Jump to content

nuscher143

Honorary Members
 View Profile  See their activity

  • Posts

    73

  • Joined

  • Last visited

 Content Type 

Everything posted by nuscher143

  1. nuscher143
    When I click uninstall nothing happens as far as I can tell unless it is doing something in the background. I will run OTL
  2. nuscher143
    https://www.virustotal.com/file/5cbd7f4b8f991ccab51cfc1fd0a5437013c5196f3c636632d691103aa3708adb/analysis/1354162278/ I don't recognize anything in that Saveas folder. There is an uninstall in that folder and other files in there that I don't recognize. It says it is an activeX file. Should I hit uninstall?
  3. nuscher143
    mjusbsp is for my magic jack I will go check out the other file
  4. nuscher143
    OTL Extras logfile created on: 11/27/2012 9:29:39 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Elaine\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.80 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 51.66% Memory free 7.60 Gb Paging File | 5.30 Gb Available in Paging File | 69.69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 448.45 Gb Total Space | 320.90 Gb Free Space | 71.56% Space Free | Partition Type: NTFS Drive D: | 17.01 Gb Total Space | 2.46 Gb Free Space | 14.45% Space Free | Partition Type: NTFS Computer Name: FISCHER-HP | User Name: Elaine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03F675BA-FD2A-44B4-BE86-8169113478FD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0B874A08-EBD9-4FAE-808A-3388F21D2F24}" = lport=137 | protocol=17 | dir=in | app=system | "{37476368-534F-46D4-B296-51FA5647F18A}" = rport=138 | protocol=17 | dir=out | app=system | "{3C5831DC-77A4-45B9-998C-12CB5C8759A1}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{41586A66-26EF-417B-A362-173083A2D27C}" = rport=445 | protocol=6 | dir=out | app=system | "{4712461E-6C59-4D22-8FAE-01005F7C3F83}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{49EAC416-9ED0-44C4-924F-EB9766D0DE2E}" = lport=10243 | protocol=6 | dir=in | app=system | "{56EDE100-433D-42C2-A533-D38E90B84850}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5A2D84D7-5038-4AC0-9DE6-881919D5806A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{81A9087C-B829-4712-A180-8C48BB294AB9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8637B547-3FB1-4091-8638-93832CBB9506}" = lport=2869 | protocol=6 | dir=in | app=system | "{8843C8C1-301E-4F43-9A53-FAD8FA53DB6E}" = rport=139 | protocol=6 | dir=out | app=system | "{94034794-6651-4544-BCB7-66C055ECF250}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{952BD48A-71CB-4D66-98DD-7142D8835A68}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9B366D1F-C02E-4DD0-89E6-9354BE1291F5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A61B103F-1146-430B-94CF-F00584620CED}" = lport=138 | protocol=17 | dir=in | app=system | "{AB19DB94-A320-4E21-9E9E-0870A3EDD8BD}" = lport=139 | protocol=6 | dir=in | app=system | "{B5448F03-D2ED-4445-9117-99937FEFD773}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{B8760841-1085-44E9-85EA-189A94F1841B}" = lport=445 | protocol=6 | dir=in | app=system | "{B996C0F8-2DA4-4DA9-9FB1-97647ED1B9CD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BB4F4100-B31C-42F9-A962-5028480E6ED8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BBAF0D27-59B0-4697-9FFE-C0B994C54D58}" = rport=10243 | protocol=6 | dir=out | app=system | "{BD9F3D61-D1FA-4056-9DF2-889E842F481C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C1DA9B26-3E58-42BD-A815-8C3062B5B7C0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CD97B3AB-1D3B-4482-AAF4-06CF444A2800}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{DD179C8E-7578-4726-BF68-3099EB9B4633}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DF8D35E5-6809-45A2-9D08-6A3F35AADA53}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E4B33869-B784-4012-9E37-8FE13FAE5A0F}" = rport=137 | protocol=17 | dir=out | app=system | "{E95702BE-1539-4A84-93C9-5BC0915F1FD5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EEFA7DC2-0EC5-4AEB-861D-A24AAB35D538}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{F512DACA-67F2-4621-B785-DE038DA8C449}" = lport=2869 | protocol=6 | dir=in | app=system | "{F6669BE8-DDA4-4508-9615-7720E0F3AACB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03CF7D55-8588-42BC-B164-F71FC10CDBB3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{04ED704E-D703-4738-8442-04D0F0CD9945}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{08B15F88-D776-4B5F-B92C-08B50DAD446E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{1196A8D0-B69F-4B07-8492-510A869A6F5F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{11A40812-9221-417E-98CC-CF7FF5F3BE56}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{1933463C-FF56-4E8A-A317-5CE7554C7F9A}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | "{1C6D839C-BF69-4F9E-BF48-CA4D96E1FDF1}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe | "{1E7A6D61-5ADD-41EB-9B8E-07F77A3F9C13}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{1F29EEC3-0A65-41B2-AB9D-CAA21D00C568}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{240E44A1-3D31-4DA3-A217-72EF5D635183}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{2D1ED819-12B4-4FFE-8361-12214E0B220E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{2DE545D6-6227-4CD5-BDBA-2BD4980BFEB0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{30D060A9-58E9-4225-AD40-6B2124F43A2B}" = protocol=6 | dir=in | app=c:\program files (x86)\motorola media link\mml.exe | "{3113B432-086B-4788-BCAF-F47066696038}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{36B41DCC-3815-432A-B641-2FAD551A58DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{384183B0-BB0C-4018-8C40-47F20E986D5D}" = protocol=17 | dir=in | app=c:\program files (x86)\motorola media link\mml.exe | "{38CA3161-621A-4374-9687-E160E24ADBEA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{38D5F4F9-8C62-404A-B0F3-B28542855056}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe | "{3C013629-57DF-4095-80CE-7E64D4230BA3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3CCCBC46-13CA-4730-8D6B-D3EC960C2B2A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{3D4194D7-0B9D-470B-A93E-7930D2F267D6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{3D6F59B6-5DB9-4284-A1F8-854660EF9F9B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{3F013908-1553-484D-BAAB-7F63F63910CC}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | "{4B4121A2-7EEA-4C6B-8F7E-F088444D88C5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4BA4CA65-4EA7-419D-BF68-AEE114D01D81}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4BFD6172-D428-4664-986E-01C039DAC905}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{4F8C8074-A764-4273-90AA-421FF9D299CA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{521DAC03-067D-4B61-A6F5-7B616BF4114A}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe | "{534C6956-869C-4FF7-993F-EE8548EF3D53}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5609EF80-47BC-46C7-99A3-C490817CB1A8}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{59D8097A-BB0A-481C-9C12-CE796CDDE0D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5A7F2F71-925D-4409-AA41-27A941302456}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{5DF13555-FE1F-40E4-A9F2-92C07293DD85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{650DCD98-612F-4480-9FBE-F30AF27EB7ED}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{6D6AAFBC-3EDC-4253-B828-51AB7EC66068}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{70D6A07B-B078-40A2-8208-55E67203ABCE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{7733C2BD-718F-4799-AAA5-78AFE5C7165D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{7736BC01-9AEF-4BA2-9093-A097DC19E888}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{7B449B31-8D74-4857-89F0-C4DCF880B5B7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{7C720469-97B6-435B-87E2-73106DA7E6C6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{8091681B-BFE7-4DDA-A96B-AF803343CBA6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | "{85073B38-ACC1-4813-86CD-D817C44D1565}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{85FB4E13-E4EF-4CC7-94E1-889DAC506CF8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{8ED87E8A-0779-4BA9-BAA3-94434D538076}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe | "{8EFC17FA-88AC-4EBF-BC71-1E829AA14B12}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{94E991C3-82A1-49D8-9B5E-0129D96FAFC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9B34F88B-84BB-4FC4-AF97-DC423B31CCC3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{9B46072F-D13D-40A4-BE88-4EAFECEC9284}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A04D4553-6B91-4376-BFFF-D81A1FC5C83B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A2D058E0-45EC-4CDB-B221-6904231AC941}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{AEF6F5D8-85C1-44F6-9C99-930E57E0B763}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B619B8DC-E044-4A5A-B1E5-60C406779960}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BFC849E7-ED11-42B7-B0A3-7A5390380562}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C18CE468-EF1F-42C3-B655-1CAD6FB342AE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{CD058E16-57AB-4F4D-844A-3EF578A6C746}" = dir=in | app=c:\users\elaine\appdata\local\temp\7zs5a01\oj6500ve709_full_14\setup\hpznui40.exe | "{D14D6C9D-6BE2-44D0-87DC-4D3B741421C4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{D23AD0F6-0F75-42D6-8D2F-F300FC4B2BAD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{E20352CF-33DB-484C-A249-0AC9A7A78D6A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{EFE8EFB4-D8ED-484D-860F-E26F6AE8EA59}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{F110F4C8-5729-47BE-B96F-E3719DC3BAEE}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{F24F4838-2F34-4C7E-BD92-E5D00C359D82}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{F2896AC7-AB3F-4ED1-9325-DAD671356AAC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{F8CDEF9D-9087-405A-904D-DD2EE93F9C11}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F9698EB6-AA21-484D-92BE-8ACC6BB02A6E}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{FB108B38-5A83-40BC-BCEE-98AE53EC6055}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{FBCB178D-CABA-464D-B405-12344C1F4BA9}" = protocol=6 | dir=out | app=system | "{FFF7496A-ABA6-4661-ADF5-CF7AF68F15A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{21AD9432-AA6A-4236-8DE3-2CBB1147055C}C:\users\elaine\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\elaine\appdata\roaming\mjusbsp\magicjack.exe | "TCP Query User{59BCBBF7-4C7B-4C00-A019-BC1CC26A1D1B}C:\users\elaine\appdata\local\temp\g2_635\g2viewer.exe" = protocol=6 | dir=in | app=c:\users\elaine\appdata\local\temp\g2_635\g2viewer.exe | "TCP Query User{9A995D41-3D80-4D1D-A5B7-F81E3A94B308}C:\users\elaine\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\elaine\appdata\roaming\mjusbsp\magicjack.exe | "TCP Query User{9B015755-B1BC-4263-A5DD-7E95F76DA66A}C:\users\elaine\appdata\local\temp\g2_626\g2viewer.exe" = protocol=6 | dir=in | app=c:\users\elaine\appdata\local\temp\g2_626\g2viewer.exe | "TCP Query User{CF216D91-AD71-413E-8C97-AD59DB1209BE}C:\program files (x86)\motorola media link\mml.exe" = protocol=6 | dir=in | app=c:\program files (x86)\motorola media link\mml.exe | "TCP Query User{D96B7310-A17A-4C78-B191-F15380E439D1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{E786575C-0775-4587-A1FC-B33A6CFC4707}C:\users\elaine\appdata\local\temp\g2_626\g2viewer.exe" = protocol=6 | dir=in | app=c:\users\elaine\appdata\local\temp\g2_626\g2viewer.exe | "UDP Query User{0D92EDBB-0CCD-4CBE-8232-A4E8937AB899}C:\program files (x86)\motorola media link\mml.exe" = protocol=17 | dir=in | app=c:\program files (x86)\motorola media link\mml.exe | "UDP Query User{110DC4E4-28B8-4F1B-9BEB-E62EECD9801D}C:\users\elaine\appdata\local\temp\g2_626\g2viewer.exe" = protocol=17 | dir=in | app=c:\users\elaine\appdata\local\temp\g2_626\g2viewer.exe | "UDP Query User{1C4B970B-42A7-475D-8C03-E98888E9F76C}C:\users\elaine\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\elaine\appdata\roaming\mjusbsp\magicjack.exe | "UDP Query User{308997D2-554E-4864-860C-3D787F07DFF2}C:\users\elaine\appdata\local\temp\g2_626\g2viewer.exe" = protocol=17 | dir=in | app=c:\users\elaine\appdata\local\temp\g2_626\g2viewer.exe | "UDP Query User{79BFB6B4-928B-44A3-B998-CE068501E725}C:\users\elaine\appdata\local\temp\g2_635\g2viewer.exe" = protocol=17 | dir=in | app=c:\users\elaine\appdata\local\temp\g2_635\g2viewer.exe | "UDP Query User{8A070837-8295-4214-8A46-9CBA42CDDBC7}C:\users\elaine\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\elaine\appdata\roaming\mjusbsp\magicjack.exe | "UDP Query User{8C9E8D40-9757-4F7C-99C1-83F9110F00E4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd "{1CCF1727-A817-4FEE-A028-5466FB542934}" = Motorola Mobile Drivers Installation 5.2.0 "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit) "{2A9BBEC3-6AA4-4564-9C3F-6B1CED7F4A76}" = 2X Client-64 bit "{2BF35D84-6377-4F70-9F39-97CF67E67FFF}" = Microsoft IntelliPoint 8.0 "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{58D79E62-CFC8-4331-8469-3A1B16E1769C}" = HP Officejet 6500 E709 Series "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B305FB9-297D-4F86-BC8B-740E7A1EF200}" = AVG 2013 "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant "{BB0CAB96-2EDE-4DDF-B6F3-AEE02C0F1CA4}" = AVG 2013 "{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit "AVG" = AVG 2013 "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "HPOCR" = OCR Software by I.R.I.S. 14.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Shop for HP Supplies" = Shop for HP Supplies "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00A42832-B21A-4296-B5F4-D296D0BC4A3E}" = HP Quick Launch "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0 "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{15DEB27E-51C8-4626-961D-E0D7E49C6F89}" = Brother HL-5340D "{16726771-C380-4280-BAF9-1223B3838786}" = SaveAs "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26252794-F3EC-4419-8BBD-A9D51D296A6D}" = AXIS Media Control Embedded Installer "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{2CC5FCAE-51BA-4926-8C2B-4F07E54F6EA3}" = ScanSnap "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{3A3532ED-A121-4297-AA4F-70B60E4BD631}" = Playalot Games "{3BE02281-FCCF-44BB-8413-AC4A633059EB}" = BPDSoftware "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{3EE9EB18-62AD-4F68-AD11-2DF358CBDCA2}" = RollerCoaster Tycoon "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4D62FAE5-B503-40CA-A33B-2BFAA6574155}" = LittlePPT "{55E63724-2BFE-49BC-B03E-9BE0F62E18C2}" = ScanSnap Organizer "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{68654483-9629-4CF5-88FF-9FB70B3BECDE}" = ProductContext "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69ABD67D-5C2E-4724-B519-695DEF3EC23B}" = HP Documentation "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update "{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DCD0779-8811-4060-9227-871E2FD48E45}" = CardMinder V4.1 "{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0 "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{99F67894-9486-413F-94E1-8B12B1606EAB}" = BPDSoftware_Ini "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5 "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{AA787E05-E835-4812-AA3D-4048C8A46587}" = 6500_E709_eDocs "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BB558CDC-C7BE-44D0-9260-B810D66702C4}" = 6500_E709n "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager "{D9DC70B6-BE13-41DD-9053-9E617E72D085}" = MOTOROLA MEDIA LINK "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.2.336 "{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F53B432E-BD19-4400-BFA0-2BBD16410F8F}" = 6500_E709_Help "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FB400000-0002-0000-0000-074957833700}" = ABBYY FineReader for ScanSnap 4.1 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "AIM_7" = AIM 7 "AnswerWorks" = AnswerWorks Runtime "AXIS Media Control Embedded" = AXIS Media Control Embedded "Corel Applications" = Corel Applications "Coupon Companion" = Coupon Companion "HP Photo Creations" = HP Photo Creations "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "MotoHelper" = MotoHelper 2.0.51 Driver 5.2.0 "Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "My HP Game Console" = HP Game Console "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "Red Alert 2" = Command & Conquer Red Alert 2 "Revo Uninstaller" = Revo Uninstaller 1.94 "SP_8e4eb48d" = Search Assistant MocaFlix 1.66 "uTorrent" = µTorrent "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite_Wave3" = Windows Live Essentials "WOLAPI" = Westwood Shared Internet Components "WT087328" = Blackhawk Striker 2 "WT087335" = Build-a-lot 2 "WT087342" = Dora's Carnival Adventure "WT087360" = Escape Rosecliff Island "WT087361" = FATE "WT087362" = Final Drive Nitro "WT087372" = Heroes of Hellas 2 - Olympia "WT087373" = Jewel Quest 3 "WT087379" = Jewel Quest Solitaire 2 "WT087394" = Penguins! "WT087395" = Poker Superstars III "WT087396" = Polar Bowler "WT087397" = Polar Golfer "WT087414" = Virtual Families "WT087415" = Wheel of Fortune 2 "WT087428" = Bejeweled 2 Deluxe "WT087453" = Chuzzle Deluxe "WT087501" = Plants vs. Zombies "WT087513" = Virtual Villagers - The Secret City "WT087533" = Zuma Deluxe "WT087536" = Diner Dash 2 Restaurant Rescue ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1763447205-1324904601-2387708082-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "JoinMe" = join.me "magicJack" = magicJack ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/25/2012 2:18:51 PM | Computer Name = Fischer-HP | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe_LanmanServer, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process id: 0x45c Faulting application start time: 0x01cdcb391edfd63c Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: unknown Report Id: 8fa68f52-372c-11e2-8ade-8f843fd24af0 Error - 11/25/2012 5:15:47 PM | Computer Name = Fischer-HP | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16455 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: de0 Start Time: 01cdcb5202d39f64 Termination Time: 31 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 11/27/2012 11:37:40 AM | Computer Name = Fischer-HP | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files (x86)\Motorola Media Link\NMDllHost.exe.Manifest". Dependent Assembly NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 11/27/2012 11:39:54 AM | Computer Name = Fischer-HP | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 11/27/2012 11:41:45 AM | Computer Name = Fischer-HP | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. [ Hewlett-Packard Events ] Error - 7/26/2012 9:58:31 PM | Computer Name = Fischer-HP | Source = HPSF.exe | ID = 4000 Description = Error - 8/12/2012 9:03:28 PM | Computer Name = Fischer-HP | Source = HPSF.exe | ID = 4000 Description = Error - 8/26/2012 2:11:21 AM | Computer Name = Fischer-HP | Source = HPSF.exe | ID = 4000 Description = Error - 9/16/2012 2:54:51 PM | Computer Name = Fischer-HP | Source = HPSF.exe | ID = 4000 Description = Error - 9/26/2012 10:18:31 AM | Computer Name = Fischer-HP | Source = HPSF.exe | ID = 4000 Description = Error - 10/7/2012 1:59:26 PM | Computer Name = Fischer-HP | Source = HPSF.exe | ID = 4000 Description = Error - 10/7/2012 1:59:26 PM | Computer Name = Fischer-HP | Source = HPSF.exe | ID = 4000 Description = Error - 10/26/2012 1:41:40 PM | Computer Name = Fischer-HP | Source = HPSF.exe | ID = 4000 Description = Error - 11/19/2012 7:41:03 PM | Computer Name = Fischer-HP | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties() Message: Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties() Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3893 Ram Utilization: TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties() Error - 11/19/2012 7:46:52 PM | Computer Name = Fischer-HP | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties() Message: Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties() Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3893 Ram Utilization: 40 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties() [ HP Software Framework Events ] Error - 10/15/2012 10:39:43 AM | Computer Name = Fischer-HP | Source = CaslWmi | ID = 5 Description = 2012/10/15 10:39:43.091|00001834|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 10/21/2012 3:43:27 PM | Computer Name = Fischer-HP | Source = CaslWmi | ID = 5 Description = 2012/10/21 15:43:27.901|000006E4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 10/21/2012 3:47:03 PM | Computer Name = Fischer-HP | Source = CaslWmi | ID = 5 Description = 2012/10/21 15:47:03.768|00001D48|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 10/26/2012 1:42:13 PM | Computer Name = Fischer-HP | Source = CaslWmi | ID = 5 Description = 2012/10/26 13:42:13.286|00001858|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 10/26/2012 1:43:55 PM | Computer Name = Fischer-HP | Source = CaslWmi | ID = 5 Description = 2012/10/26 13:43:55.909|00002154|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 10/28/2012 12:36:48 PM | Computer Name = Fischer-HP | Source = CaslWmi | ID = 5 Description = 2012/10/28 12:36:48.573|000006C8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 11/4/2012 3:33:29 PM | Computer Name = Fischer-HP | Source = CaslWmi | ID = 5 Description = 2012/11/04 14:33:29.093|00000D6C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 11/4/2012 3:34:49 PM | Computer Name = Fischer-HP | Source = CaslWmi | ID = 5 Description = 2012/11/04 14:34:49.191|00001A90|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 11/11/2012 1:48:35 PM | Computer Name = Fischer-HP | Source = CaslWmi | ID = 5 Description = 2012/11/11 12:48:35.639|00001D64|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 11/18/2012 6:09:40 PM | Computer Name = Fischer-HP | Source = CaslWmi | ID = 5 Description = 2012/11/18 17:09:40.385|00001D70|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state [ HP Wireless Assistant Events ] Error - 2/26/2011 12:16:20 PM | Computer Name = Fischer-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 2/26/2011 12:17:25 PM | Computer Name = Fischer-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 2/26/2011 12:18:30 PM | Computer Name = Fischer-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 2/26/2011 12:19:36 PM | Computer Name = Fischer-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 2/26/2011 12:20:41 PM | Computer Name = Fischer-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c() Error - 12/28/2011 4:45:18 AM | Computer Name = Fischer-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize() at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1 radios) at HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 2/15/2012 11:18:56 