Moneypak virus + No safe mode + No safe mode w networking, + No Repair your Computer,

[cnote]

I am at my wits end. This is without a doubt the worst version of Moneypak I've ever encountered.

No matter how I sign onto the deviceRegular windows,Safemode, Safemode with networking... All I get is the MoneyPak screen. I am also unable to enter System Recovery Options or get into the Recovery Console. Whenever i select 'repair your computer,' windows boot manager says that the selection failed because a required device is inaccessible. Also, the computer will not start with the recovery console disc inserted. I can insert it once it's in command mode but it will not Run.

The operating system is windows 7 home premium 64 bit

I can access safe mode with command (although the background is glitchy and white).

I downloaded the Farbar Recovery Scan Tool x64 and saved it to a flash drive. Then entered e:\frst64 into the comand prompt and it successfully scanned and searched. But when i recieved the log it read ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

Any and all help would be greatly appreciated!

Thanks in advance for your time and your guidance.

[gringo_pr]

Hello cnote

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

• 
  
• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

  [*]Please do not attach logs or use code boxes, just copy and paste the text.

  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
    

  [*]Please read every post completely before doing anything.

  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
    

  [*]Please provide feedback about your experience as we go.

  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
  
  

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I need to get some reports to get a base to start from so I need you to run these programs first.

-DeFogger-

• Please download

DeFogger to your desktop.
Double click DeFogger to run the tool.

• The application window will appear
  
• Click the Disable button to disable your CD Emulation drivers
  
• Click Yes to continue
  
• A 'Finished!' message will appear
  
• Click OK
  
• DeFogger may ask you to reboot the machine, if it does - click OK
  

Do not re-enable these drivers until otherwise instructed.

-Security Check-

• Download Security Check by screen317 from

here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-Download DDS-

• Please download DDS from one of the links below and save it to your desktop:
  
  Download DDS and save it to your desktop
  

Link1
Link2
Link3

• Double-Click on dds.scr and a command window will appear. This is normal.
  
• Shortly after two logs will appear:
  
  • DDS.txt
    
  • Attach.txt
    

  [*]A window will open instructing you save & post the logs

  [*]Save the logs to a convenient place such as your desktop

  [*]Copy the contents of both logs & post in your next reply

information and logs

• In your next post I need the following
  

1. both reports from DDS
   
2. report from security check
   
3. let me know of any problems you may have had
   

Gringo

[cnote]

In safe mode with command prompt, whenever i try doing a system restore using system protection (All Programs --> Accessories --> System Tools, --> System Restore.) i get a message saying 'please wait while your windows files and settings are being restored. But, when it reboots, nothing's changed?

[cnote]

Thanks Gringo!!

I'll get started on these downloads and get back to you with the results

Many Thanks

[gringo_pr]

OK I will be looking for you

gringo

[cnote]

As per your instructions:

1. checkup.txt

Results of screen317's Security Check version 0.99.60

Windows 7 x64 (UAC is disabled!)

Out of date service pack!!

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Norton 360

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.0.1400

Java 6 Update 24

Java version out of Date!

Adobe Flash Player 11.6.602.171

Adobe Reader 10.1.6 Adobe Reader out of Date!

Mozilla Firefox (3.5.9) Firefox out of Date!

