070C4EED} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{D0929FD7-D2D5-4BE3-9A7A-53F8070C4EED}\538355A423 : DHCPNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll SSODL: WebCheck - <orphaned> x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt x64-mWinlogon: Shell = Explorer.exe, C:\Users\Chris\AppData\Roaming\jv8cuvrhmf x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\ FF - prefs.js: browser.search.selectedEngine - Search FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/ FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q= FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll FF - Ext: LoudMo Contextual Ad Assistant: {158add88-df90-3fd8-e66d-1d794ef4109e} - C:\Program Files (x86)\Mozilla Firefox\extensions\{158add88-df90-3fd8-e66d-1d794ef4109e} FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-29 55856] R0 SMR250;Symantec SMR Utility Service 2.5.0;C:\Windows\System32\drivers\SMR250.SYS [2012-3-18 96376] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0502020.003\symds64.sys [2012-6-11 450680] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0502020.003\symefa64.sys [2012-6-11 912504] R3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;C:\Windows\System32\drivers\dgmbx2fu.sys [2011-2-13 32944] S1 asdnet;asdnet;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2013-3-1 19280] S1 asdrm;asdrm;C:\Windows\System32\drivers\asdrm.sys [2013-3-1 18768] S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-2-12 1388120] S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130228.001\IDSviA64.sys [2013-2-28 513184] S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0502020.003\ironx64.sys [2012-6-11 171128] S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0502020.003\symnets.sys [2012-6-11 386168] S2 ADBlockerSrv;AD Blocker Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2013-3-1 279368] S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312] S2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2013-3-1 23376] S2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-20 735592] S2 asdws;AnviSmartDefender Web Guard;C:\Windows\System32\drivers\asdws.sys [2013-3-1 17232] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 DigiNet;Digidesign Ethernet Support;C:\Windows\System32\drivers\diginet.sys [2011-9-25 21520] S2 DTBService;DTBService;C:\Program Files (x86)\DVRMSToolbox\DTBFWService.exe [2010-1-12 8192] S2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-9-15 192512] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-4 13336] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-12 399432] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-12 676936] S2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccsvchst.exe [2012-6-11 130008] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416] S3 dalwdmservice;dal service;C:\Windows\System32\drivers\Dalwdm.sys [2011-9-15 162832] S3 DGUSBAP;Service for Digidesign Mbox2 (WDM);C:\Windows\System32\drivers\dgmbx2.sys [2011-2-13 194864] S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2009-9-15 287960] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-12 25928] S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;C:\Windows\System32\drivers\mbx2midk.sys [2011-9-15 32400] S3 NUMARK_NS6_MIDI;Numark NS6 MIDI device;C:\Windows\System32\drivers\ns6_midi.sys [2012-11-9 31296] S3 NUMARK_NS6_USB;Numark NS6 USB driver service;C:\Windows\System32\drivers\ns6_usb.sys [2012-11-9 416320] S3 NUMARK_NS6_WDM;Numark NS6 WDM device;C:\Windows\System32\drivers\ns6_wdm.sys [2012-11-9 54336] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-9 1255736] . =============== File Associations =============== . FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [userChoice] . =============== Created Last 30 ================ . 2013-03-02 07:06:33 148262 ----a-w- C:\Users\Chris\AppData\Roaming\jv8cuvrhmf.exe 2013-03-02 05:21:17 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys 2013-03-02 05:21:17 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys 2013-03-02 05:21:17 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys 2013-03-02 05:21:15 -------- d-----w- C:\ProgramData\Anvisoft 2013-03-02 05:21:13 -------- d-----w- C:\Program Files (x86)\Anvisoft 2013-03-02 03:01:13 -------- d--h--w- C:\ProgramData\Common Files 2013-03-02 03:01:13 -------- d-----w- C:\Users\Chris\AppData\Local\MFAData 2013-03-02 03:01:13 -------- d-----w- C:\Users\Chris\AppData\Local\Avg2013 2013-03-02 03:01:13 -------- d-----w- C:\ProgramData\MFAData 2013-03-02 00:59:24 -------- d---a-w- C:\$Anvi Rescue Disk$ 2013-03-02 00:56:37 -------- d-sh--w- C:\$RECYCLE.BIN 2013-03-02 00:33:46 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2013-03-01 20:53:39 98816 ----a-w- C:\Windows\sed.exe 2013-03-01 20:53:39 256000 ----a-w- C:\Windows\PEV.exe 2013-03-01 20:53:39 208896 ----a-w- C:\Windows\MBR.exe 2013-03-01 20:53:32 -------- d-s---w- C:\ComboFix 2013-03-01 20:18:51 -------- d-----w- C:\FRST 2013-03-01 07:32:49 148647 ----a-w- C:\Users\Chris\AppData\Local\jv8cuvrhmf.exe 2013-03-01 07:32:48 145817 ----a-w- C:\ProgramData\jv8cuvrhmf.exe 2013-03-01 07:32:46 60 ----a-w- C:\ProgramData\1538587.bat 2013-03-01 07:32:46 153 ----a-w- C:\ProgramData\1538587.reg 2013-02-27 08:14:07 16473456 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2013-02-25 06:52:33 -------- d-----w- C:\Users\Chris\AppData\Local\DDMSettings 2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll 2013-02-12 01:03:11 -------- d-sh--w- C:\found.003 2013-02-08 07:03:58 -------- d-sh--w- C:\found.001 . ==================== Find3M ==================== . 