NEW POST FOR MR C

[nuscher143]

I wish our thread had not deleted but I think we should start all over if you don't mind. Something is going on with the laptop. The infection came back with a vengence. Before only 2 infected files were found with malwarebytes. This past time I ran it it came up with 41. I then tried to retrace what we did and somehow I disabled my network card and had to do a restore. I tried many different restore points even in safe mode. I finally found a restore that worked. However, the first thing that pops up is a window saying Advance System Protector has detected 100 Malware Infections. This is the message we were trying to get rid of last time. We had cleared the virus and this was I believe the last thing we were going to do before "cleaning up" and doing "housekeeping" on my system. However I believe that when doing the restore the virus must have also been restored or maybe a different one is there. I just ran a quick scan and it found 147 objects detected. (During the Hurricane a friend borrowed my laptop and downloaded some programs and I think may have downloaded a virus.) I am waiting for direction from you before doing anything at this point.

Thanks.

[MrCharlie]

Welcome back to the forum,

BTW: your post wasn't deleted > there was a problem with the forum and about 3 weeks of the forum was lost.

Please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Quit all running programs.

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 48 hours, please send me a PM)

[nuscher143]

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_30

Run by Elaine at 12:23:23 on 2012-11-24

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2005 [GMT -5:00]

.

AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\AVG\AVG2013\avgfws.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\2X\Client\APPServerClient.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

C:\Program Files\Realtek\RtVOsd\RtVOsd.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe

C:\Windows\system32\prevhost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: SaveAs Class: {3C34F43D-8C1D-4118-F130-21D1F94ACC5B} - C:\ProgramData\SaveAs\509818124f872.ocx

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

StartupFolder: C:\Users\Elaine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\2XCLIE~1.LNK - C:\Program Files\2X\Client\APPServerClient.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cab

DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab

DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab

DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab

DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} - hxxp://www.worldwinner.com/games/v56/trivialpursuit/trivialpursuit.cab

DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab

DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab

DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - hxxp://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab

DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab

DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab

DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab

DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - hxxp://www.worldwinner.com/games/v68/clue/clue.cab

DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab

DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab

DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab

DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab

DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab

DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab

DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab

DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928

TCP: NameServer = 167.206.112.138 167.206.7.4

TCP: Interfaces\{A7BDC0D9-0AC7-4C1D-AE03-EB558E114AA1} : DHCPNameServer = 167.206.112.138 167.206.7.4

TCP: Interfaces\{A7BDC0D9-0AC7-4C1D-AE03-EB558E114AA1}\2416C6467796E602C49626271627970283 : DHCPNameServer = 10.0.0.1

TCP: Interfaces\{A7BDC0D9-0AC7-4C1D-AE03-EB558E114AA1}\2416C6467796E602C69626271627970223 : DHCPNameServer = 167.206.254.1 167.206.254.2

TCP: Interfaces\{A7BDC0D9-0AC7-4C1D-AE03-EB558E114AA1}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{A7BDC0D9-0AC7-4C1D-AE03-EB558E114AA1}\3716D696369616336303 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{A7BDC0D9-0AC7-4C1D-AE03-EB558E114AA1}\F6074796D657D677966696 : DHCPNameServer = 10.240.205.161 10.240.205.162

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

AppInit_DLLs= c:\progra~2\mocaflix\sprote~1.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ykvgrh2l.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: keyword.URL -

FF - prefs.js: browser.startup.homepage -

FF - ExtSQL: 2012-11-05 14:42; 64ffxtbr@TelevisionFanatic.com; C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ykvgrh2l.default\extensions\64ffxtbr@TelevisionFanatic.com

FF - ExtSQL: 2012-11-09 16:28; 509818124f6e3@509818124f71c.com; C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ykvgrh2l.default\extensions\509818124f6e3@509818124f71c.com

FF - ExtSQL: !HIDDEN! 2011-03-01 15:29; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - ExtSQL: !HIDDEN! 2012-11-05 14:42; 64ffxtbr@TelevisionFanatic.com; C:\Program Files (x86)\TelevisionFanatic\bar\1.bin

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]

R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-16 98208]

R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-11-2 1340976]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]

R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe [2010-11-5 81920]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-16 13336]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-24 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-23 676936]

R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-4-26 223088]

R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-16 2320920]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-8 25928]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 IDVaultSvc;CGPS Service;"C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe" --> C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [?]