PM | Computer Name = Fischer-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize() at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 6/18/2012 7:26:20 AM | Computer Name = Fischer-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize() at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1 radios) at HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 10/26/2012 1:20:46 PM | Computer Name = Fischer-HP | Source = HP WA Application | ID = 0 Description = System.Exception HardwareAccess hasn't been instantiated properly. at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme) Error - 11/10/2012 4:04:08 PM | Computer Name = Fischer-HP | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize() at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList() [ System Events ] Error - 11/25/2012 2:19:04 PM | Computer Name = Fischer-HP | Source = Service Control Manager | ID = 7031 Description = The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 11/25/2012 2:19:04 PM | Computer Name = Fischer-HP | Source = Service Control Manager | ID = 7031 Description = The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error - 11/25/2012 2:19:04 PM | Computer Name = Fischer-HP | Source = Service Control Manager | ID = 7031 Description = The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error - 11/25/2012 2:19:04 PM | Computer Name = Fischer-HP | Source = Service Control Manager | ID = 7031 Description = The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 11/25/2012 2:19:04 PM | Computer Name = Fischer-HP | Source = Service Control Manager | ID = 7031 Description = The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 11/25/2012 2:19:04 PM | Computer Name = Fischer-HP | Source = Service Control Manager | ID = 7031 Description = The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error - 11/25/2012 2:20:04 PM | Computer Name = Fischer-HP | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: %%1056 Error - 11/25/2012 2:21:04 PM | Computer Name = Fischer-HP | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: %%1056 Error - 11/25/2012 2:21:04 PM | Computer Name = Fischer-HP | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: %%1056 Error - 11/25/2012 2:21:04 PM | Computer Name = Fischer-HP | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: %%1056 < End of report >
  5. nuscher143
    OTL logfile created on: 11/27/2012 9:29:39 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Elaine\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.80 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 51.66% Memory free 7.60 Gb Paging File | 5.30 Gb Available in Paging File | 69.69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 448.45 Gb Total Space | 320.90 Gb Free Space | 71.56% Space Free | Partition Type: NTFS Drive D: | 17.01 Gb Total Space | 2.46 Gb Free Space | 14.45% Space Free | Partition Type: NTFS Computer Name: FISCHER-HP | User Name: Elaine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/27 21:28:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elaine\Desktop\OTL.exe PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012/10/22 13:04:06 | 000,329,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe PRC - [2012/10/08 13:34:19 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/02/15 11:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2011/04/26 15:23:02 | 000,223,088 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe PRC - [2011/04/26 15:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe PRC - [2010/11/05 15:11:52 | 000,081,920 | R--- | M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe PRC - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe PRC - [2010/04/13 12:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/04/13 12:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2009/12/02 21:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2009/12/02 21:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe ========== Modules (No Company Name) ========== MOD - [2012/11/16 10:01:04 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\87cabb0fdab32b869f1b180d10336ee0\IAStorUtil.ni.dll MOD - [2012/11/16 09:35:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012/11/16 09:35:09 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012/11/16 09:35:03 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012/11/16 09:34:48 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll MOD - [2012/11/16 09:34:42 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012/11/16 09:34:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012/11/16 09:34:37 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012/11/16 09:34:31 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012/11/05 14:48:34 | 000,129,024 | ---- | M] () -- C:\ProgramData\SaveAs\509818124f872.ocx MOD - [2012/10/11 05:54:00 | 000,427,520 | ---- | M] () -- c:\Program Files (x86)\MocaFlix\sprotector.dll MOD - [2011/04/26 15:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ========== Services (SafeList) ========== SRV:64bit: - [2010/06/24 14:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService) SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/11/02 00:08:48 | 001,340,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws) SRV - [2012/10/29 10:18:50 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012/10/08 14:11:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2012/02/15 11:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2011/04/26 15:23:02 | 000,223,088 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2010/11/05 15:11:52 | 000,081,920 | R--- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe -- (DeviceMonitorService) SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service) SRV - [2010/04/13 12:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/12/02 21:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2009/12/02 21:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/05/31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012/10/02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/09/21 02:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012/09/21 02:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012/09/14 02:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012/09/04 09:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd) DRV:64bit: - [2012/05/12 20:41:16 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/08/13 09:22:38 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/05/12 14:44:26 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice) DRV:64bit: - [2011/04/04 13:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp) DRV:64bit: - [2011/03/31 13:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem) DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/07 15:03:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/16 06:09:18 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010/09/29 06:01:46 | 000,695,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/05/31 14:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/04/13 12:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/04/01 13:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet) DRV:64bit: - [2010/02/03 09:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009/12/02 21:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2009/12/02 21:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2009/12/02 21:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2009/12/02 21:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2009/09/22 20:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009/07/10 12:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb) DRV:64bit: - [2009/06/19 21:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/01/29 16:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl) DRV:64bit: - [2009/01/29 16:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService) DRV:64bit: - [2007/11/02 14:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService) DRV - [2009/09/22 20:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{06BE319A-12F4-4DBF-AFC7-60719C56F07E}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{5270373D-B080-4C2F-94FF-658857040001}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{958B1603-B027-4371-A8A7-65F12F8A4159}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl IE:64bit: - HKLM\..\SearchScopes\{E7990CB6-0693-4C52-BC62-35EB8CBEA5C4}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{06BE319A-12F4-4DBF-AFC7-60719C56F07E}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{5270373D-B080-4C2F-94FF-658857040001}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{958B1603-B027-4371-A8A7-65F12F8A4159}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm333YYus&ptnrS=XPxdm333YYus&si=tvshowinsider-2-v2&ptb=21C903D6-2748-4687-B2FE-48EC626BFD15&psa=&ind=2012110514&st=sb&n=77ee5eb2&searchfor={searchTerms} IE - HKLM\..\SearchScopes\{E7990CB6-0693-4C52-BC62-35EB8CBEA5C4}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1763447205-1324904601-2387708082-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-1763447205-1324904601-2387708082-1000\..\SearchScopes,DefaultScope = {E7990CB6-0693-4C52-BC62-35EB8CBEA5C4} IE - HKU\S-1-5-21-1763447205-1324904601-2387708082-1000\..\SearchScopes\{06BE319A-12F4-4DBF-AFC7-60719C56F07E}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-1763447205-1324904601-2387708082-1000\..\SearchScopes\{5270373D-B080-4C2F-94FF-658857040001}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKU\S-1-5-21-1763447205-1324904601-2387708082-1000\..\SearchScopes\{958B1603-B027-4371-A8A7-65F12F8A4159}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl IE - HKU\S-1-5-21-1763447205-1324904601-2387708082-1000\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm333YYus&ptnrS=XPxdm333YYus&si=tvshowinsider-2-v2&ptb=21C903D6-2748-4687-B2FE-48EC626BFD15&psa=&ind=2012110514&st=sb&n=77ee5eb2&searchfor={searchTerms} IE - HKU\S-1-5-21-1763447205-1324904601-2387708082-1000\..\SearchScopes\{E7990CB6-0693-4C52-BC62-35EB8CBEA5C4}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-1763447205-1324904601-2387708082-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultenginename,S: S", "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.order.1,S: S", "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.selectedEngine,S: S", "" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - prefs.js..keyword.URL: "" FF - prefs.js..browser.startup.homepage: "" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Elaine\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Elaine\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/01 15:29:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/29 10:18:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/29 10:13:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/01 15:29:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/29 10:18:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/29 10:13:09 | 000,000,000 | ---D | M] [2011/11/05 23:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elaine\AppData\Roaming\Mozilla\Extensions [2012/11/24 23:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ykvgrh2l.default\extensions [2012/11/09 16:28:34 | 000,000,000 | ---D | M] (SaveAs) -- C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ykvgrh2l.default\extensions\509818124f6e3@509818124f71c.com [2012/01/10 10:10:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/10/29 10:18:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/10/29 10:18:48 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/10/29 10:18:48 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - Extension: No name found = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\beangobbibcpcbmkianmgngglepmmnng\2_0\ CHR - Extension: No name found = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: No name found = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: No name found = C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012/11/25 12:55:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (SaveAs Class) - {3C34F43D-8C1D-4118-F130-21D1F94ACC5B} - C:\ProgramData\SaveAs\509818124f872.ocx () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll File not found O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O3 - HKU\S-1-5-21-1763447205-1324904601-2387708082-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - Startup: C:\Users\Elaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2X Client.