2013-02-27 08:14:14 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-27 08:14:14 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-12-29 10:54:24 550328 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2012-12-29 08:40:27 6382008 ----a-w- C:\Windows\System32\nvcpl.dll 2012-12-29 08:40:27 3455416 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-12-29 08:40:09 884152 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-12-29 08:40:09 63928 ----a-w- C:\Windows\System32\nvshext.dll 2012-12-29 08:40:09 118712 ----a-w- C:\Windows\System32\nvmctray.dll . ============= FINISH: 18:44:14.35 =============== 3. Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 10/29/2009 5:21:09 PM System Uptime: 3/2/2013 6:08:43 PM (0 hours ago) . Motherboard: PEGATRON CORPORATION | | TRUCKEE Processor: Intel® Core i7 CPU 920 @ 2.67GHz | CPU 1 | 2660/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 919 GiB total, 655.446 GiB free. D: is FIXED (NTFS) - 12 GiB total, 2.222 GiB free. E: is CDROM () G: is Removable H: is Removable I: is Removable K: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart C4700 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Photosmart C4700 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318} Description: Consumer IR Devices Device ID: ROOT\SYSTEM\0001 Manufacturer: Microsoft Name: Consumer IR Devices PNP Device ID: ROOT\SYSTEM\0001 Service: circlass . Class GUID: {36fc9e60-c465-11cf-8056-444553540000} Description: eHome Infrared Receiver (USBCIR) Device ID: USB\VID_045E&PID_006D\MS0R4WZB Manufacturer: Microsoft Name: eHome Infrared Receiver (USBCIR) PNP Device ID: USB\VID_045E&PID_006D\MS0R4WZB Service: usbcir . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Intel® 82567V-2 Gigabit Network Connection Device ID: PCI\VEN_8086&DEV_10CE&SUBSYS_2A86103C&REV_00\3&11583659&0&C8 Manufacturer: Intel Name: Intel® 82567V-2 Gigabit Network Connection PNP Device ID: PCI\VEN_8086&DEV_10CE&SUBSYS_2A86103C&REV_00\3&11583659&0&C8 Service: e1yexpress . ==== System Restore Points =================== . RP979: 2/1/2013 7:10:05 PM - HPSF Restore Point RP980: 2/26/2013 10:08:51 PM - Scheduled Checkpoint . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) µTorrent 5600 64 Bit HP CIO Components Installer Acrobat.com Activate Norton Online Backup Activation Assistant for the 2007 Microsoft Office suites ActiveCheck component for HP Active Support Library AD Blocker Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Elements 7.0 Adobe Photoshop.com Inspiration Browser Adobe Reader X (10.1.6) AIO_CDB_ProductContext AIO_CDB_Software AIO_Scan Anvi Smart Defender 1.8 Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft VideoImpression 2 ArcSoft WebCam Companion 2 Avid Mbox 2 USB Drivers (x64) Avid Pro Tools LE 8.0.5 Bonjour BufferChm Button Manager C4700 Camersoft Skype Video Recorder 2.2.18 CCleaner Compatibility Pack for the 2007 Office system Copy Coupon Printer for Windows CyberLink DVD Suite Deluxe Destinations DeviceDiscovery Digidesign ElevenRack Driver 1.0.8 (x64) Digidesign Pro Tools LE 7.1 DirectX for Managed Code Update (Summer 2004) DiskAid 3.11 DocProc DVRMSToolbox Fax Final Draft Free DigiRack Plug-Ins 8.0.5 Free MP3 Sound Recorder v1.9 Google Toolbar for Internet Explorer Google Update Helper GPBaseService2 Hardware Diagnostic Tools Hewlett-Packard ACLM.NET v1.1.0.0 HitmanPro 3.6 Homepage Protection HP Advisor HP Customer Experience Enhancements HP Customer Participation Program 14.0 HP Easy Backup HP Games HP Imaging Device Functions 14.0 HP MediaSmart Demo HP MediaSmart DVD HP MediaSmart Movie Themes HP MediaSmart Music/Photo/Video HP MediaSmart SmartMenu HP Odometer HP Photo Creations HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 HP Photosmart Essential 3.5 HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B HP Product Detection HP Remote Solution HP Setup HP Smart Web Printing 4.60 HP Solution Center 14.0 HP Support Assistant HP Support Information HP Update HP Webcam User's Guide HPAsset component for HP Active Support Library HPDiagnosticAlert HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply iCloud Instagram Bot Intel® Rapid Storage Technology InterLok Driver Kit Interlok driver setup x64 ITCH iTunes iTunesDSM Java Auto Updater Java 6 Update 24 LabelPrint LightScribe System Software LoudMo Contextual Ad Assistant Malwarebytes Anti-Malware version 1.65.0.1400 MarkelSoft Dupe Eliminator for iTunes 9.2 MarketResearch Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Live Search Toolbar Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Standard 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Works MIDI-OX MIDI Updater 1.0 MobileMe Control Panel Moleskinsoft Clone Remover 3.8 Motorola Driver Installation 3.4.0 Mozilla Firefox (3.5.9) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MusicBrainz Picard Network64 NoClone 2010 Free Edition Norton 360 NS6 USB Audio driver NVIDIA 3D Vision Controller Driver 310.90 NVIDIA 3D Vision Driver 310.90 NVIDIA Control Panel 310.90 NVIDIA Display Control Panel NVIDIA Graphics Driver 310.90 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.1031 NVIDIA Stereoscopic 3D Driver NVIDIA StereoUSB Driver NVIDIA Update 1.11.3 NVIDIA Update Components OCR Software by I.R.I.S. 13.0 PhotoshopdotcomInspirationBrowser PictureMover Power2Go PowerDirector PowerRecover PS_AIO_06_C4700_SW_Min PVSonyDll QuickTime QuickTransfer RAR File Open Knife - Free Opener Realtek High Definition Audio Driver Safari Scan Search Toolbar Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition SharewarePile iPodManager 1.0.0.2 Shop for HP Supplies ShowAnalyzerSuite ShufflePlusVLOI Skype Toolbars Skypeô 5.3 SmartWebPrinting SolutionCenter Spotify Status Toolbox TrayApp UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VC80CRTRedist - 8.0.50727.6195 VLC media player 1.1.8 VZAccess Manager WebReg Windows Mobile Device Center Windows Mobile Device Center Driver Update . ==== Event Viewer Messages From Past Week ======== . 