S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]

S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744]

S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2011-4-4 21504]

S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]

S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2010-4-1 26624]

S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-5-12 11776]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-11-16 225280]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-16 333928]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-9-29 695400]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-2 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-26 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

.

=============== Created Last 30 ================

.

2012-11-19 23:32:35 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

2012-11-17 14:10:35 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-17 14:10:33 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-11-17 14:10:33 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-11-17 14:10:33 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-11-15 13:59:36 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-11-15 13:59:36 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-11-15 13:59:35 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-11-15 13:59:35 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-11-15 13:59:34 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-11-15 13:59:34 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-11-15 13:59:34 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-11-05 19:42:23 -------- d-----w- C:\Program Files (x86)\TelevisionFanatic

2012-11-05 19:38:42 -------- d-----w- C:\ProgramData\Premium

2012-11-05 19:38:38 -------- d-----w- C:\Program Files (x86)\MocaFlix

2012-11-05 19:38:33 -------- d-----w- C:\ProgramData\SaveAs

2012-11-05 19:37:50 -------- d-----w- C:\ProgramData\InstallMate

2012-11-05 19:32:52 -------- d-----w- C:\Program Files (x86)\PrivitizeVPN

2012-11-02 15:03:34 -------- d-----w- C:\Users\Elaine\NEMS

2012-10-31 19:40:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-10-31 19:40:40 41472 ----a-w- C:\Windows\System32\drivers\rndismpx.sys

2012-10-31 19:40:40 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys

2012-10-31 19:40:39 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-10-31 19:40:39 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-10-31 19:40:31 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-10-29 15:24:00 -------- d-----w- C:\Windows\System32\SPReview

2012-10-29 15:22:24 -------- d-----w- C:\Windows\System32\EventProviders

2012-10-29 15:21:08 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-10-29 15:20:50 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2012-10-29 15:18:51 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-10-29 15:18:48 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe

2012-10-29 15:18:48 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe

2012-10-28 16:25:32 -------- d-sh--w- C:\$RECYCLE.BIN

2012-10-28 05:13:42 -------- d-----w- C:\TDSSKiller_Quarantine

2012-10-27 16:41:08 98816 ----a-w- C:\Windows\sed.exe

2012-10-27 16:41:08 256000 ----a-w- C:\Windows\PEV.exe

2012-10-27 16:41:08 208896 ----a-w- C:\Windows\MBR.exe

2012-10-27 16:03:20 -------- d-----w- C:\Windows\pss

2012-10-27 03:18:08 -------- d-----w- C:\Users\Elaine\AppData\Roaming\AVG2013

2012-10-27 03:15:46 -------- d-----w- C:\Users\Elaine\AppData\Roaming\TuneUp Software

2012-10-27 03:13:46 -------- d-----w- C:\ProgramData\AVG2013

2012-10-27 03:13:46 -------- d-----w- C:\$AVG

2012-10-27 03:11:47 -------- d-----w- C:\Program Files (x86)\AVG

2012-10-27 03:08:58 -------- d--h--w- C:\ProgramData\Common Files

2012-10-27 03:08:58 -------- d-----w- C:\Users\Elaine\AppData\Local\MFAData

2012-10-27 03:08:58 -------- d-----w- C:\Users\Elaine\AppData\Local\Avg2013

2012-10-27 03:08:58 -------- d-----w- C:\ProgramData\MFAData

2012-10-27 02:59:52 -------- d-----w- C:\ProgramData\Systweak

2012-10-27 02:59:51 16896 ----a-w- C:\Windows\System32\sasnative64.exe

2012-10-27 02:59:51 -------- d-----w- C:\Program Files (x86)\Advanced System Protector

2012-10-27 02:59:24 -------- d-----w- C:\Users\Elaine\AppData\Roaming\Systweak

2012-10-27 02:59:22 19368 ----a-w- C:\Windows\System32\roboot64.exe

2012-10-26 17:56:48 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{237A3994-9595-47F7-BB58-691EAA3E02AD}\mpengine.dll

2012-10-26 17:39:52 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-10-26 17:39:51 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-10-26 17:39:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-10-26 17:39:44 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-10-26 17:39:39 715776 ----a-w- C:\Windows\System32\kerberos.dll

2012-10-26 17:39:39 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

2012-10-26 17:39:24 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2012-10-26 17:39:24 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-10-26 17:39:23 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-10-26 17:39:23 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-10-26 17:39:23 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-10-26 17:39:23 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

==================== Find3M ====================

.