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1763447205-1324904601-2387708082-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1763447205-1324904601-2387708082-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1763447205-1324904601-2387708082-1000\..Trusted Domains: google.com ([www] http in Trusted sites) O15 - HKU\S-1-5-21-1763447205-1324904601-2387708082-1000\..Trusted Domains: optimum.net ([webtop.webmail] https in Trusted sites) O15 - HKU\S-1-5-21-1763447205-1324904601-2387708082-1000\..Trusted Domains: optimum.net ([www] http in Trusted sites) O15 - HKU\S-1-5-21-1763447205-1324904601-2387708082-1000\..Trusted Domains: worldwinner.com ([www] http in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} http://www.worldwinner.com/games/v47/skillgam/skillgam.cab (SkillGam Control) O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object) O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab (TPIR Control) O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinner.com/games/v48/brickout/brickout.cab (Brickout Control) O16 - DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} http://www.worldwinner.com/games/v56/trivialpursuit/trivialpursuit.cab (TrivialPursuit Control) O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} http://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab (WWHearts Control) O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab (SpiderSolitaire Control) O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab (Blockwerx Control) O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab (Jeopardy Control) O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinner.com/games/v41/freecell/freecell.cab (FreeCell Control) O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control) O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab (WorldWinner ActiveX Launcher Control) O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab (BejeweledTwist Control) O16 - DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} http://www.worldwinner.com/games/v68/clue/clue.cab (Clue Control) O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinner.com/games/v41/hangman/hangman.cab (Hangman Control) O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinner.com/games/v46/monopoly/monopoly.cab (Monopoly Control) O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42/tilecity/tilecity.cab (Tilecity Control) O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinner.com/games/v45/royal/royal.cab (Royal Control) O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab (DinerDash Control) O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab (MysteryPI Control) O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinner.com/games/v43/paint/paint.cab (Paint Control) O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} http://www.worldwinner.com/games/v44/golfsol/golfsol.cab (GolfSol Control) O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinner.com/games/v54/wwspades/wwspades.cab (WWSpades Control) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.112.138 167.206.7.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7BDC0D9-0AC7-4C1D-AE03-EB558E114AA1}: DhcpNameServer = 167.206.112.138 167.206.7.4 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (c:\PROGRA~2\MocaFlix\sprotector.dll) - c:\Program Files (x86)\MocaFlix\sprotector.dll () O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/27 21:28:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Elaine\Desktop\OTL.exe [2012/11/25 12:56:09 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012/11/24 23:00:29 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2012/11/24 22:53:07 | 000,000,000 | ---D | C] -- C:\JRT [2012/11/24 13:48:17 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2012/11/24 13:48:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2012/11/24 12:27:24 | 000,000,000 | ---D | C] -- C:\Users\Elaine\Desktop\RK_Quarantine [2012/11/24 12:21:57 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Elaine\Desktop\dds.com [2012/11/19 18:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support [2012/11/19 18:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} [2012/11/08 15:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/11/05 14:38:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MocaFlix [2012/11/05 14:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveAs [2012/11/05 14:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs [2012/11/05 14:32:52 | 000,000,000 | ---D | C] -- C:\Users\Elaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivitizeVPN [2012/11/05 14:32:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrivitizeVPN [2012/11/02 10:03:34 | 000,000,000 | ---D | C] -- C:\Users\Elaine\NEMS [2012/10/29 10:24:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012/10/29 10:22:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2011/02/26 17:44:56 | 001,062,984 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Elaine\gotomypc_540.exe ========== Files - Modified Within 30 Days ========== [2012/11/27 21:28:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Elaine\Desktop\OTL.exe [2012/11/27 21:19:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1763447205-1324904601-2387708082-1000UA.job [2012/11/27 21:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/27 20:22:55 | 000,002,494 | ---- | M] () -- C:\Users\Elaine\Desktop\Google Chrome.lnk [2012/11/27 19:19:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1763447205-1324904601-2387708082-1000Core.job [2012/11/27 09:35:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/26 22:07:25 | 000,361,539 | ---- | M] () -- C:\Users\Elaine\Desktop\newest popup for MrC.png [2012/11/26 21:53:55 | 000,345,648 | ---- | M] () -- C:\Users\Elaine\Desktop\msert.exe [2012/11/25 17:16:51 | 000,002,133 | ---- | M] () -- C:\Users\Elaine\Desktop\Elaine new comp.lnk [2012/11/25 13:26:21 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/25 13:26:21 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/25 13:25:04 | 000,727,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/25 13:25:04 | 000,624,856 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/25 13:25:04 | 000,106,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/25 13:17:50 | 000,001,997 | ---- | M] () -- C:\Users\Elaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2X Client.lnk [2012/11/25 13:17:18 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys [2012/11/25 12:55:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/11/25 12:36:26 | 005,006,177 | R--- | M] (Swearware) -- C:\Users\Elaine\Desktop\ComboFix.exe [2012/11/24 22:53:06 | 000,906,810 | ---- | M] () -- C:\Users\Elaine\Desktop\JRT.exe [2012/11/24 22:52:37 | 000,480,125 | ---- | M] () -- C:\Users\Elaine\Desktop\adwcleaner.exe [2012/11/24 21:42:10 | 000,735,061 | ---- | M] () -- C:\Users\Elaine\Desktop\1 another pop up.png [2012/11/24 21:09:04 | 000,353,815 | ---- | M] () -- C:\Users\Elaine\Desktop\1 pop up.png [2012/11/24 13:48:17 | 000,001,268 | ---- | M] () -- C:\Users\Elaine\Desktop\Revo Uninstaller.lnk [2012/11/24 12:27:21 | 000,752,128 | ---- | M] () -- C:\Users\Elaine\Desktop\RogueKiller.exe [2012/11/24 12:21:57 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Elaine\Desktop\dds.com [2012/11/24 12:01:37 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/23 21:38:23 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForElaine.job [2012/11/19 18:35:07 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk [2012/11/16 09:26:47 | 000,371,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/11/08 15:45:33 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012/11/01 15:34:26 | 000,002,044 | ---- | M] () -- C:\Users\Elaine\Desktop\nems.RDP [2012/11/01 15:30:33 | 000,002,008 | -H-- | M] () -- C:\Users\Elaine\Data\Documents\Default.rdp [2012/10/29 15:07:39 | 000,002,133 | ---- | M] () -- C:\Users\Elaine\Desktop\GoToMyPC - NEMS server.lnk [2012/10/29 10:13:09 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk ========== Files Created - No Company Name ========== [2012/11/26 22:07:25 | 000,361,539 | ---- | C] () -- C:\Users\Elaine\Desktop\newest popup for MrC.png [2012/11/26 21:53:48 | 000,345,648 | ---- | C] () -- C:\Users\Elaine\Desktop\msert.exe [2012/11/25 17:16:51 | 000,002,133 | ---- | C] () -- C:\Users\Elaine\Desktop\Elaine new comp.lnk [2012/11/24 22:53:02 | 000,906,810 | ---- | C] () -- C:\Users\Elaine\Desktop\JRT.exe [2012/11/24 22:52:23 | 000,480,125 | ---- | C] () -- C:\Users\Elaine\Desktop\adwcleaner.exe [2012/11/24 21:42:10 | 000,735,061 | ---- | C] () -- C:\Users\Elaine\Desktop\1 another pop up.png [2012/11/24 21:09:04 | 000,353,815 | ---- | C] () -- C:\Users\Elaine\Desktop\1 pop up.png [2012/11/24 13:48:17 | 000,001,268 | ---- | C] () -- C:\Users\Elaine\Desktop\Revo Uninstaller.lnk [2012/11/24 12:27:04 | 000,752,128 | ---- | C] () -- C:\Users\Elaine\Desktop\RogueKiller.exe [2012/11/19 18:35:07 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk [2012/11/17 09:10:40 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/15 08:59:33 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/11/01 15:34:26 | 000,002,044 | ---- | C] () -- C:\Users\Elaine\Desktop\nems.RDP [2012/11/01 13:36:09 | 000,002,008 | -H-- | C] () -- C:\Users\Elaine\Data\Documents\Default.rdp [2012/10/29 15:07:39 | 000,002,133 | ---- | C] () -- C:\Users\Elaine\Desktop\GoToMyPC - NEMS server.lnk [2012/10/29 11:57:40 | 000,001,997 | ---- | C] () -- C:\Users\Elaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2X Client.lnk [2012/10/27 11:41:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/10/27 11:41:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/10/27 11:41:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/10/27 11:41:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/10/27 11:41:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/10/26 21:50:41 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini [2012/08/01 11:32:07 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp [2012/06/18 00:00:46 | 000,049,990 | ---- | C] () -- C:\Windows\SysWow64\tubekey.dat [2012/06/18 00:00:35 | 000,000,105 | ---- | C] () -- C:\Windows\SysWow64\get.dat [2012/06/16 10:49:49 | 000,915,987 | ---- | C] ( ) -- C:\Windows\SysWow64\lnsecsl.exe [2012/04/22 19:43:26 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2012/04/22 19:43:25 | 000,031,265 | ---- | C] () -- C:\Windows\HL-5340D.INI [2012/04/22 19:43:16 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012/04/22 