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:

````````````````````End of Log``````````````````````

2. DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24

Run by Chris at 18:29:41 on 2013-03-02

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.9207.8378 [GMT -8:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\ctfmon.exe

C:\Windows\explorer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

mStart Page = hxxp://search.myheritage.com

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

mWinlogon: Shell = C:\PROGRA~3\1538587.bat

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Search Toolbar: {0C8413C1-FAD1-446C-8584-BE50576F863E} -

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll

TB: Search Toolbar: {0C8413C1-FAD1-446C-8584-BE50576F863E} -

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [uTorrent] "C:\Users\Chris\Desktop\utorrent-2.0.1-beta-18284.upx.exe"

uRunOnce: [Report] C:\AdwCleaner[s2].txt

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe -tray

mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe

StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\runctf.lnk - C:\Windows\System32\rundll32.exe

uPolicies-Explorer: HideSCAHealth = dword:1

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{53B4974C-A469-4FD2-9855-FA7E8561B5AC} : DHCPNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{D0929FD7-D2D5-4BE3-9A7A-53F8070C4EED} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{D0929FD7-D2D5-4BE3-9A7A-53F8070C4EED}\538355A423 : DHCPNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

x64-mWinlogon: Shell = Explorer.exe, C:\Users\Chris\AppData\Roaming\jv8cuvrhmf

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\

FF - prefs.js: browser.search.selectedEngine - Search

FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/

FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

FF - Ext: LoudMo Contextual Ad Assistant: {158add88-df90-3fd8-e66d-1d794ef4109e} - C:\Program Files (x86)\Mozilla Firefox\extensions\{158add88-df90-3fd8-e66d-1d794ef4109e}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-29 55856]

R0 SMR250;Symantec SMR Utility Service 2.5.0;C:\Windows\System32\drivers\SMR250.SYS [2012-3-18 96376]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0502020.003\symds64.sys [2012-6-11 450680]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0502020.003\symefa64.sys [2012-6-11 912504]

R3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;C:\Windows\System32\drivers\dgmbx2fu.sys [2011-2-13 32944]

S1 asdnet;asdnet;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2013-3-1 19280]

S1 asdrm;asdrm;C:\Windows\System32\drivers\asdrm.sys [2013-3-1 18768]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-2-12 1388120]

S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130228.001\IDSviA64.sys [2013-2-28 513184]

S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0502020.003\ironx64.sys [2012-6-11 171128]

S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0502020.003\symnets.sys [2012-6-11 386168]

S2 ADBlockerSrv;AD Blocker Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2013-3-1 279368]

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]

S2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2013-3-1 23376]

S2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-20 735592]

S2 asdws;AnviSmartDefender Web Guard;C:\Windows\System32\drivers\asdws.sys [2013-3-1 17232]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 DigiNet;Digidesign Ethernet Support;C:\Windows\System32\drivers\diginet.sys [2011-9-25 21520]

S2 DTBService;DTBService;C:\Program Files (x86)\DVRMSToolbox\DTBFWService.exe [2010-1-12 8192]

S2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-9-15 192512]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-4 13336]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-12 399432]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-12 676936]

S2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccsvchst.exe [2012-6-11 130008]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]

S3 dalwdmservice;dal service;C:\Windows\System32\drivers\Dalwdm.sys [2011-9-15 162832]

S3 DGUSBAP;Service for Digidesign Mbox2 (WDM);C:\Windows\System32\drivers\dgmbx2.sys [2011-2-13 194864]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2009-9-15 287960]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-12 25928]

S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;C:\Windows\System32\drivers\mbx2midk.sys [2011-9-15 32400]

S3 NUMARK_NS6_MIDI;Numark NS6 MIDI device;C:\Windows\System32\drivers\ns6_midi.sys [2012-11-9 31296]

S3 NUMARK_NS6_USB;Numark NS6 USB driver service;C:\Windows\System32\drivers\ns6_usb.sys [2012-11-9 416320]

S3 NUMARK_NS6_WDM;Numark NS6 WDM device;C:\Windows\System32\drivers\ns6_wdm.sys [2012-11-9 54336]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-9 1255736]

.

=============== File Associations ===============

.

FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [userChoice]

.

=============== Created Last 30 ================

.

2013-03-02 07:06:33 148262 ----a-w- C:\Users\Chris\AppData\Roaming\jv8cuvrhmf.exe

2013-03-02 05:21:17 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys

2013-03-02 05:21:17 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys

2013-03-02 05:21:17 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys

2013-03-02 05:21:15 -------- d-----w- C:\ProgramData\Anvisoft

2013-03-02 05:21:13 -------- d-----w- C:\Program Files (x86)\Anvisoft

2013-03-02 03:01:13 -------- d--h--w- C:\ProgramData\Common Files

2013-03-02 03:01:13 -------- d-----w- C:\Users\Chris\AppData\Local\MFAData

2013-03-02 03:01:13 -------- d-----w- C:\Users\Chris\AppData\Local\Avg2013

2013-03-02 03:01:13 -------- d-----w- C:\ProgramData\MFAData

2013-03-02 00:59:24 -------- d---a-w- C:\$Anvi Rescue Disk$

2013-03-02 00:56:37 -------- d-sh--w- C:\$RECYCLE.BIN

2013-03-02 00:33:46 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2013-03-01 20:53:39 98816 ----a-w- C:\Windows\sed.exe

2013-03-01 20:53:39 256000 ----a-w- C:\Windows\PEV.exe

2013-03-01 20:53:39 208896 ----a-w- C:\Windows\MBR.exe

2013-03-01 20:53:32 -------- d-s---w- C:\ComboFix

2013-03-01 20:18:51 -------- d-----w- C:\FRST

2013-03-01 07:32:49 148647 ----a-w- C:\Users\Chris\AppData\Local\jv8cuvrhmf.exe

2013-03-01 07:32:48 145817 ----a-w- C:\ProgramData\jv8cuvrhmf.exe

2013-03-01 07:32:46 60 ----a-w- C:\ProgramData\1538587.bat

2013-03-01 07:32:46 153 ----a-w- C:\ProgramData\1538587.reg

2013-02-27 08:14:07 16473456 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2013-02-25 06:52:33 -------- d-----w- C:\Users\Chris\AppData\Local\DDMSettings

2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2013-02-12 01:03:11 -------- d-sh--w- C:\found.003

2013-02-08 07:03:58 -------- d-sh--w- C:\found.001

.

==================== Find3M ====================

.

2013-02-27 08:14:14 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-27 08:14:14 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-29 10:54:24 550328 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-12-29 08:40:27 6382008 ----a-w- C:\Windows\System32\nvcpl.dll

2012-12-29 08:40:27 3455416 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-12-29 08:40:09 884152 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-12-29 08:40:09 63928 ----a-w- C:\Windows\System32\nvshext.dll

2012-12-29 08:40:09 118712 ----a-w- C:\Windows\System32\nvmctray.dll

.

============= FINISH: 18:44:14.35 ===============

3. Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 10/29/2009 5:21:09 PM

System Uptime: 3/2/2013 6:08:43 PM (0 hours ago)

.

Motherboard: PEGATRON CORPORATION | | TRUCKEE

Processor: Intel® Core i7 CPU 920 @ 2.67GHz | CPU 1 | 2660/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 919 GiB total, 655.446 GiB free.

D: is FIXED (NTFS) - 12 GiB total, 2.222 GiB free.

E: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

K: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart C4700 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart C4700 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}

Description: Consumer IR Devices

Device ID: ROOT\SYSTEM\0001

Manufacturer: Microsoft

Name: Consumer IR Devices

PNP Device ID: ROOT\SYSTEM\0001

Service: circlass

.

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}

Description: eHome Infrared Receiver (USBCIR)

Device ID: USB\VID_045E&PID_006D\MS0R4WZB

Manufacturer: Microsoft

Name: eHome Infrared Receiver (USBCIR)

PNP Device ID: USB\VID_045E&PID_006D\MS0R4WZB

Service: usbcir

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Intel® 82567V-2 Gigabit Network Connection

Device ID: PCI\VEN_8086&DEV_10CE&SUBSYS_2A86103C&REV_00\3&11583659&0&C8

Manufacturer: Intel

Name: Intel® 82567V-2 Gigabit Network Connection

PNP Device ID: PCI\VEN_8086&DEV_10CE&SUBSYS_2A86103C&REV_00\3&11583659&0&C8

Service: e1yexpress

.

==== System Restore Points ===================

.

RP979: 2/1/2013 7:10:05 PM - HPSF Restore Point

RP980: 2/26/2013 10:08:51 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

5600

64 Bit HP CIO Components Installer

Acrobat.com

Activate Norton Online Backup

Activation Assistant for the 2007 Microsoft Office suites

ActiveCheck component for HP Active Support Library

AD Blocker

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 7.0

Adobe Photoshop.com Inspiration Browser

Adobe Reader X (10.1.6)

AIO_CDB_ProductContext

AIO_CDB_Software

AIO_Scan

Anvi Smart Defender 1.8

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft VideoImpression 2

ArcSoft WebCam Companion 2

Avid Mbox 2 USB Drivers (x64)

Avid Pro Tools LE 8.0.5

Bonjour

BufferChm

Button Manager

C4700

Camersoft Skype Video Recorder 2.2.18

CCleaner

Compatibility Pack for the 2007 Office system

Copy

Coupon Printer for Windows

CyberLink DVD Suite Deluxe

Destinations

DeviceDiscovery

Digidesign ElevenRack Driver 1.0.8 (x64)

Digidesign Pro Tools LE 7.1

DirectX for Managed Code Update (Summer 2004)

DiskAid 3.11

DocProc

DVRMSToolbox

Fax

Final Draft

Free DigiRack Plug-Ins 8.0.5

Free MP3 Sound Recorder v1.9

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

Hardware Diagnostic Tools

Hewlett-Packard ACLM.NET v1.1.0.0

HitmanPro 3.6

Homepage Protection

HP Advisor

HP Customer Experience Enhancements

HP Customer Participation Program 14.0

HP Easy Backup

HP Games

HP Imaging Device Functions 14.0

HP MediaSmart Demo

HP MediaSmart DVD

HP MediaSmart Movie Themes

HP MediaSmart Music/Photo/Video

HP MediaSmart SmartMenu

HP Odometer

HP Photo Creations

HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6

HP Photosmart Essential 3.5

HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B

HP Product Detection

HP Remote Solution

HP Setup

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Support Assistant

HP Support Information

HP Update

HP Webcam User's Guide

HPAsset component for HP Active Support Library

HPDiagnosticAlert

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

iCloud

Instagram Bot

Intel® Rapid Storage Technology

InterLok Driver Kit

Interlok driver setup x64

ITCH

iTunes

iTunesDSM

Java Auto Updater

Java 6 Update 24

LabelPrint

LightScribe System Software

LoudMo Contextual Ad Assistant

Malwarebytes Anti-Malware version 1.65.0.1400

MarkelSoft Dupe Eliminator for iTunes 9.2

MarketResearch

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Live Search Toolbar

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Standard 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Works

MIDI-OX

MIDI Updater 1.0

MobileMe Control Panel

Moleskinsoft Clone Remover 3.8

Motorola Driver Installation 3.4.0

Mozilla Firefox (3.5.9)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MusicBrainz Picard

Network64

NoClone 2010 Free Edition

Norton 360

NS6 USB Audio driver

NVIDIA 3D Vision Controller Driver 310.90

NVIDIA 3D Vision Driver 310.90

NVIDIA Control Panel 310.90

NVIDIA Display Control Panel

NVIDIA Graphics Driver 310.90

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA StereoUSB Driver

NVIDIA Update 1.11.3

NVIDIA Update Components

OCR Software by I.R.I.S. 13.0

PhotoshopdotcomInspirationBrowser

PictureMover

Power2Go

PowerDirector

PowerRecover

PS_AIO_06_C4700_SW_Min

PVSonyDll

QuickTime

QuickTransfer

RAR File Open Knife - Free Opener

Realtek High Definition Audio Driver

Safari

Scan

Search Toolbar

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

SharewarePile iPodManager 1.0.0.2

Shop for HP Supplies

ShowAnalyzerSuite

ShufflePlusVLOI

Skype Toolbars

Skypeô 5.3

SmartWebPrinting

SolutionCenter

Spotify

Status

Toolbox

TrayApp

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC80CRTRedist - 8.0.50727.6195

VLC media player 1.1.8

VZAccess Manager

WebReg

Windows Mobile Device Center

Windows Mobile Device Center Driver Update

.

==== Event Viewer Messages From Past Week ========

.

3/2/2013 6:26:25 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

3/2/2013 6:15:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service defragsvc with arguments "" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}

3/2/2013 6:12:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

3/2/2013 6:11:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

3/2/2013 6:11:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

3/2/2013 6:11:15 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

3/2/2013 6:10:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

3/2/2013 6:10:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

3/2/2013 6:10:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

3/2/2013 6:10:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

3/2/2013 6:10:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/2/2013 6:10:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

3/2/2013 6:09:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD asdnet asdrm BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf

3/2/2013 6:09:13 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

3/2/2013 6:09:13 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

3/2/2013 6:09:13 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/2/2013 6:09:13 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/2/2013 6:09:13 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

3/2/2013 6:09:13 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/2/2013 6:09:13 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/2/2013 6:09:13 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

3/2/2013 6:09:13 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/2/2013 6:09:13 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/2/2013 6:09:13 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/2/2013 6:09:13 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

3/2/2013 4:34:43 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

3/2/2013 4:34:33 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

3/2/2013 1:17:40 PM, Error: Service Control Manager [7024] - The Power service terminated with service-specific error The operation completed successfully..

3/1/2013 8:45:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf

3/1/2013 8:30:24 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

3/1/2013 7:27:29 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume HP.

3/1/2013 6:02:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

3/1/2013 6:01:51 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

3/1/2013 6:01:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6

3/1/2013 4:56:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

3/1/2013 12:53:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

3/1/2013 11:10:34 PM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

3/1/2013 11:10:34 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

3/1/2013 11:10:34 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

3/1/2013 11:10:34 PM, Error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: %%-2147467243

3/1/2013 11:10:34 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.

3/1/2013 11:10:34 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.

3/1/2013 11:10:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

3/1/2013 11:10:19 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT' was corrupted and it has been recovered. Some data might have been lost.

3/1/2013 11:06:56 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