2012-10-29 15:36:50 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-10-29 15:36:50 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-10-29 15:20:42 916456 ----a-w- C:\Windows\System32\deployJava1.dll

2012-10-22 18:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys

2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-10-15 08:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-08 19:11:25 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-08 19:11:25 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-05 08:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-10-02 07:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-09-21 07:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2012-09-21 07:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys

2012-09-14 07:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2012-09-04 14:39:32 50296 ----a-w- C:\Windows\System32\drivers\avgfwd6a.sys

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-01-18 08:53:32 2994688 ----a-w- C:\Program Files\openofficeorg33.msi

2011-01-18 08:52:10 475016 ----a-w- C:\Program Files\setup.exe

.

============= FINISH: 12:23:34.77 ===============

[nuscher143]

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 2/26/2011 9:48:20 AM

System Uptime: 11/24/2012 12:13:19 PM (0 hours ago)

.

Motherboard: Hewlett-Packard | | 1439

Processor: Intel® Core i3 CPU M 370 @ 2.40GHz | CPU | 2399/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 448 GiB total, 320.97 GiB free.

D: is FIXED (NTFS) - 17 GiB total, 2.458 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet 6500 E709n

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet 6500 E709n

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Officejet 6500 E709n

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: Officejet 6500 E709n

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

==== System Restore Points ===================

.

RP315: 11/9/2012 4:16:29 PM - Scheduled Checkpoint

RP316: 11/15/2012 8:58:46 AM - Windows Update

RP317: 11/17/2012 9:08:26 AM - Windows Update

RP318: 11/19/2012 6:32:53 PM - Installed HP Support Assistant

RP319: 11/19/2012 6:36:31 PM - Windows Modules Installer

RP320: 11/19/2012 6:37:19 PM - Windows Modules Installer

RP321: 11/23/2012 6:07:32 PM - ComboFix created restore point

RP322: 11/23/2012 7:59:46 PM - Restore Operation

RP323: 11/23/2012 9:40:32 PM - Windows Modules Installer

RP324: 11/23/2012 9:41:15 PM - Windows Modules Installer

.

==== Installed Programs ======================

.

µTorrent

2X Client-64 bit

64 Bit HP CIO Components Installer

6500_E709_eDocs

6500_E709_Help

6500_E709n

ABBYY FineReader for ScanSnap 4.1

Acrobat.com

Active@ ISO Burner

Adobe AIR

Adobe Flash Player 10 ActiveX 64-bit

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop 7.0

Adobe Reader 9.5.2 MUI

Adobe Shockwave Player 11.5

AIM 7

AnswerWorks Runtime

Apple Application Support

Apple Software Update

AVG 2013

AXIS Media Control Embedded

AXIS Media Control Embedded Installer

Bejeweled 2 Deluxe

Blackhawk Striker 2

bpd_scan

BPDSoftware

BPDSoftware_Ini

Broadcom 802.11 Wireless LAN Adapter

Brother HL-5340D

BufferChm

Build-a-lot 2

CardMinder

CardMinder V4.1

Chuzzle Deluxe

CinemaNow Media Manager

Command & Conquer Red Alert 2

ConvertXtoDVD 4.1.2.336

Corel Applications

CyberLink DVD Suite

CyberLink MediaShow

CyberLink PowerDVD 9

CyberLink YouCam

Destinations

DeviceDiscovery

Diner Dash 2 Restaurant Rescue

DocMgr

DocProc

Dora's Carnival Adventure

Energy Star Digital Logo

Escape Rosecliff Island

ESU for Microsoft Windows 7

FATE

Fax

Final Drive Nitro

Google Chrome

GPBaseService2

Heroes of Hellas 2 - Olympia

Hewlett-Packard ACLM.NET v1.2.1.1

HP Advisor

HP Customer Experience Enhancements

HP Customer Participation Program 14.0

HP Document Manager 2.0

HP Documentation

HP Game Console

HP Games

HP Imaging Device Functions 14.0

HP MediaSmart CinemaNow 2.0

HP Officejet 6500 E709 Series

HP Photo Creations

HP Power Manager

HP Quick Launch

HP Setup

HP Smart Web Printing 4.60

HP Software Framework

HP Solution Center 14.0

HP Support Assistant

HP Update

HP Wireless Assistant

HPProductAssistant

HPSSupply

InstallIQ Updater

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Java 7 Update 9 (64-bit)