19:41:27 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012/04/22 19:41:27 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2012/04/22 19:40:44 | 000,000,326 | ---- | C] () -- C:\Windows\Brownie.ini [2012/04/20 14:12:34 | 000,417,792 | ---- | C] () -- C:\Windows\SysWow64\fxdb.dll [2012/04/20 14:12:00 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\iduninst.dll [2012/04/20 14:11:29 | 001,213,440 | ---- | C] () -- C:\Windows\SysWow64\opengl.dll [2012/04/20 14:11:29 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\glut.dll [2012/04/20 14:11:28 | 000,315,904 | ---- | C] () -- C:\Windows\SysWow64\glu.dll [2012/02/08 11:52:11 | 000,001,084 | ---- | C] () -- C:\Users\Elaine\Documents - Shortcut.lnk [2011/08/30 13:19:27 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI [2011/05/26 17:45:37 | 000,003,584 | ---- | C] () -- C:\Users\Elaine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/05/02 20:18:44 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/03/01 15:25:34 | 000,229,013 | ---- | C] () -- C:\Windows\hpwins23.dat [2011/03/01 15:25:34 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat [2011/02/26 10:30:55 | 000,000,457 | ---- | C] () -- C:\Windows\Fischer-HP0010.ini [2011/01/18 03:53:32 | 002,994,688 | ---- | C] () -- C:\Program Files\openofficeorg33.msi [2011/01/18 03:52:10 | 000,475,016 | ---- | C] () -- C:\Program Files\setup.exe [2011/01/18 03:50:56 | 132,609,310 | ---- | C] () -- C:\Program Files\openofficeorg1.cab [2011/01/18 03:05:08 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/10/29 09:47:49 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2012/10/29 09:47:49 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2012/11/24 23:43:45 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\2XClient [2012/01/15 16:31:44 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\acccore [2012/11/23 21:36:12 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\AVG2013 [2012/04/21 15:17:56 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\com.w3i.plyt [2011/08/30 13:37:49 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\Fujitsu [2011/05/09 15:58:08 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\ID Vault [2012/03/10 13:54:18 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\LaunchPad [2011/08/30 13:28:05 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\Leadertech [2012/10/26 12:15:34 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\mjusbsp [2011/08/24 22:27:08 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\motorola [2011/05/25 14:14:51 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\OpenOffice.org [2011/08/30 13:57:44 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\PFU [2012/10/26 12:12:56 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\SoftGrid Client [2011/03/18 10:34:33 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\Tific [2011/05/02 20:19:55 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\TP [2012/10/26 22:15:46 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\TuneUp Software [2012/11/24 22:54:50 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\uTorrent [2012/07/20 12:12:54 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\Vso [2011/05/24 14:16:06 | 000,000,000 | ---D | M] -- C:\Users\Elaine\AppData\Roaming\WildTangent ========== Purity Check ========== < End of report >
  6. nuscher143
    I just thought you would tell me what to do after I posted the reports from the last 2 programs that I ran. Those reports mean nothing to me I ran Microsoft Safety Scanner and it found nothing. When I sign on to the internet I am still getting popup ads. I have attached an example of 1 of the popups. I still get that PC test one I showed you previously.
  7. nuscher143
    I was waiting for you to comment from my last 2 posts. I still have adware popping up?!?!
  8. nuscher143
    ComboFix 12-11-25.01 - Elaine 11/25/2012 12:38:11.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2465 [GMT -5:00] Running from: c:\users\Elaine\Desktop\ComboFix.exe AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_BKAVAUTO -------\Legacy_SYSLIB . . ((((((((((((((((((((((((( Files Created from 2012-10-25 to 2012-11-25 ))))))))))))))))))))))))))))))) . . 2012-11-25 17:51 . 2012-11-25 17:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-25 17:51 . 2012-11-25 17:51 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-11-25 04:00 . 2012-11-25 04:00 -------- d-----w- c:\windows\ERUNT 2012-11-25 03:53 . 2012-11-25 03:53 -------- d-----w- C:\JRT 2012-11-24 18:48 . 2012-11-24 18:48 -------- d-----w- c:\program files (x86)\VS Revo Group 2012-11-19 23:32 . 2012-11-19 23:32 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} 2012-11-17 14:10 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-17 14:10 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-17 14:10 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-17 14:10 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-15 13:59 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-15 13:59 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-15 13:59 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-15 13:59 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-15 13:59 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-15 13:59 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-15 13:59 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-05 19:38 . 2012-11-05 19:38 -------- d-----w- c:\program files (x86)\MocaFlix 2012-11-05 19:38 . 2012-11-05 19:38 -------- d-----w- c:\programdata\SaveAs 2012-11-05 19:32 . 2012-11-05 19:33 -------- d-----w- c:\program files (x86)\PrivitizeVPN 2012-11-02 15:03 . 2012-11-13 18:29 -------- d-----w- c:\users\Elaine\NEMS 2012-10-31 19:40 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-10-31 19:40 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\rndismpx.sys 2012-10-31 19:40 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-10-31 19:40 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-10-31 19:40 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-10-31 19:40 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-10-29 15:24 . 2012-10-29 15:24 -------- d-----w- c:\windows\system32\SPReview 2012-10-29 15:22 . 2012-10-29 15:22 -------- d-----w- c:\windows\system32\EventProviders 2012-10-29 15:21 . 2012-10-29 15:20 289768 ----a-w- c:\windows\system32\javaws.exe 2012-10-29 15:21 . 2012-10-29 15:20 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-10-29 15:20 . 2012-10-29 15:20 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2012-10-29 15:18 . 2012-10-29 15:18 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll 2012-10-29 15:18 . 2012-10-29 15:18 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe 2012-10-29 15:18 . 2012-10-29 15:18 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe 2012-10-29 14:47 . 2012-10-29 14:47 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software 2012-10-28 05:13 . 2012-10-28 15:54 -------- d-----w- C:\TDSSKiller_Quarantine 2012-10-27 03:18 . 2012-11-24 02:36 -------- d-----w- c:\users\Elaine\AppData\Roaming\AVG2013 2012-10-27 03:15 . 2012-10-27 03:15 -------- d-----w- c:\users\Elaine\AppData\Roaming\TuneUp Software 2012-10-27 03:13 . 2012-10-27 03:28 -------- d-----w- c:\programdata\AVG2013 2012-10-27 03:13 . 2012-10-27 03:13 -------- d-----w- C:\$AVG 2012-10-27 03:11 . 2012-10-27 03:11 -------- d-----w- c:\program files (x86)\AVG 2012-10-27 03:08 . 2012-11-25 17:28 -------- d-----w- c:\programdata\MFAData 2012-10-27 03:08 . 2012-10-27 03:20 -------- d-----w- c:\users\Elaine\AppData\Local\Avg2013 2012-10-27 03:08 . 2012-10-27 03:08 -------- d--h--w- c:\programdata\Common Files 2012-10-27 03:08 . 2012-10-27 03:08 -------- d-----w- c:\users\Elaine\AppData\Local\MFAData 2012-10-27 02:59 . 2012-07-25 16:03 16896 ----a-w- c:\windows\system32\sasnative64.exe 2012-10-27 02:59 . 2012-10-12 20:45 19368 ----a-w- c:\windows\system32\roboot64.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-15 14:00 . 2011-02-26 16:16 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-29 15:36 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-10-29 15:36 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-10-29 15:20 . 2010-07-15 21:33 916456 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-29 15:20 . 2010-07-15 21:33 189416 ----a-w- c:\windows\system32\javaw.exe 2012-10-29 15:20 . 2010-07-15 21:33 188904 ----a-w- c:\windows\system32\java.exe 2012-10-22 18:02 . 2012-10-22 18:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2012-10-17 06:31 . 2012-10-26 17:56 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{237A3994-9595-47F7-BB58-691EAA3E02AD}\mpengine.dll 2012-10-15 08:48 . 2012-10-15 08:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2012-10-08 19:11 . 2012-06-14 12:00 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-08 19:11 . 2011-11-20 05:11 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-05 08:32 . 2012-10-05 08:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2012-10-02 07:30 . 2012-10-02 07:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2012-09-30 00:54 . 2011-12-09 00:09 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-21 07:46 . 2012-09-21 07:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2012-09-21 07:46 . 2012-09-21 07:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys 2012-09-14 19:19 . 2012-10-26 17:39 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-26 17:39 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-09-14 07:05 . 2012-09-14 07:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys 2012-09-04 14:39 . 2012-09-04 14:39 50296 ----a-w- c:\windows\system32\drivers\avgfwd6a.sys 2012-08-31 18:19 . 2012-10-26 17:40 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-26 17:40 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-26 17:40 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-26 17:40 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-01-18 08:53 . 2011-01-18 08:53 2994688 ----a-w- c:\program files\openofficeorg33.msi 2011-01-18 08:52 . 2011-01-18 08:52 475016 ----a-w- c:\program files\setup.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3C34F43D-8C1D-4118-F130-21D1F94ACC5B}] 2012-11-05 19:48 129024 ----a-w- c:\programdata\SaveAs\509818124f872.ocx . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800] . c:\users\Elaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ 2X Client.lnk - c:\program files\2X\Client\APPServerClient.exe [2011-8-26 1790920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~2\MocaFlix\sprotector.dll . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992] R2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936] R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392] R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144] R3 cpuz134;cpuz134;c:\users\Elaine\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928] R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216] R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624] R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-05-12 11776] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-09-29 695400] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-26 1255736] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-05-13 834544] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2012-11-02 1340976] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664] S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\NServiceEntry.exe [2010-11-05 81920] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432] S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 19:11] . 