3/1/2013 11:05:11 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

3/1/2013 10:01:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

2/28/2013 11:52:34 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread

2/28/2013 11:51:37 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The pipe has been ended.

2/27/2013 4:48:54 PM, Error: Microsoft-Windows-WHEA-Logger [18] - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Internal Timer Error Processor ID: 6 The details view of this entry contains further information.

2/27/2013 4:48:42 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.

2/27/2013 4:48:42 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000101 (0x0000000000000019, 0x0000000000000000, 0xfffff88003500180, 0x0000000000000006). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .

2/27/2013 4:32:10 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

2/26/2013 4:42:15 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.

2/25/2013 4:41:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

.

==== End Of File ===========================

Also, as I mentioned in my previous side post, In safe mode with command prompt, whenever i try doing a system restore using system protection (All Programs --> Accessories --> System Tools, --> System Restore.)

It reboots with a message saying:

"System Restore did not complete successfully. Your computer's system files and settings were not changed.

Details:

System Restore failed to extract the file

(C:\Users\Chris\AppData\LocalLow\Sun\Java\jre1.6.0_17\gtapi.dll) from the restore point.

The restore point was damaged or was deleted during the restore."

Please advise the next step.

Thanks again for all your time and efforts!!

[gringo_pr]

Hello cnote

These are the programs I would like you to run next, if you have any problems with these just skip it and move on to the next one.

-AdwCleaner-

• Please download

AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
  
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
  
• Please post the content of that logfile with your next answer.
  
• You can find the logfile at C:\AdwCleaner[s1].txt as well.
  

--RogueKiller--

• Download & SAVE to your Desktop RogueKiller or from here
  
  • Quit all programs that you may have started.
    
  • Please disconnect any USB or external drives from the computer before you run this scan!
    
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    
  • For Windows XP, double-click to start.
    
  • Wait until Prescan has finished ...
    
  • Then Click on "Scan" button
    
  • Wait until the Status box shows "Scan Finished"
    
  • click on "delete"
    
  • Wait until the Status box shows "Deleting Finished"
    
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    
  • The log should be found in RKreport[1].txt on your Desktop
    
  • Exit/Close RogueKiller+
    

Gringo

[cnote]

Thanks Gringo! Here's the C:\AdwCleaner[s1].txt you requested:

# AdwCleaner v2.113 - Logfile created 03/01/2013 at 21:23:45

# Updated 23/02/2013 by Xplode

# Operating system : Windows 7 Home Premium (64 bits)

# User : Chris - CHRIS-PC

# Boot Mode : Safe mode

# Running from : C:\Users\Chris\Desktop\debug\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg

Folder Deleted : C:\Program Files (x86)\Search Toolbar

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\Chris\AppData\Local\SanctionedMedia

Folder Deleted : C:\Users\Chris\AppData\LocalLow\boost_interprocess

Folder Deleted : C:\Users\Chris\AppData\LocalLow\Toolbar4

Folder Deleted : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\extensions\plugin@yontoo.com

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\AppDataLow\HavingFunOnline

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA3EB689-8F09-4026-AA10-B9534C691CE0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Smad

Key Deleted : HKCU\Software\SanctionedMedia

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\TBSB05974.IEToolbar

Key Deleted : HKLM\SOFTWARE\Classes\TBSB05974.IEToolbar.1

Key Deleted : HKLM\SOFTWARE\Classes\TBSB05974.TBSB05974

Key Deleted : HKLM\SOFTWARE\Classes\TBSB05974.TBSB05974.3

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB05974

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB05974.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}

Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook

Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1

Key Deleted : HKLM\Software\Iminent

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\SOFTWARE\Software

Key Deleted : HKLM\SOFTWARE\Tarma Installer

Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Deleted : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Deleted : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v3.5.9 (en-US)

File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\prefs.js

C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6955 octets] - [01/03/2013 21:23:12]

AdwCleaner[s1].txt - [6879 octets] - [01/03/2013 21:23:45]

########## EOF - C:\AdwCleaner[s1].txt - [6939 octets] ##########

When it ran the RogueKiller scan, an internet explorer message came up saying, "cannot display the webpage."

Here is the resulting RKreport[1].txt results:

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Safe mode

User : Chris [Admin rights]

Mode : Remove -- Date : 03/03/2013 01:52:42

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000528AS +++++

--- User ---

[MBR] 17ee88ba57d6f04265904abbb37ecbb6

[bSP] e282619863f6cedf88d055f819eacc19 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 941200 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1927784448 | Size: 12567 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3]_D_03032013_02d0152.txt >>

RKreport[1]_S_03032013_02d0146.txt ; RKreport[2]_D_03032013_02d0151.txt ; RKreport[3]_D_03032013_02d0152.txt

I really appreciate your skill and expertise. Enjoy the rest of your weekend!

[gringo_pr]

Hello cnote

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
  
• let me know of any problems you may have had
  
• How is the computer doing now?
  

Gringo

[cnote]

<p>in the bottom right hand corner, <span style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; line-height: 19px; ">whenever i attempt to turn off any security software running,</span> it reads "not connected. no connections are available"</p>

<p>also, simply reading ANY screen proves difficult, as i have to make sense of what the software prompts/ menus say by using screen shots (for corresponding software) on an adjacent laptop, in order to navigate to where correct buttons are located (i.e. 'next', 'o.k.').</p>

<p>Combofix kept showing that Norton 360 was still active and left me no options to disable it, so i simply uninstalled it, re-booted, and re-attemted to run Combofix. When i did i received the same message that</p>

<p>"Combofix has detected the following realtime scanner(s) to be active</p>

<p>antivirus:  Norton 360</p>

<p>antispyware Norton 360"</p>

<p>i went ahead with the scan and received the following log:</p>

<p> </p>

<p> </p>

<div>ComboFix 13-03-02.01 - Chris 03/03/2013   8:57.1.8 - x64 MINIMAL</div>

<div>Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.9207.8270 [GMT -8:00]</div>

<div>Running from: c:\users\Chris\Desktop\ComboFix.exe</div>

<div>AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}</div>

<div>FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}</div>

<div>SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}</div>

<div>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div>

<div> * Created a new restore point</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>c:\programdata\1538587.bat</div>

<div>c:\programdata\1538587.pad</div>

<div>c:\programdata\1538587.reg</div>

<div>c:\programdata\3714350546BC48A6006D3713C83A914C</div>

<div>c:\programdata\3714350546BC48A6006D3713C83A914C\3714350546BC48A6006D3713C83A914C</div>

<div>c:\programdata\3714350546BC48A6006D3713C83A914C\3714350546BC48A6006D3713C83A914C.ico</div>

<div>c:\programdata\jv8cuvrhmf.exe</div>

<div>c:\users\Chris\AppData\Local\jv8cuvrhmf.exe</div>

<div>c:\users\Chris\AppData\Roaming\jv8cuvrhmf.exe</div>

<div>c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\searchplugins\bing-zugo.xml</div>

<div>c:\users\Public\Documents\~WRL2687.tmp</div>

<div>c:\users\Public\Documents\~WRL3057.tmp</div>

<div>c:\users\Public\Documents\~WRL3655.tmp</div>

<div>c:\users\Public\Documents\Documents\~WRL0005.tmp</div>

<div>c:\users\Public\Documents\Documents\~WRL0078.tmp</div>

<div>c:\users\Public\Documents\Documents\~WRL1217.tmp</div>

<div>c:\users\Public\Documents\Documents\~WRL1450.tmp</div>

<div>c:\users\Public\Documents\Documents\~WRL1774.tmp</div>

<div>c:\users\Public\Documents\Documents\~WRL2055.tmp</div>

<div>c:\users\Public\Documents\Documents\~WRL2071.tmp</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((   Files Created from 2013-02-03 to 2013-03-03  )))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>2013-03-03 17:07 . 2013-03-03 17:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\UpdatusUser\AppData\Local\temp</div>

<div>2013-03-03 17:07 . 2013-03-03 17:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div>

<div>2013-03-02 05:21 . 2012-11-07 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>17232<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\asdws.sys</div>

<div>2013-03-02 05:21 . 2012-11-07 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>23376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\asdrs.sys</div>

<div>2013-03-02 05:21 . 2012-11-07 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>18768<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\asdrm.sys</div>

<div>2013-03-02 05:21 . 2013-03-02 05:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Anvisoft</div>

<div>2013-03-02 05:21 . 2013-03-02 05:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Anvisoft</div>

<div>2013-03-02 03:01 . 2013-03-02 03:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\MFAData</div>

<div>2013-03-02 03:01 . 2013-03-02 03:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d--h--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Common Files</div>

<div>2013-03-02 03:01 . 2013-03-02 03:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Chris\AppData\Local\MFAData</div>

<div>2013-03-02 03:01 . 2013-03-02 03:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Chris\AppData\Local\Avg2013</div>

<div>2013-03-02 00:59 . 2013-03-02 00:59<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d---a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\$Anvi Rescue Disk$</div>

<div>2013-03-02 00:33 . 2013-03-02 09:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d---a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Kaspersky Rescue Disk 10.0</div>

<div>2013-03-01 20:18 . 2013-03-01 20:18<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\FRST</div>

<div>2013-02-27 08:14 . 2013-02-27 08:14<span class="Apple-tab-span" style="white-space:pre"> </span>16473456<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerInstaller.exe</div>

<div>2013-02-25 06:52 . 2013-02-25 06:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Chris\AppData\Local\DDMSettings</div>

<div>2013-02-15 22:31 . 2013-02-15 22:31<span class="Apple-tab-span" style="white-space:pre"> </span>186432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll</div>

<div>2013-02-15 22:31 . 2013-02-15 22:31<span class="Apple-tab-span" style="white-space:pre"> </span>186432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll</div>

<div>2013-02-12 01:03 . 2013-02-12 01:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\found.003</div>

<div>2013-02-08 07:03 . 2013-02-08 07:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\found.001</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>2013-02-27 08:14 . 2012-04-10 00:04<span class="Apple-tab-span" style="white-space:pre"> </span>691568<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerApp.exe</div>

<div>2013-02-27 08:14 . 2011-06-08 16:44<span class="Apple-tab-span" style="white-space:pre"> </span>71024<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerCPLApp.cpl</div>

<div>2013-02-14 05:01 . 2009-12-21 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>737072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll</div>

<div>2013-02-13 05:16 . 2010-01-29 03:52<span class="Apple-tab-span" style="white-space:pre"> </span>737072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll</div>

<div>2013-02-13 05:07 . 2009-12-21 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>2876528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll</div>

<div>2013-02-13 05:07 . 2010-06-03 03:55<span class="Apple-tab-span" style="white-space:pre"> </span>42776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll</div>

<div>2013-01-27 04:36 . 2010-05-19 03:12<span class="Apple-tab-span" style="white-space:pre"> </span>2876528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll</div>

<div>2013-01-27 04:36 . 2010-05-19 03:12<span class="Apple-tab-span" style="white-space:pre"> </span>42776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll</div>

<div>2012-12-29 10:54 . 2012-12-29 10:54<span class="Apple-tab-span" style="white-space:pre"> </span>550328<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvStreaming.exe</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>9389888<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcuda.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>7931896<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvcuda.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>7565240<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvopencl.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>6263784<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvopencl.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>2904504<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcuvid.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>2720696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvcuvid.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>26931128<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvoglv64.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>25256376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcompiler.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>2504248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvapi.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>2344888<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcuvenc.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>20450232<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvoglv32.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>1985976<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvcuvenc.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>1813432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvdispco64.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>18054312<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvd3dumx.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>17560504<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvcompiler.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>15129064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvd3dum.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>15052368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvwgf2umx.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>1504696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvdispgenco64.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>10997176<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\nvlddmkm.sys</div>

<div>2012-12-29 10:34 . 2009-09-15 19:52<span class="Apple-tab-span" style="white-space:pre"> </span>2824656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvapi64.dll</div>

<div>2012-12-29 10:34 . 2009-08-14 11:14<span class="Apple-tab-span" style="white-space:pre"> </span>12641120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvwgf2um.dll</div>

<div>2012-12-29 08:40 . 2010-03-25 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>6382008<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcpl.dll</div>

<div>2012-12-29 08:40 . 2010-03-25 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>3455416<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvsvc64.dll</div>