Java Auto Updater

Java 6 Update 20 (64-bit)

Java 6 Update 30

Jewel Quest 3

Jewel Quest Solitaire 2

join.me

Junk Mail filter update

LabelPrint

LittlePPT

magicJack

Malwarebytes Anti-Malware version 1.65.1.1000

MarketResearch

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft IntelliPoint 8.0

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

MotoHelper 2.0.51 Driver 5.2.0

MotoHelper MergeModules

MOTOROLA MEDIA LINK

Motorola Mobile Drivers Installation 5.2.0

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Network64

OCR Software by I.R.I.S. 14.0

OpenOffice.org 3.3

Penguins!

PhotoNow!

Plants vs. Zombies

Playalot Games

Poker Superstars III

Polar Bowler

Polar Golfer

Power2Go

PowerDirector

ProductContext

QuickTime

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Recovery Manager

RollerCoaster Tycoon

Roxio CinemaNow 2.0

RtVOsd

SaveAs

Scan

ScanSnap

ScanSnap Manager

ScanSnap Organizer

Search Assistant MocaFlix 1.66

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Shop for HP Supplies

Skype Toolbars

Skype™ 5.3

SmartWebPrinting

SolutionCenter

Status

Synaptics Pointing Device Driver

Toolbox

TrayApp

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Virtual Families

Virtual Villagers - The Secret City

Visual Studio 2010 x64 Redistributables

WebReg

Westwood Shared Internet Components

Wheel of Fortune 2

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Player Firefox Plugin

Windows Mobile Device Center

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

11/24/2012 12:14:55 PM, Error: Service Control Manager [7000] - The CGPS Service service failed to start due to the following error: The system cannot find the file specified.

11/24/2012 12:14:33 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

11/23/2012 9:38:43 PM, Error: Service Control Manager [7000] - The TelevisionFanaticService service failed to start due to the following error: The system cannot find the file specified.

11/23/2012 9:28:44 PM, Error: Service Control Manager [7000] - The MotoHelper Service service failed to start due to the following error: The pipe has been ended.

11/23/2012 9:28:43 PM, Error: Service Control Manager [7031] - The MotoHelper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

11/23/2012 9:28:43 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: A socket operation encountered a dead network.

11/23/2012 9:28:43 PM, Error: Service Control Manager [7023] - The IKE and AuthIP IPsec Keying Modules service terminated with the following error: Load failed

11/23/2012 9:28:43 PM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: Afd. This service might not be installed.

11/23/2012 9:28:43 PM, Error: Service Control Manager [7001] - The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error: The dependency service or group failed to start.

11/23/2012 9:28:43 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

11/23/2012 9:28:43 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The device does not recognize the command.

11/23/2012 9:28:43 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The device does not recognize the command.

11/23/2012 9:28:43 PM, Error: Service Control Manager [7001] - The Server SMB 2.xxx Driver service depends on the srvnet service which failed to start because of the following error: The device does not recognize the command.

11/23/2012 9:28:43 PM, Error: Service Control Manager [7001] - The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error: The dependency service or group failed to start.

11/23/2012 9:28:43 PM, Error: Service Control Manager [7001] - The Server service depends on the Server SMB 1.xxx Driver service which failed to start because of the following error: The dependency service or group failed to start.

11/23/2012 9:28:43 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.

11/23/2012 9:28:43 PM, Error: Service Control Manager [7000] - The srvnet service failed to start due to the following error: The device does not recognize the command.

11/23/2012 9:28:43 PM, Error: Service Control Manager [7000] - The SMB MiniRedirector Wrapper and Engine service failed to start due to the following error: The device does not recognize the command.

11/23/2012 9:26:03 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004

.