2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1763447205-1324904601-2387708082-1000Core.job - c:\users\Elaine\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-22 23:09] . 2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1763447205-1324904601-2387708082-1000UA.job - c:\users\Elaine\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-22 23:09] . 2012-11-24 c:\windows\Tasks\HPCeeScheduleForElaine.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-13 6486120] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm Trusted Zone: google.com\www Trusted Zone: optimum.net\webtop.webmail Trusted Zone: optimum.net\www Trusted Zone: worldwinner.com\www TCP: DhcpNameServer = 167.206.112.138 167.206.7.4 FF - ProfilePath - c:\users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ykvgrh2l.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: keyword.URL - FF - prefs.js: browser.startup.homepage - FF - ExtSQL: 2012-11-09 16:28; 509818124f6e3@509818124f71c.com; c:\users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ykvgrh2l.default\extensions\509818124f6e3@509818124f71c.com FF - ExtSQL: !HIDDEN! 2011-03-01 15:29; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-Coupon Companion - c:\program files (x86)\Coupon Companion\Uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8, 7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60, bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8 "{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea, 34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89 "{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54, 07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39, 64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{B84CDBE7-1B46-494B-A188-01D4C52DEB61}"=hex:51,66,7a,6c,4c,1d,38,12,89,d8,5f, bc,74,55,25,0c,de,9e,42,94,c0,73,af,75 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec, fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42 "{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e, 51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:1f,6c,bb,c8,a6,b3,cd,01 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe . ************************************************************************** . Completion time: 2012-11-25 13:14:05 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-25 18:13 ComboFix2.txt 2012-11-23 23:39 ComboFix3.txt 2012-10-28 16:18 ComboFix4.txt 2012-10-27 17:13 . Pre-Run: 345,881,178,112 bytes free Post-Run: 345,844,822,016 bytes free . - - End Of File - - 85E4D5F357382ECD7A51A92311203B96
  9. nuscher143
    Going to run Combofix now and I will post when that is done.
  10. nuscher143
    I ran the adware again from my desktop. I ran as administrator. Clicked search and still nothing was found. Here is the report: # AdwCleaner v2.009 - Logfile created 11/25/2012 at 12:28:11 # Updated 24/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Elaine - FISCHER-HP # Boot Mode : Normal # Running from : C:\Users\Elaine\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.2 (en-US) Profile name : default File : C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ykvgrh2l.default\prefs.js Found : user_pref("aol_toolbar.default.homepage.check", false); Found : user_pref("aol_toolbar.default.search.check", false); Found : user_pref("extensions.509818124f78f.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...] Found : user_pref("extensions.BabylonToolbar.prtkDS", 0); Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Found : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Found : user_pref("sweetim.toolbar.searchguard.enable", ""); -\\ Google Chrome v23.0.1271.64 File : C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [7427 octets] - [28/10/2012 15:59:10] AdwCleaner[R3].txt - [2923 octets] - [24/11/2012 22:54:45] AdwCleaner[R4].txt - [1209 octets] - [24/11/2012 23:35:21] AdwCleaner[R5].txt - [1955 octets] - [25/11/2012 12:28:11] AdwCleaner[s1].txt - [6678 octets] - [28/10/2012 17:56:51] AdwCleaner[s2].txt - [3039 octets] - [24/11/2012 22:55:17] ########## EOF - C:\AdwCleaner[R5].txt - [2135 octets] ##########
  11. nuscher143
    Thank you and I will look for your response tomorrow.
  12. nuscher143
    0~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 3.4.9 (11.23.2012) OS: Windows 7 Home Premium x64 Ran by Elaine on Sat 11/24/2012 at 23:00:31.92 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] "hkey_current_user\software\systweak" Successfully deleted: [Registry Key] "hkey_local_machine\software\systweak" Successfully deleted: [Registry Key] hkey_classes_root\clsid\{11111111-1111-1111-1111-110011441193} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{11111111-1111-1111-1111-110011441193} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\systweak" Successfully deleted: [Folder] "C:\Users\Elaine\AppData\Roaming\systweak" Successfully deleted: [Folder] "C:\Users\Elaine\appdata\local\coupon companion" Successfully deleted: [Folder] "C:\Users\Elaine\appdata\locallow\televisionfanatic" Successfully deleted: [Folder] "C:\Program Files (x86)\advanced system protector" Successfully deleted: [Folder] "C:\Program Files (x86)\coupon companion" Successfully deleted: [Folder] "C:\Program Files (x86)\televisionfanatic" ~~~ FireFox Successfully deleted: [Folder] C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ykvgrh2l.default\extensions\64ffxtbr@televisionfanatic.com Successfully deleted: [Folder] C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ykvgrh2l.default\extensions\crossriderapp4493@crossrider.com ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 11/24/2012 at 23:07:14.73 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  13. nuscher143
    # AdwCleaner v2.009 - Logfile created 11/24/2012 at 22:54:45 # Updated 24/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Elaine - FISCHER-HP # Boot Mode : Normal # Running from : C:\Users\Elaine\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\ProgramData\InstallMate Folder Found : C:\ProgramData\Premium ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Crossrider Key Found : HKCU\Software\Cr_Installer Key Found : HKCU\Software\InstalledBrowserExtensions Key Found : HKCU\Software\StartSearch Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1 Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1 Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.2 (en-US) Profile name : default File : C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ykvgrh2l.default\prefs.js Found : user_pref("aol_toolbar.default.homepage.check", false); Found : user_pref("aol_toolbar.default.search.check", false); Found : user_pref("extensions.509818124f78f.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...] Found : user_pref("extensions.BabylonToolbar.prtkDS", 0); Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Found : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Found : user_pref("sweetim.toolbar.searchguard.enable", ""); Found : user_pref("extensions.crossriderapp4493.adsOldValue", -1); -\\ Google Chrome v23.0.1271.64 File : C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [7427 octets] - [28/10/2012 15:59:10] AdwCleaner[R3].txt - [2736 octets] - [24/11/2012 22:54:45] AdwCleaner[s1].txt - [6678 octets] - [28/10/2012 17:56:51] ########## EOF - C:\AdwCleaner[R3].txt - [2856 octets] ##########
  14. nuscher143
    It doesn't look like there was an attachment so I am going to try again. Please let me know if you get the attachment.
  15. nuscher143
    It doesn't look like either one of those. It is a pop up that just shows up and says I have 100 malicious files. Across the top it says Advance System Protector and then on the side something about Microsoft. It has not happened since we ran some of those programs but now I have new pop up happening. I have attached a screen shot of it. And if you look at the bottom of the google screen the download choices are new also.
  16. nuscher143
    No that didn't find it.
  17. nuscher143
    --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED CPU speed: 2.400000 GHz Memory total: 4083007488, free: 2158493696 ------------ Kernel report ------------ 11/24/2012 13:08:05 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\spyp.sys \SystemRoot\System32\Drivers\WMILIB.SYS \SystemRoot\System32\Drivers\SCSIPORT.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\wd.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\avgrkx64.sys \SystemRoot\system32\DRIVERS\avgloga.sys \SystemRoot\system32\DRIVERS\avgmfx64.sys \SystemRoot\system32\DRIVERS\avgidsha.sys \SystemRoot\system32\drivers\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\avgfwd6a.sys \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\avgtdia.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\avgldx64.sys \SystemRoot\system32\DRIVERS\avgidsdrivera.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\bcmwl664.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\Sftvollh.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\system32\DRIVERS\Sftfslh.sys \SystemRoot\system32\DRIVERS\Sftplaylh.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\Sftredirlh.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\drivers\spsys.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8006ff9060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa8004fbf050 Lower Device Driver Name: \Driver\iaStor\ Driver name found: iaStor DriverEntry returned 0x0 Function returned 0x0 Initializing... Done! Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8006ff9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006ff9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006ff9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8004fbf050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Upper DeviceData: 0xfffff8a00bd277a0, 0xfffffa8006ff9060, 0xfffffa8009b8c790 Lower DeviceData: 0xfffff8a00a2a48a0, 0xfffffa8004fbf050, 0xfffffa800741a4d0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes File user open failed: C:\Windows\system32\drivers\sptd.sys (0x00000020) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 1D505CB8 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 940476416 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 940886016 Numsec = 35674112 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 976560128 Numsec = 210992 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Performing system, memory and registry scan... Read File: File "C:\ProgramData\AVG2013\Chjw\ee2e10db2e109f21.dat" is sparse (flags = 32768) Done! Scan finished =======================================
  18. nuscher143
    Nothing found when running rootkit Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.11.03.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Elaine :: FISCHER-HP [administrator] 11/24/2012 1:19:47 PM mbar-log-2012-11-24 (13-19-47).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 27811 Time elapsed: 11 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  19. nuscher143
    U torrent is not running as far as I can see. I will uninstall java. Advance System Protector is NOT something I installed. That is one of the things that keeps popping up that says I have infections and click her to continue. I tried to uninstall it but can't find it anywhere to uninstall. Going to do the other things you have advised. Thank you.