<div>2012-12-29 08:40 . 2010-03-25 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>884152<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvvsvc.exe</div>

<div>2012-12-29 08:40 . 2010-03-25 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>118712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvmctray.dll</div>

<div>2012-12-29 08:40 . 2009-06-27 00:00<span class="Apple-tab-span" style="white-space:pre"> </span>63928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvshext.dll</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>*Note* empty entries & legit default entries are not shown </div>

<div>REGEDIT4</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]</div>

<div>2009-06-08 21:41<span class="Apple-tab-span" style="white-space:pre"> </span>120104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll</div>

<div>.</div>

<div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]</div>

<div>"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-09-05 59280]</div>

<div>"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-23 39408]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]</div>

<div>"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]</div>

<div>"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]</div>

<div>"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]</div>

<div>"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]</div>

<div>"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]</div>

<div>"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]</div>

<div>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]</div>

<div>"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]</div>

<div>"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]</div>

<div>"ADBlocker"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe" [2012-12-21 979816]</div>

<div>"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-12-21 1434984]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div>

<div>"ConsentPromptBehaviorAdmin"= 5 (0x5)</div>

<div>"ConsentPromptBehaviorUser"= 3 (0x3)</div>

<div>"EnableUIADesktopToggle"= 0 (0x0)</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]</div>

<div>@=""</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]</div>

<div>@=""</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]</div>

<div>@=""</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]</div>

<div>@=""</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]</div>

<div>@="Service"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\security center]</div>

<div>"AntiVirusOverride"=dword:00000001</div>

<div>"FirewallOverride"=dword:00000001</div>

<div>.</div>

<div>R1 asdnet;asdnet;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2012-09-07 19280]</div>

<div>R1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys [2012-11-07 18768]</div>

<div>R2 ADBlockerSrv;AD Blocker Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2012-11-13 279368]</div>

<div>R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]</div>

<div>R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys [2012-11-07 23376]</div>

<div>R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-21 735592]</div>

<div>R2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys [2012-11-07 17232]</div>

<div>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]</div>

<div>R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 21520]</div>

<div>R2 DTBService;DTBService;c:\program files (x86)\DVRMSToolbox\DTBFWService.exe [2010-01-13 8192]</div>

<div>R2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]</div>

<div>R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]</div>

<div>R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]</div>

<div>R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]</div>

<div>R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]</div>

<div>R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2008-12-04 162832]</div>

<div>R3 DGUSBAP;Service for Digidesign Mbox2 (WDM);c:\windows\system32\DRIVERS\dgmbx2.sys [2011-02-13 194864]</div>

<div>R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-12 287960]</div>

<div>R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]</div>

<div>R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2008-12-04 32400]</div>

<div>R3 NUMARK_NS6_MIDI;Numark NS6 MIDI device;c:\windows\system32\drivers\ns6_midi.sys [2012-11-10 31296]</div>

<div>R3 NUMARK_NS6_USB;Numark NS6 USB driver service;c:\windows\system32\Drivers\ns6_usb.sys [2012-11-10 416320]</div>

<div>R3 NUMARK_NS6_WDM;Numark NS6 WDM device;c:\windows\system32\drivers\ns6_wdm.sys [2012-11-10 54336]</div>

<div>R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]</div>

<div>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-10 1255736]</div>

<div>S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]</div>

<div>S0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\System32\drivers\SMR250.SYS [2012-03-18 96376]</div>

<div>S3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;c:\windows\system32\DRIVERS\dgmbx2fu.sys [2011-02-13 32944]</div>

<div>.</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]</div>

<div>hpdevmgmt<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>hpqcxs08 hpqddsvc</div>

<div>.</div>

<div>Contents of the 'Scheduled Tasks' folder</div>

<div>.</div>

<div>2013-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job</div>

<div>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 08:14]</div>

<div>.</div>

<div>2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div>

<div>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 05:48]</div>

<div>.</div>

<div>2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div>

<div>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 05:48]</div>

<div>.</div>

<div>2013-02-12 c:\windows\Tasks\HPCeeScheduleForChris.job</div>

<div>- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-09-15 21:38]</div>

<div>.</div>

<div>2013-02-14 c:\windows\Tasks\PCDRScheduledMaintenance.job</div>

<div>- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]</div>

<div>.</div>

<div>.</div>

<div>--------- X64 Entries -----------</div>

<div>.</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]</div>

<div>.</div>

<div>------- Supplementary Scan -------</div>

<div>.</div>

<div>uStart Page = hxxp://www.google.com/</div>

<div>uLocal Page = c:\windows\system32\blank.htm</div>

<div>mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt</div>

<div>mStart Page = hxxp://search.myheritage.com</div>

<div>mLocal Page = c:\windows\SysWOW64\blank.htm</div>

<div>uInternet Settings,ProxyOverride = *.local</div>

<div>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000</div>

<div>IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html</div>

<div>TCP: DhcpNameServer = 192.168.2.1</div>

<div>FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\</div>

<div>FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/</div>

<div>FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=</div>

<div>FF - Ext: LoudMo Contextual Ad  Assistant: {158add88-df90-3fd8-e66d-1d794ef4109e} - c:\program files (x86)\Mozilla Firefox\extensions\{158add88-df90-3fd8-e66d-1d794ef4109e}</div>

<div>FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</div>

<div>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}</div>

<div>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}</div>

<div>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}</div>

<div>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}</div>

<div>FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3</div>

<div>FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3</div>

<div>.</div>

<div>- - - - ORPHANS REMOVED - - - -</div>

<div>.</div>

<div>Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files (x86)\Search Toolbar\tbcore3.dll</div>

<div>Wow6432Node-HKLM-Run-<NO NAME> - (no file)</div>

<div>WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)</div>

<div>AddRemove-4g0_SkAiMSrNe5 - c:\windows\system32\4g0_SkAiMSrNe5.exe</div>

<div>AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>--------------------- LOCKED REGISTRY KEYS ---------------------</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="FlashBroker"</div>

<div>"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</div>

<div>"Enabled"=dword:00000001</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</div>

<div>@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</div>

<div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="IFlashBroker5"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</div>

<div>@="{00020424-0000-0000-C000-000000000046}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</div>

<div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>

<div>"Version"="1.0"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="FlashBroker"</div>

<div>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</div>

<div>"Enabled"=dword:00000001</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</div>

<div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="Shockwave Flash Object"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"</div>

<div>"ThreadingModel"="Apartment"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</div>

<div>@="0"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</div>

<div>@="ShockwaveFlash.ShockwaveFlash.11"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</div>

<div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</div>

<div>@="1.0"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div>

<div>@="ShockwaveFlash.ShockwaveFlash"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="Macromedia Flash Factory Object"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"</div>

<div>"ThreadingModel"="Apartment"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</div>

<div>@="FlashFactory.FlashFactory.1"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</div>

<div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</div>

<div>@="1.0"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div>

<div>@="FlashFactory.FlashFactory"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="IFlashBroker5"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</div>

<div>@="{00020424-0000-0000-C000-000000000046}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</div>

<div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>

<div>"Version"="1.0"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]</div>

<div>"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,</div>

<div>   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]</div>

<div>@Denied: (Full) (Everyone)</div>

<div>.</div>

<div>Completion time: 2013-03-03  09:10:59</div>

<div>ComboFix-quarantined-files.txt  2013-03-03 17:10</div>

<div>.</div>

<div>Pre-Run: 708,977,143,808 bytes free</div>

<div>Post-Run: 708,577,980,416 bytes free</div>

<div>.</div>

<div>- - End Of File - - 2C1BC04D1639D3E39D8A89DCEA4A7A8D</div>

<div> </div>

<div>Awaiting your next instruction...</div>

<div>Thanks again for your patience and generosity.</div>

[cnote]

<p> </p>

<div><span style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">in the bottom right hand corner, whenever i attempt to turn off any security software running, it reads 'not connected. no connections are available'</span><br style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; " />

<span style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">also, simply reading ANY screen proves difficult, as i have to make sense of what the software prompts/ menus say by using screen shots (for corresponding software) on an adjacent laptop, in order to navigate to where correct buttons are located (i.e. 'next' , 'o.k.'.</span><br style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; " />

<span style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">Combofix kept showing that Norton 360 was still active and left me no options to disable it, so i simply uninstalled it, re-booted, and re-attemted to run Combofix. When i did i received the same message that</span><br style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; " />

<span style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">"Combofix has detected the following realtime scanner(s) to be active</span><br style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; " />

<span style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">antivirus:  Norton 360</span><br style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; " />

<span style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">antispyware Norton 360"</span><br style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; " />

<span style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">i went ahead with the scan and received the following log:</span></div>

<div> </div>

<div>ComboFix 13-03-02.01 - Chris 03/03/2013   8:57.1.8 - x64 MINIMAL</div>

<div>Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.9207.8270 [GMT -8:00]</div>

<div>Running from: c:\users\Chris\Desktop\ComboFix.exe</div>

<div>AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}</div>

<div>FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}</div>

<div>SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}</div>

<div>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div>

<div> * Created a new restore point</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>c:\programdata\1538587.bat</div>

<div>c:\programdata\1538587.pad</div>

<div>c:\programdata\1538587.reg</div>

<div>c:\programdata\3714350546BC48A6006D3713C83A914C</div>

<div>c:\programdata\3714350546BC48A6006D3713C83A914C\3714350546BC48A6006D3713C83A914C</div>

<div>c:\programdata\3714350546BC48A6006D3713C83A914C\3714350546BC48A6006D3713C83A914C.ico</div>

<div>c:\programdata\jv8cuvrhmf.exe</div>

<div>c:\users\Chris\AppData\Local\jv8cuvrhmf.exe</div>

<div>c:\users\Chris\AppData\Roaming\jv8cuvrhmf.exe</div>

<div>c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\searchplugins\bing-zugo.xml</div>

<div>c:\users\Public\Documents\~WRL2687.tmp</div>

<div>c:\users\Public\Documents\~WRL3057.tmp</div>

<div>c:\users\Public\Documents\~WRL3655.tmp</div>

<div>c:\users\Public\Documents\Documents\~WRL0005.tmp</div>

<div>c:\users\Public\Documents\Documents\~WRL0078.tmp</div>

<div>c:\users\Public\Documents\Documents\~WRL1217.tmp</div>

<div>c:\users\Public\Documents\Documents\~WRL1450.tmp</div>

<div>c:\users\Public\Documents\Documents\~WRL1774.tmp</div>

<div>c:\users\Public\Documents\Documents\~WRL2055.tmp</div>

<div>c:\users\Public\Documents\Documents\~WRL2071.tmp</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((   Files Created from 2013-02-03 to 2013-03-03  )))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>2013-03-03 17:07 . 2013-03-03 17:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\UpdatusUser\AppData\Local\temp</div>

<div>2013-03-03 17:07 . 2013-03-03 17:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div>

<div>2013-03-02 05:21 . 2012-11-07 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>17232<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\asdws.sys</div>

<div>2013-03-02 05:21 . 2012-11-07 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>23376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\asdrs.sys</div>

<div>2013-03-02 05:21 . 2012-11-07 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>18768<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\asdrm.sys</div>

<div>2013-03-02 05:21 . 2013-03-02 05:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Anvisoft</div>

<div>2013-03-02 05:21 . 2013-03-02 05:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Anvisoft</div>

<div>2013-03-02 03:01 . 2013-03-02 03:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\MFAData</div>

<div>2013-03-02 03:01 . 2013-03-02 03:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d--h--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Common Files</div>

<div>2013-03-02 03:01 . 2013-03-02 03:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Chris\AppData\Local\MFAData</div>

<div>2013-03-02 03:01 . 2013-03-02 03:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Chris\AppData\Local\Avg2013</div>

<div>2013-03-02 00:59 . 2013-03-02 00:59<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d---a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\$Anvi Rescue Disk$</div>