==== End Of File ===========================

[nuscher143]

RogueKiller V8.3.1 [Nov 23 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Elaine [Admin rights]

Mode : Scan -- Date : 11/24/2012 12:28:34

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤

[RUN][ROGUE ST] HKLM\[...]\Run : HPWirelessAssistant (C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++

--- User ---

[MBR] e22ccaab23dff29fe13806a26a14f594

[bSP] f548284d067438a7441a59b4e71e8056 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 459217 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 940886016 | Size: 17419 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_11242012_02d1228.txt >>

RKreport[1]_S_11242012_02d1228.txt

[MrCharlie]

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against the forums policy concerning P2P programs:

http://forums.malwar...showtopic=97700

Also uninstall these:

Java™ 6 Update 20 (64-bit)

Java™ 6 Update 30

-------------------------------------------------------

Advance System Protector <--this is a program you installed???

````````````````````````````````````````````````````````

<p>

Please create a new system restore point before running Malwarebytes Anti-Rootkit.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
  

• Open the folder where the contents were unzipped and run mbar.exe
  

• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  

• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  

• Wait while the system shuts down and the cleanup process is performed.
  

• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  

• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
  

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

MrC

[nuscher143]

U torrent is not running as far as I can see. I will uninstall java. Advance System Protector is NOT something I installed. That is one of the things that keeps popping up that says I have infections and click her to continue. I tried to uninstall it but can't find it anywhere to uninstall. Going to do the other things you have advised. Thank you.

[nuscher143]

Nothing found when running rootkit

Malwarebytes Anti-Rootkit 1.1.0.1009

www.malwarebytes.org

Database version: v2012.11.03.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Elaine :: FISCHER-HP [administrator]

11/24/2012 1:19:47 PM

mbar-log-2012-11-24 (13-19-47).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: PUP | PUM | P2P

Objects scanned: 27811

Time elapsed: 11 minute(s), 29 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[nuscher143]

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.400000 GHz

Memory total: 4083007488, free: 2158493696

------------ Kernel report ------------

11/24/2012 13:08:05

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\spyp.sys

\SystemRoot\System32\Drivers\WMILIB.SYS

\SystemRoot\System32\Drivers\SCSIPORT.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\wd.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\avgrkx64.sys

\SystemRoot\system32\DRIVERS\avgloga.sys

\SystemRoot\system32\DRIVERS\avgmfx64.sys

\SystemRoot\system32\DRIVERS\avgidsha.sys

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\avgfwd6a.sys

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\avgtdia.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\avgldx64.sys

\SystemRoot\system32\DRIVERS\avgidsdrivera.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\bcmwl664.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\drivers\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\drivers\mouclass.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\Sftvollh.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\system32\DRIVERS\Sftfslh.sys

\SystemRoot\system32\DRIVERS\Sftplaylh.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\Sftredirlh.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\drivers\spsys.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8006ff9060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa8004fbf050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

DriverEntry returned 0x0

Function returned 0x0

Initializing...

Done!

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8006ff9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8006ff9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8006ff9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8004fbf050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Upper DeviceData: 0xfffff8a00bd277a0, 0xfffffa8006ff9060, 0xfffffa8009b8c790

Lower DeviceData: 0xfffff8a00a2a48a0, 0xfffffa8004fbf050, 0xfffffa800741a4d0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