  20. nuscher143
    RogueKiller V8.3.1 [Nov 23 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Elaine [Admin rights] Mode : Scan -- Date : 11/24/2012 12:28:34 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [RUN][ROGUE ST] HKLM\[...]\Run : HPWirelessAssistant (C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500325AS +++++ --- User --- [MBR] e22ccaab23dff29fe13806a26a14f594 [bSP] f548284d067438a7441a59b4e71e8056 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 459217 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 940886016 | Size: 17419 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_11242012_02d1228.txt >> RKreport[1]_S_11242012_02d1228.txt
  21. nuscher143
    . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 2/26/2011 9:48:20 AM System Uptime: 11/24/2012 12:13:19 PM (0 hours ago) . Motherboard: Hewlett-Packard | | 1439 Processor: Intel® Core i3 CPU M 370 @ 2.40GHz | CPU | 2399/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 448 GiB total, 320.97 GiB free. D: is FIXED (NTFS) - 17 GiB total, 2.458 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Officejet 6500 E709n Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Officejet 6500 E709n PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: Officejet 6500 E709n Device ID: ROOT\IMAGE\0000 Manufacturer: HP Name: Officejet 6500 E709n PNP Device ID: ROOT\IMAGE\0000 Service: StillCam . ==== System Restore Points =================== . RP315: 11/9/2012 4:16:29 PM - Scheduled Checkpoint RP316: 11/15/2012 8:58:46 AM - Windows Update RP317: 11/17/2012 9:08:26 AM - Windows Update RP318: 11/19/2012 6:32:53 PM - Installed HP Support Assistant RP319: 11/19/2012 6:36:31 PM - Windows Modules Installer RP320: 11/19/2012 6:37:19 PM - Windows Modules Installer RP321: 11/23/2012 6:07:32 PM - ComboFix created restore point RP322: 11/23/2012 7:59:46 PM - Restore Operation RP323: 11/23/2012 9:40:32 PM - Windows Modules Installer RP324: 11/23/2012 9:41:15 PM - Windows Modules Installer . ==== Installed Programs ====================== . µTorrent 2X Client-64 bit 64 Bit HP CIO Components Installer 6500_E709_eDocs 6500_E709_Help 6500_E709n ABBYY FineReader for ScanSnap 4.1 Acrobat.com Active@ ISO Burner Adobe AIR Adobe Flash Player 10 ActiveX 64-bit Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop 7.0 Adobe Reader 9.5.2 MUI Adobe Shockwave Player 11.5 AIM 7 AnswerWorks Runtime Apple Application Support Apple Software Update AVG 2013 AXIS Media Control Embedded AXIS Media Control Embedded Installer Bejeweled 2 Deluxe Blackhawk Striker 2 bpd_scan BPDSoftware BPDSoftware_Ini Broadcom 802.11 Wireless LAN Adapter Brother HL-5340D BufferChm Build-a-lot 2 CardMinder CardMinder V4.1 Chuzzle Deluxe CinemaNow Media Manager Command & Conquer Red Alert 2 ConvertXtoDVD 4.1.2.336 Corel Applications CyberLink DVD Suite CyberLink MediaShow CyberLink PowerDVD 9 CyberLink YouCam Destinations DeviceDiscovery Diner Dash 2 Restaurant Rescue DocMgr DocProc Dora's Carnival Adventure Energy Star Digital Logo Escape Rosecliff Island ESU for Microsoft Windows 7 FATE Fax Final Drive Nitro Google Chrome GPBaseService2 Heroes of Hellas 2 - Olympia Hewlett-Packard ACLM.NET v1.2.1.1 HP Advisor HP Customer Experience Enhancements HP Customer Participation Program 14.0 HP Document Manager 2.0 HP Documentation HP Game Console HP Games HP Imaging Device Functions 14.0 HP MediaSmart CinemaNow 2.0 HP Officejet 6500 E709 Series HP Photo Creations HP Power Manager HP Quick Launch HP Setup HP Smart Web Printing 4.60 HP Software Framework HP Solution Center 14.0 HP Support Assistant HP Update HP Wireless Assistant HPProductAssistant HPSSupply InstallIQ Updater Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® Rapid Storage Technology Java 7 Update 9 (64-bit) Java Auto Updater Java 6 Update 20 (64-bit) Java 6 Update 30 Jewel Quest 3 Jewel Quest Solitaire 2 join.me Junk Mail filter update LabelPrint LittlePPT magicJack Malwarebytes Anti-Malware version 1.65.1.1000 MarketResearch Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft IntelliPoint 8.0 Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime MotoHelper 2.0.51 Driver 5.2.0 MotoHelper MergeModules MOTOROLA MEDIA LINK Motorola Mobile Drivers Installation 5.2.0 Mozilla Firefox 16.0.2 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Network64 OCR Software by I.R.I.S. 14.0 OpenOffice.org 3.3 Penguins! PhotoNow! Plants vs. Zombies Playalot Games Poker Superstars III Polar Bowler Polar Golfer Power2Go PowerDirector ProductContext QuickTime Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Recovery Manager RollerCoaster Tycoon Roxio CinemaNow 2.0 RtVOsd SaveAs Scan ScanSnap ScanSnap Manager ScanSnap Organizer Search Assistant MocaFlix 1.66 Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Shop for HP Supplies Skype Toolbars Skype™ 5.3 SmartWebPrinting SolutionCenter Status Synaptics Pointing Device Driver Toolbox TrayApp Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Virtual Families Virtual Villagers - The Secret City Visual Studio 2010 x64 Redistributables WebReg Westwood Shared Internet Components Wheel of Fortune 2 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sync Windows Live Upload Tool Windows Live Writer Windows Media Player Firefox Plugin Windows Mobile Device Center Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 11/24/2012 12:14:55 PM, Error: Service Control Manager [7000] - The CGPS Service service failed to start due to the following error: The system cannot find the file specified. 11/24/2012 12:14:33 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 11/23/2012 9:38:43 PM, Error: Service Control Manager [7000] - The TelevisionFanaticService service failed to start due to the following error: The system cannot find the file specified. 11/23/2012 9:28:44 PM, Error: Service Control Manager [7000] - The MotoHelper Service service failed to start due to the following error: The pipe has been ended. 11/23/2012 9:28:43 PM, Error: Service Control Manager [7031] - The MotoHelper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 11/23/2012 9:28:43 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: A socket operation encountered a dead network. 11/23/2012 9:28:43 PM, Error: Service Control Manager [7023] - The IKE and AuthIP IPsec Keying Modules service terminated with the following error: Load failed 11/23/2012 9:28:43 PM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: Afd. This service might not be installed. 11/23/2012 9:28:43 PM, Error: Service Control Manager [7001] - The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error: The dependency service or group failed to start. 11/23/2012 9:28:43 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. 11/23/2012 9:28:43 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The device does not recognize the command. 11/23/2012 9:28:43 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The device does not recognize the command. 11/23/2012 9:28:43 PM, Error: Service Control Manager [7001] - The Server SMB 2.xxx Driver service depends on the srvnet service which failed to start because of the following error: The device does not recognize the command. 11/23/2012 9:28:43 PM, Error: Service Control Manager [7001] - The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error: The dependency service or group failed to start. 11/23/2012 9:28:43 PM, Error: Service Control Manager [7001] - The Server service depends on the Server SMB 1.xxx Driver service which failed to start because of the following error: The dependency service or group failed to start. 11/23/2012 9:28:43 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start. 11/23/2012 9:28:43 PM, Error: Service Control Manager [7000] - The srvnet service failed to start due to the following error: The device does not recognize the command. 11/23/2012 9:28:43 PM, Error: Service Control Manager [7000] - The SMB MiniRedirector Wrapper and Engine service failed to start due to the following error: The device does not recognize the command. 11/23/2012 9:26:03 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004 . ==== End Of File ===========================
  22. nuscher143
    DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_30 Run by Elaine at 12:23:23 on 2012-11-24 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2005 [GMT -5:00] . AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\AVG\AVG2013\avgfws.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\rundll32.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\2X\Client\APPServerClient.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe C:\Program Files\Realtek\RtVOsd\RtVOsd.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe C:\Windows\system32\prevhost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskmgr.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: SaveAs Class: {3C34F43D-8C1D-4118-F130-21D1F94ACC5B} - C:\ProgramData\SaveAs\509818124f872.ocx BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY StartupFolder: C:\Users\Elaine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\2XCLIE~1.LNK - C:\Program Files\2X\Client\APPServerClient.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cab DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} - hxxp://www.worldwinner.com/games/v56/trivialpursuit/trivialpursuit.cab DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - hxxp://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - hxxp://www.worldwinner.com/games/v68/clue/clue.cab DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928 TCP: NameServer = 167.206.112.138 167.206.7.4 TCP: Interfaces\{A7BDC0D9-0AC7-4C1D-AE03-EB558E114AA1} : DHCPNameServer = 167.206.112.138 167.206.7.4 TCP: Interfaces\{A7BDC0D9-0AC7-4C1D-AE03-EB558E114AA1}\2416C6467796E602C49626271627970283 : DHCPNameServer = 10.0.0.1 TCP: Interfaces\{A7BDC0D9-0AC7-4C1D-AE03-EB558E114AA1}\2416C6467796E602C69626271627970223 : DHCPNameServer = 167.206.254.1 167.206.254.2 TCP: Interfaces\{A7BDC0D9-0AC7-4C1D-AE03-EB558E114AA1}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{A7BDC0D9-0AC7-4C1D-AE03-EB558E114AA1}\3716D696369616336303 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{A7BDC0D9-0AC7-4C1D-AE03-EB558E114AA1}\F6074796D657D677966696 : DHCPNameServer = 10.240.205.161 10.240.205.162 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll AppInit_DLLs= c:\progra~2\mocaflix\sprote~1.dll SSODL: WebCheck - <orphaned> x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ykvgrh2l.