<div>2013-03-02 00:33 . 2013-03-02 09:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d---a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Kaspersky Rescue Disk 10.0</div>

<div>2013-03-01 20:18 . 2013-03-01 20:18<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\FRST</div>

<div>2013-02-27 08:14 . 2013-02-27 08:14<span class="Apple-tab-span" style="white-space:pre"> </span>16473456<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerInstaller.exe</div>

<div>2013-02-25 06:52 . 2013-02-25 06:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Chris\AppData\Local\DDMSettings</div>

<div>2013-02-15 22:31 . 2013-02-15 22:31<span class="Apple-tab-span" style="white-space:pre"> </span>186432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll</div>

<div>2013-02-15 22:31 . 2013-02-15 22:31<span class="Apple-tab-span" style="white-space:pre"> </span>186432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll</div>

<div>2013-02-12 01:03 . 2013-02-12 01:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\found.003</div>

<div>2013-02-08 07:03 . 2013-02-08 07:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\found.001</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>2013-02-27 08:14 . 2012-04-10 00:04<span class="Apple-tab-span" style="white-space:pre"> </span>691568<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerApp.exe</div>

<div>2013-02-27 08:14 . 2011-06-08 16:44<span class="Apple-tab-span" style="white-space:pre"> </span>71024<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerCPLApp.cpl</div>

<div>2013-02-14 05:01 . 2009-12-21 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>737072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll</div>

<div>2013-02-13 05:16 . 2010-01-29 03:52<span class="Apple-tab-span" style="white-space:pre"> </span>737072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll</div>

<div>2013-02-13 05:07 . 2009-12-21 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>2876528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll</div>

<div>2013-02-13 05:07 . 2010-06-03 03:55<span class="Apple-tab-span" style="white-space:pre"> </span>42776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll</div>

<div>2013-01-27 04:36 . 2010-05-19 03:12<span class="Apple-tab-span" style="white-space:pre"> </span>2876528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll</div>

<div>2013-01-27 04:36 . 2010-05-19 03:12<span class="Apple-tab-span" style="white-space:pre"> </span>42776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll</div>

<div>2012-12-29 10:54 . 2012-12-29 10:54<span class="Apple-tab-span" style="white-space:pre"> </span>550328<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvStreaming.exe</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>9389888<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcuda.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>7931896<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvcuda.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>7565240<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvopencl.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>6263784<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvopencl.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>2904504<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcuvid.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>2720696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvcuvid.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>26931128<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvoglv64.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>25256376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcompiler.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>2504248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvapi.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>2344888<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcuvenc.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>20450232<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvoglv32.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>1985976<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvcuvenc.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>1813432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvdispco64.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>18054312<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvd3dumx.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>17560504<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvcompiler.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>15129064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvd3dum.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>15052368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvwgf2umx.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>1504696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvdispgenco64.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>10997176<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\nvlddmkm.sys</div>

<div>2012-12-29 10:34 . 2009-09-15 19:52<span class="Apple-tab-span" style="white-space:pre"> </span>2824656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvapi64.dll</div>

<div>2012-12-29 10:34 . 2009-08-14 11:14<span class="Apple-tab-span" style="white-space:pre"> </span>12641120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvwgf2um.dll</div>

<div>2012-12-29 08:40 . 2010-03-25 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>6382008<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcpl.dll</div>

<div>2012-12-29 08:40 . 2010-03-25 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>3455416<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvsvc64.dll</div>

<div>2012-12-29 08:40 . 2010-03-25 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>884152<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvvsvc.exe</div>

<div>2012-12-29 08:40 . 2010-03-25 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>118712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvmctray.dll</div>

<div>2012-12-29 08:40 . 2009-06-27 00:00<span class="Apple-tab-span" style="white-space:pre"> </span>63928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvshext.dll</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>*Note* empty entries & legit default entries are not shown </div>

<div>REGEDIT4</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]</div>

<div>2009-06-08 21:41<span class="Apple-tab-span" style="white-space:pre"> </span>120104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll</div>

<div>.</div>

<div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]</div>

<div>"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-09-05 59280]</div>

<div>"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-23 39408]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]</div>

<div>"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]</div>

<div>"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]</div>

<div>"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]</div>

<div>"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]</div>

<div>"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]</div>

<div>"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]</div>

<div>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]</div>

<div>"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]</div>

<div>"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]</div>

<div>"ADBlocker"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe" [2012-12-21 979816]</div>

<div>"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-12-21 1434984]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div>

<div>"ConsentPromptBehaviorAdmin"= 5 (0x5)</div>

<div>"ConsentPromptBehaviorUser"= 3 (0x3)</div>

<div>"EnableUIADesktopToggle"= 0 (0x0)</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]</div>

<div>@=""</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]</div>

<div>@=""</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]</div>

<div>@=""</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]</div>

<div>@=""</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]</div>

<div>@="Service"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\security center]</div>

<div>"AntiVirusOverride"=dword:00000001</div>

<div>"FirewallOverride"=dword:00000001</div>

<div>.</div>

<div>R1 asdnet;asdnet;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2012-09-07 19280]</div>

<div>R1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys [2012-11-07 18768]</div>

<div>R2 ADBlockerSrv;AD Blocker Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2012-11-13 279368]</div>

<div>R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]</div>

<div>R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys [2012-11-07 23376]</div>

<div>R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-21 735592]</div>

<div>R2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys [2012-11-07 17232]</div>

<div>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]</div>

<div>R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 21520]</div>

<div>R2 DTBService;DTBService;c:\program files (x86)\DVRMSToolbox\DTBFWService.exe [2010-01-13 8192]</div>

<div>R2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]</div>

<div>R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]</div>

<div>R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]</div>

<div>R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]</div>

<div>R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]</div>

<div>R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2008-12-04 162832]</div>

<div>R3 DGUSBAP;Service for Digidesign Mbox2 (WDM);c:\windows\system32\DRIVERS\dgmbx2.sys [2011-02-13 194864]</div>

<div>R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-12 287960]</div>

<div>R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]</div>

<div>R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2008-12-04 32400]</div>

<div>R3 NUMARK_NS6_MIDI;Numark NS6 MIDI device;c:\windows\system32\drivers\ns6_midi.sys [2012-11-10 31296]</div>

<div>R3 NUMARK_NS6_USB;Numark NS6 USB driver service;c:\windows\system32\Drivers\ns6_usb.sys [2012-11-10 416320]</div>

<div>R3 NUMARK_NS6_WDM;Numark NS6 WDM device;c:\windows\system32\drivers\ns6_wdm.sys [2012-11-10 54336]</div>

<div>R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]</div>

<div>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-10 1255736]</div>

<div>S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]</div>

<div>S0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\System32\drivers\SMR250.SYS [2012-03-18 96376]</div>

<div>S3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;c:\windows\system32\DRIVERS\dgmbx2fu.sys [2011-02-13 32944]</div>

<div>.</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]</div>

<div>hpdevmgmt<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>hpqcxs08 hpqddsvc</div>

<div>.</div>

<div>Contents of the 'Scheduled Tasks' folder</div>

<div>.</div>

<div>2013-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job</div>

<div>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 08:14]</div>

<div>.</div>

<div>2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div>

<div>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 05:48]</div>

<div>.</div>

<div>2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div>

<div>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 05:48]</div>

<div>.</div>

<div>2013-02-12 c:\windows\Tasks\HPCeeScheduleForChris.job</div>

<div>- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-09-15 21:38]</div>

<div>.</div>

<div>2013-02-14 c:\windows\Tasks\PCDRScheduledMaintenance.job</div>

<div>- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]</div>

<div>.</div>

<div>.</div>

<div>--------- X64 Entries -----------</div>

<div>.</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]</div>

<div>.</div>

<div>------- Supplementary Scan -------</div>

<div>.</div>

<div>uStart Page = hxxp://www.google.com/</div>

<div>uLocal Page = c:\windows\system32\blank.htm</div>

<div>mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt</div>

<div>mStart Page = hxxp://search.myheritage.com</div>

<div>mLocal Page = c:\windows\SysWOW64\blank.htm</div>

<div>uInternet Settings,ProxyOverride = *.local</div>

<div>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000</div>

<div>IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html</div>

<div>TCP: DhcpNameServer = 192.168.2.1</div>

<div>FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\</div>

<div>FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/</div>

<div>FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=</div>

<div>FF - Ext: LoudMo Contextual Ad  Assistant: {158add88-df90-3fd8-e66d-1d794ef4109e} - c:\program files (x86)\Mozilla Firefox\extensions\{158add88-df90-3fd8-e66d-1d794ef4109e}</div>

<div>FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</div>

<div>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}</div>

<div>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}</div>

<div>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}</div>

<div>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}</div>

<div>FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3</div>

<div>FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3</div>

<div>.</div>

<div>- - - - ORPHANS REMOVED - - - -</div>

<div>.</div>

<div>Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files (x86)\Search Toolbar\tbcore3.dll</div>

<div>Wow6432Node-HKLM-Run-<NO NAME> - (no file)</div>

<div>WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)</div>

<div>AddRemove-4g0_SkAiMSrNe5 - c:\windows\system32\4g0_SkAiMSrNe5.exe</div>

<div>AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>--------------------- LOCKED REGISTRY KEYS ---------------------</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="FlashBroker"</div>

<div>"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</div>

<div>"Enabled"=dword:00000001</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</div>

<div>@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</div>

<div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="IFlashBroker5"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</div>

<div>@="{00020424-0000-0000-C000-000000000046}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</div>

<div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>

<div>"Version"="1.0"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="FlashBroker"</div>

<div>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</div>

<div>"Enabled"=dword:00000001</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</div>

<div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="Shockwave Flash Object"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"</div>

<div>"ThreadingModel"="Apartment"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</div>

<div>@="0"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</div>

<div>@="ShockwaveFlash.ShockwaveFlash.11"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</div>

<div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</div>

<div>@="1.0"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div>

<div>@="ShockwaveFlash.ShockwaveFlash"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="Macromedia Flash Factory Object"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"</div>

<div>"ThreadingModel"="Apartment"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</div>

<div>@="FlashFactory.FlashFactory.1"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</div>

<div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</div>

<div>@="1.0"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div>

<div>@="FlashFactory.FlashFactory"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="IFlashBroker5"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</div>

<div>@="{00020424-0000-0000-C000-000000000046}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</div>

<div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>

<div>"Version"="1.0"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]</div>

<div>"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,</div>