File user open failed: C:\Windows\system32\drivers\sptd.sys (0x00000020)

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 1D505CB8

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 407552

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 409600 Numsec = 940476416

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 940886016 Numsec = 35674112

Partition 3 type is Other (0xc)

Partition is NOT ACTIVE.

Partition starts at LBA: 976560128 Numsec = 210992

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...

Done!

Performing system, memory and registry scan...

Read File: File "C:\ProgramData\AVG2013\Chjw\ee2e10db2e109f21.dat" is sparse (flags = 32768)

Done!

Scan finished

=======================================

[MrCharlie]

Download and install Revo Uninstaller > see if it finds Advance System Protector

http://download.cnet...4-10687648.html

Use the "direct download link" on the left under the green download box only!!!!!

Let me know....MrC

[nuscher143]

No that didn't find it.

[MrCharlie]

Is this what you have:

http://www.bleepingcomputer.com/virus-removal/remove-system-protector

or this:

http://powerbundle.systweak.com/asp/

MrC

[nuscher143]

It doesn't look like either one of those. It is a pop up that just shows up and says I have 100 malicious files. Across the top it says Advance System Protector and then on the side something about Microsoft. It has not happened since we ran some of those programs but now I have new pop up happening. I have attached a screen shot of it. And if you look at the bottom of the google screen the download choices are new also.

[nuscher143]

It doesn't look like there was an attachment so I am going to try again. Please let me know if you get the attachment.

[MrCharlie]

Please download AdwCleaner from here and save it on your Desktop.

Close all open programs and internet browsers.

Right-click on adwcleaner.exe and select Run As Administrator to launch the application. (XP just double click to run)

Click on Delete.

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the content of that logfile with your next answer.

You can find the logfile at C:\AdwCleaner[s1].txt as well.

~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message.
  

MrC (be back in the am)

[nuscher143]

# AdwCleaner v2.009 - Logfile created 11/24/2012 at 22:54:45

# Updated 24/11/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Elaine - FISCHER-HP

# Boot Mode : Normal

# Running from : C:\Users\Elaine\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\ProgramData\InstallMate

Folder Found : C:\ProgramData\Premium

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\Cr_Installer

Key Found : HKCU\Software\InstalledBrowserExtensions

Key Found : HKCU\Software\StartSearch

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}

Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ykvgrh2l.default\prefs.js

Found : user_pref("aol_toolbar.default.homepage.check", false);

Found : user_pref("aol_toolbar.default.search.check", false);

Found : user_pref("extensions.509818124f78f.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]

Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Found : user_pref("sweetim.toolbar.searchguard.enable", "");

Found : user_pref("extensions.crossriderapp4493.adsOldValue", -1);

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7427 octets] - [28/10/2012 15:59:10]

AdwCleaner[R3].txt - [2736 octets] - [24/11/2012 22:54:45]

AdwCleaner[s1].txt - [6678 octets] - [28/10/2012 17:56:51]

########## EOF - C:\AdwCleaner[R3].txt - [2856 octets] ##########

[nuscher143]

0~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 3.4.9 (11.23.2012)

OS: Windows 7 Home Premium x64

Ran by Elaine on Sat 11/24/2012 at 23:00:31.92

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\systweak"

Successfully deleted: [Registry Key] "hkey_local_machine\software\systweak"

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{11111111-1111-1111-1111-110011441193}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{11111111-1111-1111-1111-110011441193}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\systweak"

Successfully deleted: [Folder] "C:\Users\Elaine\AppData\Roaming\systweak"

Successfully deleted: [Folder] "C:\Users\Elaine\appdata\local\coupon companion"

Successfully deleted: [Folder] "C:\Users\Elaine\appdata\locallow\televisionfanatic"

Successfully deleted: [Folder] "C:\Program Files (x86)\advanced system protector"

Successfully deleted: [Folder] "C:\Program Files (x86)\coupon companion"

Successfully deleted: [Folder] "C:\Program Files (x86)\televisionfanatic"