3/2/2013 6:26:25 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 3/2/2013 6:15:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service defragsvc with arguments "" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34} 3/2/2013 6:12:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C} 3/2/2013 6:11:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 3/2/2013 6:11:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 3/2/2013 6:11:15 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 3/2/2013 6:10:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 3/2/2013 6:10:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 3/2/2013 6:10:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 3/2/2013 6:10:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 3/2/2013 6:10:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/2/2013 6:10:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 3/2/2013 6:09:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD asdnet asdrm BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf 3/2/2013 6:09:13 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 3/2/2013 6:09:13 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 3/2/2013 6:09:13 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 3/2/2013 6:09:13 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 3/2/2013 6:09:13 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 3/2/2013 6:09:13 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 3/2/2013 6:09:13 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 3/2/2013 6:09:13 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 3/2/2013 6:09:13 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 3/2/2013 6:09:13 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/2/2013 6:09:13 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 3/2/2013 6:09:13 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 3/2/2013 4:34:43 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 3/2/2013 4:34:33 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 3/2/2013 1:17:40 PM, Error: Service Control Manager [7024] - The Power service terminated with service-specific error The operation completed successfully.. 3/1/2013 8:45:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf 3/1/2013 8:30:24 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period. 3/1/2013 7:27:29 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume HP. 3/1/2013 6:02:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 3/1/2013 6:01:51 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 3/1/2013 6:01:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6 3/1/2013 4:56:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service. 3/1/2013 12:53:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 3/1/2013 11:10:34 PM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 3/1/2013 11:10:34 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 3/1/2013 11:10:34 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 3/1/2013 11:10:34 PM, Error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: %%-2147467243 3/1/2013 11:10:34 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure. 3/1/2013 11:10:34 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure. 3/1/2013 11:10:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 3/1/2013 11:10:19 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT' was corrupted and it has been recovered. Some data might have been lost. 3/1/2013 11:06:56 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 3/1/2013 11:05:11 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 3/1/2013 10:01:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 2/28/2013 11:52:34 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread 2/28/2013 11:51:37 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The pipe has been ended. 2/27/2013 4:48:54 PM, Error: Microsoft-Windows-WHEA-Logger [18] - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Internal Timer Error Processor ID: 6 The details view of this entry contains further information. 2/27/2013 4:48:42 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file. 2/27/2013 4:48:42 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000101 (0x0000000000000019, 0x0000000000000000, 0xfffff88003500180, 0x0000000000000006). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: . 2/27/2013 4:32:10 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 2/26/2013 4:42:15 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2. 2/25/2013 4:41:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. . ==== End Of File =========================== Also, as I mentioned in my previous side post, In safe mode with command prompt, whenever i try doing a system restore using system protection (All Programs --> Accessories --> System Tools, --> System Restore.) It reboots with a message saying: "System Restore did not complete successfully. Your computer's system files and settings were not changed. Details: System Restore failed to extract the file (C:\Users\Chris\AppData\LocalLow\Sun\Java\jre1.6.0_17\gtapi.dll) from the restore point. The restore point was damaged or was deleted during the restore." Please advise the next step. Thanks again for all your time and efforts!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.