<div>   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]</div>

<div>@Denied: (Full) (Everyone)</div>

<div>.</div>

<div>Completion time: 2013-03-03  09:10:59</div>

<div>ComboFix-quarantined-files.txt  2013-03-03 17:10</div>

<div>.</div>

<div>Pre-Run: 708,977,143,808 bytes free</div>

<div>Post-Run: 708,577,980,416 bytes free</div>

<div>.</div>

<div>- - End Of File - - 2C1BC04D1639D3E39D8A89DCEA4A7A8D</div>

<div> </div>

<div><span style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">Awaiting your next instruction...</span></div>

<div><span style="color: rgb(68, 68, 68); font-family: arial, tahoma, helvetica, sans-serif; font-size: 12px; line-height: 19px; ">Thanks again for your patience and generosity.</span></div>

<div> </div>

[cnote]

in the bottom right hand corner, whenever i attempt to turn off any security software running, it reads 'not connected. no connections are available'

also, simply reading ANY screen proves difficult, as i have to make sense of what the software prompts/ menus say by using screen shots (for corresponding software) on an adjacent laptop, in order to navigate to where correct buttons are located (i.e. 'next' , 'o.k.'.

Combofix kept showing that Norton 360 was still active and left me no options to disable it, so i simply uninstalled it, re-booted, and re-attemted to run Combofix. When i did i received the same message that

"Combofix has detected the following realtime scanner(s) to be active

antivirus: Norton 360

antispyware Norton 360

i went ahead with the scan and received the following log:

[cnote]

<p> </p>

<div>ComboFix 13-03-02.01 - Chris 03/03/2013   8:57.1.8 - x64 MINIMAL</div>

<div>Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.9207.8270 [GMT -8:00]</div>

<div>Running from: c:\users\Chris\Desktop\ComboFix.exe</div>

<div>AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}</div>

<div>FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}</div>

<div>SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}</div>

<div>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div>

<div> * Created a new restore point</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>c:\programdata\1538587.bat</div>

<div>c:\programdata\1538587.pad</div>

<div>c:\programdata\1538587.reg</div>

<div>c:\programdata\3714350546BC48A6006D3713C83A914C</div>

<div>c:\programdata\3714350546BC48A6006D3713C83A914C\3714350546BC48A6006D3713C83A914C</div>

<div>c:\programdata\3714350546BC48A6006D3713C83A914C\3714350546BC48A6006D3713C83A914C.ico</div>

<div>c:\programdata\jv8cuvrhmf.exe</div>

<div>c:\users\Chris\AppData\Local\jv8cuvrhmf.exe</div>

<div>c:\users\Chris\AppData\Roaming\jv8cuvrhmf.exe</div>

<div>c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\searchplugins\bing-zugo.xml</div>

<div>c:\users\Public\Documents\~WRL2687.tmp</div>

<div>c:\users\Public\Documents\~WRL3057.tmp</div>

<div>c:\users\Public\Documents\~WRL3655.tmp</div>

<div>c:\users\Public\Documents\Documents\~WRL0005.tmp</div>

<div>c:\users\Public\Documents\Documents\~WRL0078.tmp</div>

<div>c:\users\Public\Documents\Documents\~WRL1217.tmp</div>

<div>c:\users\Public\Documents\Documents\~WRL1450.tmp</div>

<div>c:\users\Public\Documents\Documents\~WRL1774.tmp</div>

<div>c:\users\Public\Documents\Documents\~WRL2055.tmp</div>

<div>c:\users\Public\Documents\Documents\~WRL2071.tmp</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((   Files Created from 2013-02-03 to 2013-03-03  )))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>2013-03-03 17:07 . 2013-03-03 17:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\UpdatusUser\AppData\Local\temp</div>

<div>2013-03-03 17:07 . 2013-03-03 17:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div>

<div>2013-03-02 05:21 . 2012-11-07 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>17232<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\asdws.sys</div>

<div>2013-03-02 05:21 . 2012-11-07 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>23376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\asdrs.sys</div>

<div>2013-03-02 05:21 . 2012-11-07 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>18768<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\asdrm.sys</div>

<div>2013-03-02 05:21 . 2013-03-02 05:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Anvisoft</div>

<div>2013-03-02 05:21 . 2013-03-02 05:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Anvisoft</div>

<div>2013-03-02 03:01 . 2013-03-02 03:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\MFAData</div>

<div>2013-03-02 03:01 . 2013-03-02 03:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d--h--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Common Files</div>

<div>2013-03-02 03:01 . 2013-03-02 03:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Chris\AppData\Local\MFAData</div>

<div>2013-03-02 03:01 . 2013-03-02 03:01<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Chris\AppData\Local\Avg2013</div>

<div>2013-03-02 00:59 . 2013-03-02 00:59<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d---a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\$Anvi Rescue Disk$</div>

<div>2013-03-02 00:33 . 2013-03-02 09:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d---a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Kaspersky Rescue Disk 10.0</div>

<div>2013-03-01 20:18 . 2013-03-01 20:18<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\FRST</div>

<div>2013-02-27 08:14 . 2013-02-27 08:14<span class="Apple-tab-span" style="white-space:pre"> </span>16473456<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerInstaller.exe</div>

<div>2013-02-25 06:52 . 2013-02-25 06:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Chris\AppData\Local\DDMSettings</div>

<div>2013-02-15 22:31 . 2013-02-15 22:31<span class="Apple-tab-span" style="white-space:pre"> </span>186432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll</div>

<div>2013-02-15 22:31 . 2013-02-15 22:31<span class="Apple-tab-span" style="white-space:pre"> </span>186432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll</div>

<div>2013-02-12 01:03 . 2013-02-12 01:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\found.003</div>

<div>2013-02-08 07:03 . 2013-02-08 07:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\found.001</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>2013-02-27 08:14 . 2012-04-10 00:04<span class="Apple-tab-span" style="white-space:pre"> </span>691568<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerApp.exe</div>

<div>2013-02-27 08:14 . 2011-06-08 16:44<span class="Apple-tab-span" style="white-space:pre"> </span>71024<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerCPLApp.cpl</div>

<div>2013-02-14 05:01 . 2009-12-21 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>737072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll</div>

<div>2013-02-13 05:16 . 2010-01-29 03:52<span class="Apple-tab-span" style="white-space:pre"> </span>737072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll</div>

<div>2013-02-13 05:07 . 2009-12-21 07:16<span class="Apple-tab-span" style="white-space:pre"> </span>2876528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll</div>

<div>2013-02-13 05:07 . 2010-06-03 03:55<span class="Apple-tab-span" style="white-space:pre"> </span>42776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll</div>

<div>2013-01-27 04:36 . 2010-05-19 03:12<span class="Apple-tab-span" style="white-space:pre"> </span>2876528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll</div>

<div>2013-01-27 04:36 . 2010-05-19 03:12<span class="Apple-tab-span" style="white-space:pre"> </span>42776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll</div>

<div>2012-12-29 10:54 . 2012-12-29 10:54<span class="Apple-tab-span" style="white-space:pre"> </span>550328<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvStreaming.exe</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>9389888<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcuda.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>7931896<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvcuda.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>7565240<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvopencl.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>6263784<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvopencl.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>2904504<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcuvid.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>2720696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvcuvid.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>26931128<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvoglv64.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>25256376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcompiler.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>2504248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvapi.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>2344888<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcuvenc.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>20450232<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvoglv32.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>1985976<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvcuvenc.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>1813432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvdispco64.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>18054312<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvd3dumx.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>17560504<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvcompiler.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>15129064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvd3dum.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>15052368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvwgf2umx.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>1504696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvdispgenco64.dll</div>

<div>2012-12-29 10:34 . 2013-01-21 18:27<span class="Apple-tab-span" style="white-space:pre"> </span>10997176<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\nvlddmkm.sys</div>

<div>2012-12-29 10:34 . 2009-09-15 19:52<span class="Apple-tab-span" style="white-space:pre"> </span>2824656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvapi64.dll</div>

<div>2012-12-29 10:34 . 2009-08-14 11:14<span class="Apple-tab-span" style="white-space:pre"> </span>12641120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\nvwgf2um.dll</div>

<div>2012-12-29 08:40 . 2010-03-25 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>6382008<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvcpl.dll</div>

<div>2012-12-29 08:40 . 2010-03-25 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>3455416<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvsvc64.dll</div>

<div>2012-12-29 08:40 . 2010-03-25 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>884152<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvvsvc.exe</div>

<div>2012-12-29 08:40 . 2010-03-25 06:44<span class="Apple-tab-span" style="white-space:pre"> </span>118712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvmctray.dll</div>

<div>2012-12-29 08:40 . 2009-06-27 00:00<span class="Apple-tab-span" style="white-space:pre"> </span>63928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nvshext.dll</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>*Note* empty entries & legit default entries are not shown </div>

<div>REGEDIT4</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]</div>

<div>2009-06-08 21:41<span class="Apple-tab-span" style="white-space:pre"> </span>120104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll</div>

<div>.</div>

<div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]</div>

<div>"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-09-05 59280]</div>

<div>"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-23 39408]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]</div>

<div>"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]</div>

<div>"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]</div>

<div>"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]</div>

<div>"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]</div>

<div>"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]</div>

<div>"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]</div>

<div>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]</div>

<div>"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]</div>

<div>"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]</div>

<div>"ADBlocker"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe" [2012-12-21 979816]</div>

<div>"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-12-21 1434984]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div>

<div>"ConsentPromptBehaviorAdmin"= 5 (0x5)</div>

<div>"ConsentPromptBehaviorUser"= 3 (0x3)</div>

<div>"EnableUIADesktopToggle"= 0 (0x0)</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]</div>

<div>@=""</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]</div>

<div>@=""</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]</div>

<div>@=""</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]</div>

<div>@=""</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]</div>

<div>@="Service"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\security center]</div>

<div>"AntiVirusOverride"=dword:00000001</div>

<div>"FirewallOverride"=dword:00000001</div>

<div>.</div>

<div>R1 asdnet;asdnet;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2012-09-07 19280]</div>

<div>R1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys [2012-11-07 18768]</div>

<div>R2 ADBlockerSrv;AD Blocker Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2012-11-13 279368]</div>

<div>R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]</div>

<div>R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys [2012-11-07 23376]</div>

<div>R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-21 735592]</div>

<div>R2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys [2012-11-07 17232]</div>

<div>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]</div>

<div>R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 21520]</div>

<div>R2 DTBService;DTBService;c:\program files (x86)\DVRMSToolbox\DTBFWService.exe [2010-01-13 8192]</div>

<div>R2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]</div>

<div>R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]</div>

<div>R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]</div>

<div>R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]</div>

<div>R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]</div>

<div>R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2008-12-04 162832]</div>

<div>R3 DGUSBAP;Service for Digidesign Mbox2 (WDM);c:\windows\system32\DRIVERS\dgmbx2.sys [2011-02-13 194864]</div>

<div>R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-12 287960]</div>

<div>R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]</div>

<div>R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2008-12-04 32400]</div>

<div>R3 NUMARK_NS6_MIDI;Numark NS6 MIDI device;c:\windows\system32\drivers\ns6_midi.sys [2012-11-10 31296]</div>

<div>R3 NUMARK_NS6_USB;Numark NS6 USB driver service;c:\windows\system32\Drivers\ns6_usb.sys [2012-11-10 416320]</div>

<div>R3 NUMARK_NS6_WDM;Numark NS6 WDM device;c:\windows\system32\drivers\ns6_wdm.sys [2012-11-10 54336]</div>

<div>R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]</div>

<div>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-10 1255736]</div>

<div>S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]</div>

<div>S0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\System32\drivers\SMR250.SYS [2012-03-18 96376]</div>

<div>S3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;c:\windows\system32\DRIVERS\dgmbx2fu.sys [2011-02-13 32944]</div>

<div>.</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]</div>

<div>hpdevmgmt<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>hpqcxs08 hpqddsvc</div>

<div>.</div>

<div>Contents of the 'Scheduled Tasks' folder</div>

<div>.</div>

<div>2013-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job</div>