~~~ FireFox

Successfully deleted: [Folder] C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ykvgrh2l.default\extensions\64ffxtbr@televisionfanatic.com

Successfully deleted: [Folder] C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ykvgrh2l.default\extensions\crossriderapp4493@crossrider.com

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 11/24/2012 at 23:07:14.73

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[nuscher143]

Thank you and I will look for your response tomorrow.

[MrCharlie]

If you haven't...please............

1. Please re-run AdwCleaner
   
2. Click on Delete button.
   
3. Confirm each time with OK if asked.
   
4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
   

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

~~~~~~~~~~~~~~~~~~

Next...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[nuscher143]

I ran the adware again from my desktop. I ran as administrator. Clicked search and still nothing was found. Here is the report:

# AdwCleaner v2.009 - Logfile created 11/25/2012 at 12:28:11

# Updated 24/11/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Elaine - FISCHER-HP

# Boot Mode : Normal

# Running from : C:\Users\Elaine\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ykvgrh2l.default\prefs.js

Found : user_pref("aol_toolbar.default.homepage.check", false);

Found : user_pref("aol_toolbar.default.search.check", false);

Found : user_pref("extensions.509818124f78f.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]

Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Found : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Elaine\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7427 octets] - [28/10/2012 15:59:10]

AdwCleaner[R3].txt - [2923 octets] - [24/11/2012 22:54:45]

AdwCleaner[R4].txt - [1209 octets] - [24/11/2012 23:35:21]

AdwCleaner[R5].txt - [1955 octets] - [25/11/2012 12:28:11]

AdwCleaner[s1].txt - [6678 octets] - [28/10/2012 17:56:51]

AdwCleaner[s2].txt - [3039 octets] - [24/11/2012 22:55:17]

########## EOF - C:\AdwCleaner[R5].txt - [2135 octets] ##########

[nuscher143]

Going to run Combofix now and I will post when that is done.

[nuscher143]

ComboFix 12-11-25.01 - Elaine 11/25/2012 12:38:11.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2465 [GMT -5:00]

Running from: c:\users\Elaine\Desktop\ComboFix.exe

AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_BKAVAUTO

-------\Legacy_SYSLIB

.

.

((((((((((((((((((((((((( Files Created from 2012-10-25 to 2012-11-25 )))))))))))))))))))))))))))))))

.

.

2012-11-25 17:51 . 2012-11-25 17:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-25 17:51 . 2012-11-25 17:51 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-11-25 04:00 . 2012-11-25 04:00 -------- d-----w- c:\windows\ERUNT

2012-11-25 03:53 . 2012-11-25 03:53 -------- d-----w- C:\JRT

2012-11-24 18:48 . 2012-11-24 18:48 -------- d-----w- c:\program files (x86)\VS Revo Group

2012-11-19 23:32 . 2012-11-19 23:32 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

2012-11-17 14:10 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-17 14:10 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-17 14:10 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-17 14:10 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-15 13:59 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-15 13:59 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-15 13:59 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-15 13:59 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-15 13:59 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-15 13:59 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-15 13:59 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-05 19:38 . 2012-11-05 19:38 -------- d-----w- c:\program files (x86)\MocaFlix

2012-11-05 19:38 . 2012-11-05 19:38 -------- d-----w- c:\programdata\SaveAs

2012-11-05 19:32 . 2012-11-05 19:33 -------- d-----w- c:\program files (x86)\PrivitizeVPN

2012-11-02 15:03 . 2012-11-13 18:29 -------- d-----w- c:\users\Elaine\NEMS

2012-10-31 19:40 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-10-31 19:40 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\rndismpx.sys

2012-10-31 19:40 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2012-10-31 19:40 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-10-31 19:40 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-10-31 19:40 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-10-29 15:24 . 2012-10-29 15:24 -------- d-----w- c:\windows\system32\SPReview

2012-10-29 15:22 . 2012-10-29 15:22 -------- d-----w- c:\windows\system32\EventProviders

2012-10-29 15:21 . 2012-10-29 15:20 289768 ----a-w- c:\windows\system32\javaws.exe

2012-10-29 15:21 . 2012-10-29 15:20 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-10-29 15:20 . 2012-10-29 15:20 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2012-10-29 15:18 . 2012-10-29 15:18 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-10-29 15:18 . 2012-10-29 15:18 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe

2012-10-29 15:18 . 2012-10-29 15:18 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe

2012-10-29 14:47 . 2012-10-29 14:47 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

2012-10-28 05:13 . 2012-10-28 15:54 -------- d-----w- C:\TDSSKiller_Quarantine

2012-10-27 03:18 . 2012-11-24 02:36 -------- d-----w- c:\users\Elaine\AppData\Roaming\AVG2013

2012-10-27 03:15 . 2012-10-27 03:15 -------- d-----w- c:\users\Elaine\AppData\Roaming\TuneUp Software

2012-10-27 03:13 . 2012-10-27 03:28 -------- d-----w- c:\programdata\AVG2013

2012-10-27 03:13 . 2012-10-27 03:13 -------- d-----w- C:\$AVG

2012-10-27 03:11 . 2012-10-27 03:11 -------- d-----w- c:\program files (x86)\AVG

2012-10-27 03:08 . 2012-11-25 17:28 -------- d-----w- c:\programdata\MFAData

2012-10-27 03:08 . 2012-10-27 03:20 -------- d-----w- c:\users\Elaine\AppData\Local\Avg2013

2012-10-27 03:08 . 2012-10-27 03:08 -------- d--h--w- c:\programdata\Common Files

2012-10-27 03:08 . 2012-10-27 03:08 -------- d-----w- c:\users\Elaine\AppData\Local\MFAData

2012-10-27 02:59 . 2012-07-25 16:03 16896 ----a-w- c:\windows\system32\sasnative64.exe