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: keyword.URL - FF - prefs.js: browser.startup.homepage - FF - ExtSQL: 2012-11-05 14:42; 64ffxtbr@TelevisionFanatic.com; C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ykvgrh2l.default\extensions\64ffxtbr@TelevisionFanatic.com FF - ExtSQL: 2012-11-09 16:28; 509818124f6e3@509818124f71c.com; C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ykvgrh2l.default\extensions\509818124f6e3@509818124f71c.com FF - ExtSQL: !HIDDEN! 2011-03-01 15:29; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - ExtSQL: !HIDDEN! 2012-11-05 14:42; 64ffxtbr@TelevisionFanatic.com; C:\Program Files (x86)\TelevisionFanatic\bar\1.bin . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800] R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-16 98208] R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-11-2 1340976] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664] R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe [2010-11-5 81920] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-16 13336] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-24 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-23 676936] R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-4-26 223088] R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-16 2320920] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-8 25928] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 IDVaultSvc;CGPS Service;"C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe" --> C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [?] S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144] S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744] S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2011-4-4 21504] S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216] S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2010-4-1 26624] S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-5-12 11776] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-11-16 225280] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-16 333928] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-9-29 695400] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-2 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-26 1255736] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] . =============== Created Last 30 ================ . 2012-11-19 23:32:35 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} 2012-11-17 14:10:35 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-17 14:10:33 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-11-17 14:10:33 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-11-17 14:10:33 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-11-15 13:59:36 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-11-15 13:59:36 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-11-15 13:59:35 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-11-15 13:59:35 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-11-15 13:59:34 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-11-15 13:59:34 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-11-15 13:59:34 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2012-11-05 19:42:23 -------- d-----w- C:\Program Files (x86)\TelevisionFanatic 2012-11-05 19:38:42 -------- d-----w- C:\ProgramData\Premium 2012-11-05 19:38:38 -------- d-----w- C:\Program Files (x86)\MocaFlix 2012-11-05 19:38:33 -------- d-----w- C:\ProgramData\SaveAs 2012-11-05 19:37:50 -------- d-----w- C:\ProgramData\InstallMate 2012-11-05 19:32:52 -------- d-----w- C:\Program Files (x86)\PrivitizeVPN 2012-11-02 15:03:34 -------- d-----w- C:\Users\Elaine\NEMS 2012-10-31 19:40:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-10-31 19:40:40 41472 ----a-w- C:\Windows\System32\drivers\rndismpx.sys 2012-10-31 19:40:40 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys 2012-10-31 19:40:39 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-10-31 19:40:39 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-10-31 19:40:31 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-10-29 15:24:00 -------- d-----w- C:\Windows\System32\SPReview 2012-10-29 15:22:24 -------- d-----w- C:\Windows\System32\EventProviders 2012-10-29 15:21:08 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-10-29 15:20:50 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2012-10-29 15:18:51 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll 2012-10-29 15:18:48 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe 2012-10-29 15:18:48 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe 2012-10-28 16:25:32 -------- d-sh--w- C:\$RECYCLE.BIN 2012-10-28 05:13:42 -------- d-----w- C:\TDSSKiller_Quarantine 2012-10-27 16:41:08 98816 ----a-w- C:\Windows\sed.exe 2012-10-27 16:41:08 256000 ----a-w- C:\Windows\PEV.exe 2012-10-27 16:41:08 208896 ----a-w- C:\Windows\MBR.exe 2012-10-27 16:03:20 -------- d-----w- C:\Windows\pss 2012-10-27 03:18:08 -------- d-----w- C:\Users\Elaine\AppData\Roaming\AVG2013 2012-10-27 03:15:46 -------- d-----w- C:\Users\Elaine\AppData\Roaming\TuneUp Software 2012-10-27 03:13:46 -------- d-----w- C:\ProgramData\AVG2013 2012-10-27 03:13:46 -------- d-----w- C:\$AVG 2012-10-27 03:11:47 -------- d-----w- C:\Program Files (x86)\AVG 2012-10-27 03:08:58 -------- d--h--w- C:\ProgramData\Common Files 2012-10-27 03:08:58 -------- d-----w- C:\Users\Elaine\AppData\Local\MFAData 2012-10-27 03:08:58 -------- d-----w- C:\Users\Elaine\AppData\Local\Avg2013 2012-10-27 03:08:58 -------- d-----w- C:\ProgramData\MFAData 2012-10-27 02:59:52 -------- d-----w- C:\ProgramData\Systweak 2012-10-27 02:59:51 16896 ----a-w- C:\Windows\System32\sasnative64.exe 2012-10-27 02:59:51 -------- d-----w- C:\Program Files (x86)\Advanced System Protector 2012-10-27 02:59:24 -------- d-----w- C:\Users\Elaine\AppData\Roaming\Systweak 2012-10-27 02:59:22 19368 ----a-w- C:\Windows\System32\roboot64.exe 2012-10-26 17:56:48 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{237A3994-9595-47F7-BB58-691EAA3E02AD}\mpengine.dll 2012-10-26 17:39:52 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-10-26 17:39:51 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-10-26 17:39:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-10-26 17:39:44 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-10-26 17:39:39 715776 ----a-w- C:\Windows\System32\kerberos.dll 2012-10-26 17:39:39 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll 2012-10-26 17:39:24 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2012-10-26 17:39:24 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-10-26 17:39:23 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-10-26 17:39:23 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-10-26 17:39:23 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-10-26 17:39:23 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ==================== Find3M ==================== . 2012-10-29 15:36:50 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-10-29 15:36:50 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-10-29 15:20:42 916456 ----a-w- C:\Windows\System32\deployJava1.dll 2012-10-22 18:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys 2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-10-15 08:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-08 19:11:25 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-08 19:11:25 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-05 08:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-10-02 07:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-09-21 07:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys 2012-09-21 07:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys 2012-09-14 07:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys 2012-09-04 14:39:32 50296 ----a-w- C:\Windows\System32\drivers\avgfwd6a.sys 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2011-01-18 08:53:32 2994688 ----a-w- C:\Program Files\openofficeorg33.msi 2011-01-18 08:52:10 475016 ----a-w- C:\Program Files\setup.exe . ============= FINISH: 12:23:34.77 ===============
  23. nuscher143
    I wish our thread had not deleted but I think we should start all over if you don't mind. Something is going on with the laptop. The infection came back with a vengence. Before only 2 infected files were found with malwarebytes. This past time I ran it it came up with 41. I then tried to retrace what we did and somehow I disabled my network card and had to do a restore. I tried many different restore points even in safe mode. I finally found a restore that worked. However, the first thing that pops up is a window saying Advance System Protector has detected 100 Malware Infections. This is the message we were trying to get rid of last time. We had cleared the virus and this was I believe the last thing we were going to do before "cleaning up" and doing "housekeeping" on my system. However I believe that when doing the restore the virus must have also been restored or maybe a different one is there. I just ran a quick scan and it found 147 objects detected. (During the Hurricane a friend borrowed my laptop and downloaded some programs and I think may have downloaded a virus.) I am waiting for direction from you before doing anything at this point. Thanks.
  24. nuscher143
    Hi I am new to the forum so not sure exactly what info to post. I have been reading other solutions and have tried some but getting nowhere. 2 days ago I got antivirus 2010 (I think that is what it was called). I couldn't run malware, couldn't run my avg, couldn't run task manager or regedit. Installed a program called rkill.com which disabled the virus and allowed me to run and clean machine or so I thought. Yesterday after a few hours of internet use without any problems I got a new popup which I beleive is a security alert virus. I have now downloaded a new program to stop this which is process explorer (renamed to iexplore.exe and then disable the virus there. However then I can not access the internet. I have another laptop and another desktop which I am utilizing to get all needed programs and downloads. My laptop will not even recognize a USB hard drive so everything has to be saved to a CD. I tried running combofix but after going through all the stages it runs forever adding a bunch of really strange files to the screen that end in rcv000(then some combo of numbers or letters) then .num then the same exact file except ending in .sys. After about 1/2 hour I just stopped the process. I was able to run combofix the day before with no problem. I just ran rootrepeal and it found 4 hidden/locked files and only lists 2. I am ready to throw the computer in the garbage. Not sure what info is needed for someone to help me but any help would be much appreciated. I am not going to attempt to fix this any further without some expert assistance. Anyone game?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.