<div>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 08:14]</div>

<div>.</div>

<div>2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div>

<div>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 05:48]</div>

<div>.</div>

<div>2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div>

<div>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 05:48]</div>

<div>.</div>

<div>2013-02-12 c:\windows\Tasks\HPCeeScheduleForChris.job</div>

<div>- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-09-15 21:38]</div>

<div>.</div>

<div>2013-02-14 c:\windows\Tasks\PCDRScheduledMaintenance.job</div>

<div>- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]</div>

<div>.</div>

<div>.</div>

<div>--------- X64 Entries -----------</div>

<div>.</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]</div>

<div>.</div>

<div>------- Supplementary Scan -------</div>

<div>.</div>

<div>uStart Page = hxxp://www.google.com/</div>

<div>uLocal Page = c:\windows\system32\blank.htm</div>

<div>mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt</div>

<div>mStart Page = hxxp://search.myheritage.com</div>

<div>mLocal Page = c:\windows\SysWOW64\blank.htm</div>

<div>uInternet Settings,ProxyOverride = *.local</div>

<div>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000</div>

<div>IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html</div>

<div>TCP: DhcpNameServer = 192.168.2.1</div>

<div>FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\</div>

<div>FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/</div>

<div>FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=</div>

<div>FF - Ext: LoudMo Contextual Ad  Assistant: {158add88-df90-3fd8-e66d-1d794ef4109e} - c:\program files (x86)\Mozilla Firefox\extensions\{158add88-df90-3fd8-e66d-1d794ef4109e}</div>

<div>FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</div>

<div>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}</div>

<div>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}</div>

<div>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}</div>

<div>FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}</div>

<div>FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3</div>

<div>FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3</div>

<div>.</div>

<div>- - - - ORPHANS REMOVED - - - -</div>

<div>.</div>

<div>Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files (x86)\Search Toolbar\tbcore3.dll</div>

<div>Wow6432Node-HKLM-Run-<NO NAME> - (no file)</div>

<div>WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)</div>

<div>AddRemove-4g0_SkAiMSrNe5 - c:\windows\system32\4g0_SkAiMSrNe5.exe</div>

<div>AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>--------------------- LOCKED REGISTRY KEYS ---------------------</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="FlashBroker"</div>

<div>"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</div>

<div>"Enabled"=dword:00000001</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</div>

<div>@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</div>

<div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="IFlashBroker5"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</div>

<div>@="{00020424-0000-0000-C000-000000000046}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</div>

<div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>

<div>"Version"="1.0"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="FlashBroker"</div>

<div>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]</div>

<div>"Enabled"=dword:00000001</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]</div>

<div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="Shockwave Flash Object"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"</div>

<div>"ThreadingModel"="Apartment"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</div>

<div>@="0"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</div>

<div>@="ShockwaveFlash.ShockwaveFlash.11"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</div>

<div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</div>

<div>@="1.0"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div>

<div>@="ShockwaveFlash.ShockwaveFlash"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="Macromedia Flash Factory Object"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"</div>

<div>"ThreadingModel"="Apartment"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</div>

<div>@="FlashFactory.FlashFactory.1"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</div>

<div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</div>

<div>@="1.0"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div>

<div>@="FlashFactory.FlashFactory"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="IFlashBroker5"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]</div>

<div>@="{00020424-0000-0000-C000-000000000046}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]</div>

<div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>

<div>"Version"="1.0"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]</div>

<div>"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,</div>

<div>   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]</div>

<div>@Denied: (Full) (Everyone)</div>

<div>.</div>

<div>Completion time: 2013-03-03  09:10:59</div>

<div>ComboFix-quarantined-files.txt  2013-03-03 17:10</div>

<div>.</div>

<div>Pre-Run: 708,977,143,808 bytes free</div>

<div>Post-Run: 708,577,980,416 bytes free</div>

<div>.</div>

<div>- - End Of File - - 2C1BC04D1639D3E39D8A89DCEA4A7A8D</div>

<div> </div>

[cnote]

don't know why it's sending it to you in that weird format? the log looks normal when i copy and paste it into here, but changes into "<div>'s" after i press the 'post' button?

Awaiting your next instruction...

Thanks again for your patience and generosity.

[gringo_pr]

Hello cnote

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  

1. report from Combofix
   
2. let me know of any problems you may have had
   
3. How is the computer doing now after running the script?

Gringo

[cnote]

ComboFix 13-03-02.01 - Chris 03/03/2013 8:57.1.8 - x64 MINIMAL

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.9207.8270 [GMT -8:00]

Running from: c:\users\Chris\Desktop\ComboFix.exe

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\1538587.bat

c:\programdata\1538587.pad

c:\programdata\1538587.reg

c:\programdata\3714350546BC48A6006D3713C83A914C

c:\programdata\3714350546BC48A6006D3713C83A914C\3714350546BC48A6006D3713C83A914C

c:\programdata\3714350546BC48A6006D3713C83A914C\3714350546BC48A6006D3713C83A914C.ico

c:\programdata\jv8cuvrhmf.exe

c:\users\Chris\AppData\Local\jv8cuvrhmf.exe

c:\users\Chris\AppData\Roaming\jv8cuvrhmf.exe

c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\searchplugins\bing-zugo.xml

c:\users\Public\Documents\~WRL2687.tmp

c:\users\Public\Documents\~WRL3057.tmp

c:\users\Public\Documents\~WRL3655.tmp

c:\users\Public\Documents\Documents\~WRL0005.tmp

c:\users\Public\Documents\Documents\~WRL0078.tmp

c:\users\Public\Documents\Documents\~WRL1217.tmp

c:\users\Public\Documents\Documents\~WRL1450.tmp

c:\users\Public\Documents\Documents\~WRL1774.tmp

c:\users\Public\Documents\Documents\~WRL2055.tmp

c:\users\Public\Documents\Documents\~WRL2071.tmp

.

.

((((((((((((((((((((((((( Files Created from 2013-02-03 to 2013-03-03 )))))))))))))))))))))))))))))))

.

.

2013-03-03 17:07 . 2013-03-03 17:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-03-03 17:07 . 2013-03-03 17:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-03-02 05:21 . 2012-11-07 07:16 17232 ----a-w- c:\windows\system32\drivers\asdws.sys

2013-03-02 05:21 . 2012-11-07 07:16 23376 ----a-w- c:\windows\system32\drivers\asdrs.sys

2013-03-02 05:21 . 2012-11-07 07:16 18768 ----a-w- c:\windows\system32\drivers\asdrm.sys

2013-03-02 05:21 . 2013-03-02 05:21 -------- d-----w- c:\programdata\Anvisoft

2013-03-02 05:21 . 2013-03-02 05:21 -------- d-----w- c:\program files (x86)\Anvisoft

2013-03-02 03:01 . 2013-03-02 03:01 -------- d-----w- c:\programdata\MFAData

2013-03-02 03:01 . 2013-03-02 03:01 -------- d--h--w- c:\programdata\Common Files

2013-03-02 03:01 . 2013-03-02 03:01 -------- d-----w- c:\users\Chris\AppData\Local\MFAData

2013-03-02 03:01 . 2013-03-02 03:01 -------- d-----w- c:\users\Chris\AppData\Local\Avg2013

2013-03-02 00:59 . 2013-03-02 00:59 -------- d---a-w- C:\$Anvi Rescue Disk$

2013-03-02 00:33 . 2013-03-02 09:44 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2013-03-01 20:18 . 2013-03-01 20:18 -------- d-----w- C:\FRST

2013-02-27 08:14 . 2013-02-27 08:14 16473456 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2013-02-25 06:52 . 2013-02-25 06:52 -------- d-----w- c:\users\Chris\AppData\Local\DDMSettings

2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2013-02-12 01:03 . 2013-02-12 01:03 -------- d-----w- C:\found.003

2013-02-08 07:03 . 2013-02-08 07:03 -------- d-----w- C:\found.001

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-27 08:14 . 2012-04-10 00:04 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-02-27 08:14 . 2011-06-08 16:44 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-14 05:01 . 2009-12-21 07:16 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2013-02-13 05:16 . 2010-01-29 03:52 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2013-02-13 05:07 . 2009-12-21 07:16 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2013-02-13 05:07 . 2010-06-03 03:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2013-01-27 04:36 . 2010-05-19 03:12 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2013-01-27 04:36 . 2010-05-19 03:12 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-12-29 10:54 . 2012-12-29 10:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-12-29 10:34 . 2013-01-21 18:27 9389888 ----a-w- c:\windows\system32\nvcuda.dll

2012-12-29 10:34 . 2013-01-21 18:27 7931896 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-12-29 10:34 . 2013-01-21 18:27 7565240 ----a-w- c:\windows\system32\nvopencl.dll

2012-12-29 10:34 . 2013-01-21 18:27 6263784 ----a-w- c:\windows\SysWow64\nvopencl.dll

2012-12-29 10:34 . 2013-01-21 18:27 2904504 ----a-w- c:\windows\system32\nvcuvid.dll

2012-12-29 10:34 . 2013-01-21 18:27 2720696 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-12-29 10:34 . 2013-01-21 18:27 26931128 ----a-w- c:\windows\system32\nvoglv64.dll

2012-12-29 10:34 . 2013-01-21 18:27 25256376 ----a-w- c:\windows\system32\nvcompiler.dll

2012-12-29 10:34 . 2013-01-21 18:27 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-12-29 10:34 . 2013-01-21 18:27 2344888 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-12-29 10:34 . 2013-01-21 18:27 20450232 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-12-29 10:34 . 2013-01-21 18:27 1985976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-12-29 10:34 . 2013-01-21 18:27 1813432 ----a-w- c:\windows\system32\nvdispco64.dll

2012-12-29 10:34 . 2013-01-21 18:27 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-12-29 10:34 . 2013-01-21 18:27 17560504 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-12-29 10:34 . 2013-01-21 18:27 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-12-29 10:34 . 2013-01-21 18:27 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-12-29 10:34 . 2013-01-21 18:27 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll

2012-12-29 10:34 . 2013-01-21 18:27 10997176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-12-29 10:34 . 2009-09-15 19:52 2824656 ----a-w- c:\windows\system32\nvapi64.dll

2012-12-29 10:34 . 2009-08-14 11:14 12641120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-12-29 08:40 . 2010-03-25 06:44 6382008 ----a-w- c:\windows\system32\nvcpl.dll

2012-12-29 08:40 . 2010-03-25 06:44 3455416 ----a-w- c:\windows\system32\nvsvc64.dll

2012-12-29 08:40 . 2010-03-25 06:44 884152 ----a-w- c:\windows\system32\nvvsvc.exe

2012-12-29 08:40 . 2010-03-25 06:44 118712 ----a-w- c:\windows\system32\nvmctray.dll

2012-12-29 08:40 . 2009-06-27 00:00 63928 ----a-w- c:\windows\system32\nvshext.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]

2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]

"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-09-05 59280]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-23 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]

"ADBlocker"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe" [2012-12-21 979816]

"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-12-21 1434984]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

R1 asdnet;asdnet;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2012-09-07 19280]

R1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys [2012-11-07 18768]

R2 ADBlockerSrv;AD Blocker Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2012-11-13 279368]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]

R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys [2012-11-07 23376]

R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-21 735592]

R2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys [2012-11-07 17232]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 21520]

R2 DTBService;DTBService;c:\program files (x86)\DVRMSToolbox\DTBFWService.exe [2010-01-13 8192]

R2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]

R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2008-12-04 162832]

R3 DGUSBAP;Service for Digidesign Mbox2 (WDM);c:\windows\system32\DRIVERS\dgmbx2.sys [2011-02-13 194864]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-12 287960]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]

R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2008-12-04 32400]

R3 NUMARK_NS6_MIDI;Numark NS6 MIDI device;c:\windows\system32\drivers\ns6_midi.sys [2012-11-10 31296]

R3 NUMARK_NS6_USB;Numark NS6 USB driver service;c:\windows\system32\Drivers\ns6_usb.sys [2012-11-10 416320]

R3 NUMARK_NS6_WDM;Numark NS6 WDM device;c:\windows\system32\drivers\ns6_wdm.sys [2012-11-10 54336]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-10 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]

S0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\System32\drivers\SMR250.SYS [2012-03-18 96376]

S3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;c:\windows\system32\DRIVERS\dgmbx2fu.sys [2011-02-13 32944]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2013-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 08:14]

.

2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 05:48]

.

2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 05:48]

.

2013-02-12 c:\windows\Tasks\HPCeeScheduleForChris.job

- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-09-15 21:38]

.

2013-02-14 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

mStart Page = hxxp://search.myheritage.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\

FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/

FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=

FF - Ext: LoudMo Contextual Ad Assistant: {158add88-df90-3fd8-e66d-1d794ef4109e} - c:\program files (x86)\Mozilla Firefox\extensions\{158add88-df90-3fd8-e66d-1d794ef4109e}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files (x86)\Search Toolbar\tbcore3.dll

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)

AddRemove-4g0_SkAiMSrNe5 - c:\windows\system32\4g0_SkAiMSrNe5.exe

AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-03-03 09:10:59

ComboFix-quarantined-files.txt 2013-03-03 17:10

.

Pre-Run: 708,977,143,808 bytes free

Post-Run: 708,577,980,416 bytes free

.

- - End Of File - - 2C1BC04D1639D3E39D8A89DCEA4A7A8D

[gringo_pr]

how are things doing now?

gringo

[cnote]

I saved the script in desktop, drug it into Combofix and re-scaned. Here is the results:

ComboFix 13-03-02.01 - Chris 03/03/2013 10:00:06.2.8 - x64 MINIMAL

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.9207.7945 [GMT -8:00]

Running from: c:\users\Chris\Desktop\ComboFix.exe

Command switches used :: c:\users\Chris\Desktop\CFScript.txt

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2013-02-03 to 2013-03-03 )))))))))))))))))))))))))))))))

.

.

2013-03-03 18:07 . 2013-03-03 18:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-03-03 18:07 . 2013-03-03 18:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-03-02 05:21 . 2012-11-07 07:16 17232 ----a-w- c:\windows\system32\drivers\asdws.sys