2012-10-27 02:59 . 2012-10-12 20:45 19368 ----a-w- c:\windows\system32\roboot64.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-15 14:00 . 2011-02-26 16:16 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-29 15:36 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-10-29 15:36 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-10-29 15:20 . 2010-07-15 21:33 916456 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-29 15:20 . 2010-07-15 21:33 189416 ----a-w- c:\windows\system32\javaw.exe

2012-10-29 15:20 . 2010-07-15 21:33 188904 ----a-w- c:\windows\system32\java.exe

2012-10-22 18:02 . 2012-10-22 18:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2012-10-17 06:31 . 2012-10-26 17:56 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{237A3994-9595-47F7-BB58-691EAA3E02AD}\mpengine.dll

2012-10-15 08:48 . 2012-10-15 08:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2012-10-08 19:11 . 2012-06-14 12:00 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-08 19:11 . 2011-11-20 05:11 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-05 08:32 . 2012-10-05 08:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2012-10-02 07:30 . 2012-10-02 07:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2012-09-30 00:54 . 2011-12-09 00:09 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-21 07:46 . 2012-09-21 07:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2012-09-21 07:46 . 2012-09-21 07:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys

2012-09-14 19:19 . 2012-10-26 17:39 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-26 17:39 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-09-14 07:05 . 2012-09-14 07:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2012-09-04 14:39 . 2012-09-04 14:39 50296 ----a-w- c:\windows\system32\drivers\avgfwd6a.sys

2012-08-31 18:19 . 2012-10-26 17:40 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 18:03 . 2012-10-26 17:40 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-26 17:40 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12 . 2012-10-26 17:40 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-01-18 08:53 . 2011-01-18 08:53 2994688 ----a-w- c:\program files\openofficeorg33.msi

2011-01-18 08:52 . 2011-01-18 08:52 475016 ----a-w- c:\program files\setup.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3C34F43D-8C1D-4118-F130-21D1F94ACC5B}]

2012-11-05 19:48 129024 ----a-w- c:\programdata\SaveAs\509818124f872.ocx

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]

.

c:\users\Elaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

2X Client.lnk - c:\program files\2X\Client\APPServerClient.exe [2011-8-26 1790920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\progra~2\MocaFlix\sprotector.dll

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]

R2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]

R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]

R3 cpuz134;cpuz134;c:\users\Elaine\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]

R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-05-12 11776]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]

R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-09-29 695400]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-26 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-05-13 834544]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2012-11-02 1340976]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]

S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\NServiceEntry.exe [2010-11-05 81920]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]

S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 19:11]

.

2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1763447205-1324904601-2387708082-1000Core.job

- c:\users\Elaine\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-22 23:09]

.

2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1763447205-1324904601-2387708082-1000UA.job

- c:\users\Elaine\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-22 23:09]

.

2012-11-24 c:\windows\Tasks\HPCeeScheduleForElaine.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-13 6486120]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: google.com\www

Trusted Zone: optimum.net\webtop.webmail

Trusted Zone: optimum.net\www

Trusted Zone: worldwinner.com\www

TCP: DhcpNameServer = 167.206.112.138 167.206.7.4

FF - ProfilePath - c:\users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ykvgrh2l.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: keyword.URL -

FF - prefs.js: browser.startup.homepage -

FF - ExtSQL: 2012-11-09 16:28; 509818124f6e3@509818124f71c.com; c:\users\Elaine\AppData\Roaming\Mozilla\Firefox\Profiles\ykvgrh2l.default\extensions\509818124f6e3@509818124f71c.com

FF - ExtSQL: !HIDDEN! 2011-03-01 15:29; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-Coupon Companion - c:\program files (x86)\Coupon Companion\Uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,

7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de

"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60,

bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8

"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,

34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89

"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,

07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,

64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{B84CDBE7-1B46-494B-A188-01D4C52DEB61}"=hex:51,66,7a,6c,4c,1d,38,12,89,d8,5f,

bc,74,55,25,0c,de,9e,42,94,c0,73,af,75

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,

fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42

"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,

51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:1f,6c,bb,c8,a6,b3,cd,01

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

.

**************************************************************************

.

Completion time: 2012-11-25 13:14:05 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-25 18:13

ComboFix2.txt 2012-11-23 23:39

ComboFix3.txt 2012-10-28 16:18

ComboFix4.txt 2012-10-27 17:13

.

Pre-Run: 345,881,178,112 bytes free

Post-Run: 345,844,822,016 bytes free

.

- - End Of File - - 85E4D5F357382ECD7A51A92311203B96

[MrCharlie]

How is it?????? MrC

[nuscher143]

I was waiting for you to comment from my last 2 posts. I still have adware popping up?!?!

[MrCharlie]

I was waiting for you to comment from my last 2 posts.

I'm not sure what you want me to comment on??

Please run full scan:

http://www.microsoft.com/security/scanner/en-us/default.aspx <---------Microsoft Safety Scanner

MrC