2013-03-02 05:21 . 2012-11-07 07:16 23376 ----a-w- c:\windows\system32\drivers\asdrs.sys

2013-03-02 05:21 . 2012-11-07 07:16 18768 ----a-w- c:\windows\system32\drivers\asdrm.sys

2013-03-02 05:21 . 2013-03-02 05:21 -------- d-----w- c:\programdata\Anvisoft

2013-03-02 05:21 . 2013-03-02 05:21 -------- d-----w- c:\program files (x86)\Anvisoft

2013-03-02 03:01 . 2013-03-02 03:01 -------- d-----w- c:\programdata\MFAData

2013-03-02 03:01 . 2013-03-02 03:01 -------- d--h--w- c:\programdata\Common Files

2013-03-02 03:01 . 2013-03-02 03:01 -------- d-----w- c:\users\Chris\AppData\Local\MFAData

2013-03-02 03:01 . 2013-03-02 03:01 -------- d-----w- c:\users\Chris\AppData\Local\Avg2013

2013-03-02 00:59 . 2013-03-02 00:59 -------- d---a-w- C:\$Anvi Rescue Disk$

2013-03-02 00:33 . 2013-03-02 09:44 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2013-03-01 20:18 . 2013-03-01 20:18 -------- d-----w- C:\FRST

2013-02-27 08:14 . 2013-02-27 08:14 16473456 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2013-02-25 06:52 . 2013-02-25 06:52 -------- d-----w- c:\users\Chris\AppData\Local\DDMSettings

2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2013-02-12 01:03 . 2013-02-12 01:03 -------- d-----w- C:\found.003

2013-02-08 07:03 . 2013-02-08 07:03 -------- d-----w- C:\found.001

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-27 08:14 . 2012-04-10 00:04 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-02-27 08:14 . 2011-06-08 16:44 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-14 05:01 . 2009-12-21 07:16 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2013-02-13 05:16 . 2010-01-29 03:52 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2013-02-13 05:07 . 2009-12-21 07:16 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2013-02-13 05:07 . 2010-06-03 03:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2013-01-27 04:36 . 2010-05-19 03:12 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2013-01-27 04:36 . 2010-05-19 03:12 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-12-29 10:54 . 2012-12-29 10:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-12-29 10:34 . 2013-01-21 18:27 9389888 ----a-w- c:\windows\system32\nvcuda.dll

2012-12-29 10:34 . 2013-01-21 18:27 7931896 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-12-29 10:34 . 2013-01-21 18:27 7565240 ----a-w- c:\windows\system32\nvopencl.dll

2012-12-29 10:34 . 2013-01-21 18:27 6263784 ----a-w- c:\windows\SysWow64\nvopencl.dll

2012-12-29 10:34 . 2013-01-21 18:27 2904504 ----a-w- c:\windows\system32\nvcuvid.dll

2012-12-29 10:34 . 2013-01-21 18:27 2720696 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-12-29 10:34 . 2013-01-21 18:27 26931128 ----a-w- c:\windows\system32\nvoglv64.dll

2012-12-29 10:34 . 2013-01-21 18:27 25256376 ----a-w- c:\windows\system32\nvcompiler.dll

2012-12-29 10:34 . 2013-01-21 18:27 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-12-29 10:34 . 2013-01-21 18:27 2344888 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-12-29 10:34 . 2013-01-21 18:27 20450232 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-12-29 10:34 . 2013-01-21 18:27 1985976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-12-29 10:34 . 2013-01-21 18:27 1813432 ----a-w- c:\windows\system32\nvdispco64.dll

2012-12-29 10:34 . 2013-01-21 18:27 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-12-29 10:34 . 2013-01-21 18:27 17560504 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-12-29 10:34 . 2013-01-21 18:27 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-12-29 10:34 . 2013-01-21 18:27 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-12-29 10:34 . 2013-01-21 18:27 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll

2012-12-29 10:34 . 2013-01-21 18:27 10997176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-12-29 10:34 . 2009-09-15 19:52 2824656 ----a-w- c:\windows\system32\nvapi64.dll

2012-12-29 10:34 . 2009-08-14 11:14 12641120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-12-29 08:40 . 2010-03-25 06:44 6382008 ----a-w- c:\windows\system32\nvcpl.dll

2012-12-29 08:40 . 2010-03-25 06:44 3455416 ----a-w- c:\windows\system32\nvsvc64.dll

2012-12-29 08:40 . 2010-03-25 06:44 884152 ----a-w- c:\windows\system32\nvvsvc.exe

2012-12-29 08:40 . 2010-03-25 06:44 118712 ----a-w- c:\windows\system32\nvmctray.dll

2012-12-29 08:40 . 2009-06-27 00:00 63928 ----a-w- c:\windows\system32\nvshext.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]

2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{0C8413C1-FAD1-446C-8584-BE50576F863E}"= "c:\program files (x86)\Search Toolbar\tbcore3.dll" [bU]

.

[HKEY_CLASSES_ROOT\clsid\{0c8413c1-fad1-446c-8584-be50576f863e}]

[HKEY_CLASSES_ROOT\TBSB05974.TBSB05974.3]

[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]

[HKEY_CLASSES_ROOT\TBSB05974.TBSB05974]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]

"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-09-05 59280]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-23 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]

"ADBlocker"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe" [2012-12-21 979816]

"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-12-21 1434984]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

R1 asdnet;asdnet;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2012-09-07 19280]

R1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys [2012-11-07 18768]

R2 ADBlockerSrv;AD Blocker Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2012-11-13 279368]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]

R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys [2012-11-07 23376]

R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-21 735592]

R2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys [2012-11-07 17232]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2008-12-04 21520]

R2 DTBService;DTBService;c:\program files (x86)\DVRMSToolbox\DTBFWService.exe [2010-01-13 8192]

R2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]

R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2008-12-04 162832]

R3 DGUSBAP;Service for Digidesign Mbox2 (WDM);c:\windows\system32\DRIVERS\dgmbx2.sys [2011-02-13 194864]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-12 287960]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]

R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2008-12-04 32400]

R3 NUMARK_NS6_MIDI;Numark NS6 MIDI device;c:\windows\system32\drivers\ns6_midi.sys [2012-11-10 31296]

R3 NUMARK_NS6_USB;Numark NS6 USB driver service;c:\windows\system32\Drivers\ns6_usb.sys [2012-11-10 416320]

R3 NUMARK_NS6_WDM;Numark NS6 WDM device;c:\windows\system32\drivers\ns6_wdm.sys [2012-11-10 54336]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-10 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]

S0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\System32\drivers\SMR250.SYS [2012-03-18 96376]

S3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;c:\windows\system32\DRIVERS\dgmbx2fu.sys [2011-02-13 32944]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2013-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 08:14]

.

2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 05:48]

.

2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-23 05:48]

.

2013-02-12 c:\windows\Tasks\HPCeeScheduleForChris.job

- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-09-15 21:38]

.

2013-02-14 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt

mStart Page = hxxp://search.myheritage.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\6jtof63p.default\

FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/

FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=

FF - Ext: LoudMo Contextual Ad Assistant: {158add88-df90-3fd8-e66d-1d794ef4109e} - c:\program files (x86)\Mozilla Firefox\extensions\{158add88-df90-3fd8-e66d-1d794ef4109e}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-4g0_SkAiMSrNe5 - c:\windows\system32\4g0_SkAiMSrNe5.exe

AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-03-03 10:09:57

ComboFix-quarantined-files.txt 2013-03-03 18:09

ComboFix2.txt 2013-03-03 17:11

.

Pre-Run: 708,666,429,440 bytes free

Post-Run: 708,579,418,112 bytes free

.

- - End Of File - - 515DF3C107F833C327456937020497B1

Also, when i stated earlier that "simply reading ANY screen proves difficult, as i have to make sense of what the software prompts/ menus say by using screen shots (for corresponding software) on an adjacent laptop, in order to navigate to where correct buttons are located (i.e. 'next' , 'o.k.'. etc)" this was in reference to everything [screen prompt, window, explorer etc] while operating in safe mode with command prompt.

Thank you for your continued guidance and support!

[gringo_pr]

I would like to know how the computer is doing at this time - can you boot into normal mode?

gringo

[cnote]

huh? that's strange. it is now booting in normal mode?!

Although the screen still appears just as fragmented as when i've been booting in 'safe mode with command prompt'? reference: ["simply reading ANY screen proves difficult, as i have to make sense of what the software prompts/ menus say by using screen shots (for corresponding software) on an adjacent laptop, in order to navigate to where correct buttons are located (i.e. 'next' , 'o.k.'. etc)" this was in reference to everything [screen prompt, window, explorer etc] while operating in safe mode with command prompt."]

everything appears to be flushed out with 'white' & 'white background' Although, the desktop icons are visible and i can vaguely make out what items are on the start menu...

Please advise next move. I am truly grateful for your help thus far!!

[cnote]

<p><span style="color: rgb(0, 0, 0); font-family: Noteworthy-Light; font-size: 15px; line-height: 22px; ">for anyone still following this thread, i ended up bringing up a </span><span style="color: rgb(0, 0, 0); font-family: Noteworthy-Light; font-size: 15px; line-height: 22px; ">screen shot of </span><span style="color: rgb(0, 0, 0); font-family: Noteworthy-Light; font-size: 15px; line-height: 22px; ">the control panel on an adjacent laptop. i located the corresponding icon (since names and descriptions were not appearing due to the white background/prompt boxes/message windows). then i found the scroll up down arrow and drug it down to the 'basic and high contrast themes.' I clicked on 'windows 7 basic' and viola!! hope this helps someone.</span></p>

<div style="color: rgb(0, 0, 0); font-family: Noteworthy-Light; font-size: 15px; ">Thanks Gringo for your sage advice!</div>

[cnote]

for anyone still following this thread, i ended up bringing up a screen shot of the control panel on an adjacent laptop. i located the corresponding icon (since names and descriptions were not appearing due to the white background/prompt boxes/message windows). then i found the scroll up down arrow and drug it down to the 'basic and high contrast themes.' I clicked on 'windows 7 basic' and viola!! hope this helps someone.

Thanks Gringo for your sage advice!

[gringo_pr]

Hello cnote

Good work!! - I was moving in that direction , something to do with the settings

I would like to see a report that combofix makes.

extra combofix report

• push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  
• please copy and past the following into the box
  

C:\Qoobox\Add-Remove Programs.txt

• click ok
  

copy and paste the report into this topic for me to review

Gringo

[cnote]

As per instructions:

Update for Microsoft Office 2007 (KB2508958)

µTorrent

5600

Acrobat.com

Activate Norton Online Backup

Activation Assistant for the 2007 Microsoft Office suites

ActiveCheck component for HP Active Support Library

AD Blocker

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 7.0

Adobe Photoshop.com Inspiration Browser

Adobe Reader X (10.1.6)

AIO_CDB_ProductContext

AIO_CDB_Software

AIO_Scan

Anvi Smart Defender 1.8

Apple Application Support

Apple Software Update

ArcSoft VideoImpression 2

ArcSoft WebCam Companion 2

Avid Pro Tools LE 8.0.5

BufferChm

Button Manager

C4700

Camersoft Skype Video Recorder 2.2.18

Compatibility Pack for the 2007 Office system

Copy

Coupon Printer for Windows

CyberLink DVD Suite Deluxe

Destinations

DeviceDiscovery

Digidesign Pro Tools LE 7.1

DirectX for Managed Code Update (Summer 2004)

DiskAid 3.11

DocProc

DVRMSToolbox

Fax

Final Draft

Free DigiRack Plug-Ins 8.0.5

Free MP3 Sound Recorder v1.9

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

Hewlett-Packard ACLM.NET v1.1.0.0

Homepage Protection

HP Advisor

HP Customer Experience Enhancements

HP Easy Backup

HP Games

HP MediaSmart Demo

HP MediaSmart DVD

HP MediaSmart Movie Themes

HP MediaSmart Music/Photo/Video

HP Odometer

HP Photo Creations

HP Product Detection

HP Remote Solution

HP Setup

HP Support Assistant

HP Support Information

HP Update

HP Webcam User's Guide

HPAsset component for HP Active Support Library

HPDiagnosticAlert

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

Instagram Bot

Intel® Rapid Storage Technology

InterLok Driver Kit

ITCH

iTunesDSM

Java Auto Updater

Java 6 Update 24

LabelPrint

LightScribe System Software

LoudMo Contextual Ad Assistant

Malwarebytes Anti-Malware version 1.65.0.1400

MarkelSoft Dupe Eliminator for iTunes 9.2

MarketResearch

Microsoft Live Search Toolbar

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Standard 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Works

MIDI-OX

MIDI Updater 1.0

Moleskinsoft Clone Remover 3.8

Mozilla Firefox (3.5.9)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MusicBrainz Picard

NoClone 2010 Free Edition

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

NVIDIA StereoUSB Driver

PhotoshopdotcomInspirationBrowser

PictureMover

Power2Go

PowerDirector

PowerRecover

PS_AIO_06_C4700_SW_Min

QuickTime

QuickTransfer

RAR File Open Knife - Free Opener

Realtek High Definition Audio Driver

Safari

Scan

Search Toolbar

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

SharewarePile iPodManager 1.0.0.2

ShowAnalyzerSuite

ShufflePlusVLOI

Skype Toolbars

Skype™ 5.3

SmartWebPrinting

SolutionCenter

Spotify

Status

Toolbox

TrayApp

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC80CRTRedist - 8.0.50727.6195

VLC media player 1.1.8

VZAccess Manager

WebReg

Many Thanks

Any other suggestions?

[gringo_pr]

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur

Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld

These logs are looking allot better. But we still have some work to do.

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

• Programs to remove
  
  • 
    µTorrent
    Adobe Reader X (10.1.6)
    Coupon Printer for Windows
    Java™ 6 Update 24
    LoudMo Contextual Ad Assistant
    Search Toolbar
    
    

• Please download and install

Revo Uninstaller FreeDouble click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

.

Update Adobe reader

• Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.
  You can download it from

http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

• If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from

here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

Clean Out Temp Files

• This small application you may want to keep and use once a week to keep the computer clean.
  Download CCleaner from here http://www.ccleaner.com/
  
  • Run the installer to install the application.
    
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    
  • Click Run Cleaner.
    
  • Close CCleaner.
    

: Malwarebytes' Anti-Malware :

I see you have MBAM installed - I think this is a great program and would like you to run a quick scan at this time

• Double-click mbam icon
  
• go to the update tab at the top
  
• click on check for updates
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
  • If you accidentally close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

• Go Here to download HijackThis program
  
• Save HijackThis to your desktop.
  
• Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  
• Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  
• copy and paste hijackthis report into the topic
  

"information and logs"

• In your next post I need the following
  

1. Log From MBAM
   
2. report from Hijackthis
   
3. let me know of any problems you may have had
   
4. How is the computer doing now?
   

Gringo