Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

PolicePro picked up by Iobit Malware Fighter


Recommended Posts

Here are logs as instructed.

 

IObit Malware Fighter

 

OS: Windows 7

Version: 1.2.0.16

Define Version: 1088

Time Elapsed: 00:02:45

Objects Scanned: 52050

Threats Found: 1

Save Time: 12/19/2011 4:34:37 PM

 

|Name|Type|Description|ID|

Misleading.WindowPolicePro, FILE, C:\Windows\system32\Macromed\Flash\mms.cfg, 1009971

 

DDS Log

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Boneman at 1:15:00 on 2011-12-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2409 [GMT -6:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe

C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe

C:\Program Files (x86)\Realtek\RtkDashClientInstaller\RtkDashClient.exe

C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\Explorer.EXE

C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe

C:\Users\Boneman\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe

C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Logitech\SetPointG\SetPointII.exe

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe

C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe

C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll

uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart

uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe

uRun: [sansaDispatch] C:\Users\Boneman\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

mRun: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"

mRun: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\Boneman\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

TCP: Interfaces\{0B9D6DAF-C53B-4283-9586-30D065D66211} : NameServer = 69.78.96.14 66.174.92.14

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll

BHO-X64: LastPass Browser Helper Object - No File

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

BHO-X64: Yontoo Layers - No File

TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll

mRun-x64: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"

mRun-x64: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Boneman\AppData\Roaming\Mozilla\Firefox\Profiles\r6rbl1ew.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://google.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_95.dll

.

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: browser.xul.error_pages.enabled - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 8191

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,BestVideoDownloader,BestVideoDownloader,

FF - user.js: extentions.y2layers.installId - 0129782b-dc9f-42a3-8d8e-eaf5570bb570

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: security.csp.enable - false

FF - user.js: ui.submenuDelay - 0

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-19 494424]

R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-7-4 820568]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-9 366152]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-17 2348864]

R2 NWVZHelper;Novatel Wireless Verizon Device Helper;C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-6-14 270848]

R2 RtDashPt;Realtek DASH Protocol Driver;C:\Windows\system32\DRIVERS\RtDashPt.sys --> C:\Windows\system32\DRIVERS\RtDashPt.sys [?]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-23 381248]

R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-10-29 20336]

R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys --> C:\Windows\system32\DRIVERS\nvoclk64.sys [?]

R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);C:\Windows\system32\DRIVERS\nwusbmdm_000.sys --> C:\Windows\system32\DRIVERS\nwusbmdm_000.sys [?]

R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);C:\Windows\system32\DRIVERS\nwusbser_000.sys --> C:\Windows\system32\DRIVERS\nwusbser_000.sys [?]

R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);C:\Windows\system32\DRIVERS\nwusbser2_000.sys --> C:\Windows\system32\DRIVERS\nwusbser2_000.sys [?]

R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2011-10-29 33184]

R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2011-10-29 21872]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2011-12-5 252064]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys --> C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-12-20 06:52:34 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A53C6770-39A7-4298-858C-9562232B327F}\offreg.dll

2011-12-20 06:52:32 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A53C6770-39A7-4298-858C-9562232B327F}\mpengine.dll

2011-12-20 06:09:21 -------- d-sh--w- C:\$RECYCLE.BIN

2011-12-20 05:46:47 98816 ----a-w- C:\Windows\sed.exe

2011-12-20 05:46:47 518144 ----a-w- C:\Windows\SWREG.exe

2011-12-20 05:46:47 256000 ----a-w- C:\Windows\PEV.exe

2011-12-20 05:46:47 208896 ----a-w- C:\Windows\MBR.exe

2011-12-19 23:36:39 -------- d-----w- C:\sh4ldr

2011-12-19 23:36:38 -------- d-----w- C:\Program Files\Enigma Software Group

2011-12-19 22:54:57 -------- d-----w- C:\Users\Boneman\AppData\Local\IM

2011-12-19 22:54:44 -------- d-----w- C:\ProgramData\IncrediMail

2011-12-19 22:54:44 -------- d-----w- C:\ProgramData\IM

2011-12-19 14:37:38 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2011-12-19 14:37:38 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll

2011-12-19 14:37:38 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2011-12-19 10:25:51 -------- d-----w- C:\Program Files\iTunes

2011-12-18 16:39:16 -------- d-----w- C:\Users\Boneman\AppData\Local\MPlayer

2011-12-18 11:40:36 -------- d-----w- C:\Users\Boneman\AppData\Local\Microsoft Games

2011-12-17 12:42:01 -------- d-----w- C:\Users\Boneman\AppData\Local\Apple Computer

2011-12-17 12:41:38 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2011-12-17 12:41:38 -------- d-----w- C:\Program Files\iPod

2011-12-17 12:41:38 -------- d-----w- C:\Program Files (x86)\iTunes

2011-12-17 12:40:51 -------- d-----w- C:\Users\Boneman\AppData\Local\Apple

2011-12-17 12:40:14 -------- d-----w- C:\Program Files\Bonjour

2011-12-17 12:40:14 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-12-17 07:00:24 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll

2011-12-14 03:08:52 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-12-14 03:08:43 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-14 03:08:43 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-12-14 03:08:30 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-12-14 02:54:00 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-12-14 02:54:00 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-12-14 00:19:52 4448256 ----a-w- C:\Windows\SysWow64\GPhotos.scr

2011-12-12 02:15:29 -------- d-----w- C:\Users\Boneman\AppData\Roaming\SanDisk

2011-12-09 06:32:09 53248 ----a-r- C:\Users\Boneman\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-12-09 06:04:22 -------- d-----w- C:\Users\Boneman\AppData\Roaming\Malwarebytes

2011-12-09 06:04:00 -------- d-----w- C:\ProgramData\Malwarebytes

2011-12-09 06:03:57 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-09 06:03:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-09 05:57:27 -------- d-----w- C:\Users\Boneman\AppData\Roaming\CBS Interactive

2011-12-07 00:26:05 -------- d-----w- C:\Program Files (x86)\Mplayer

2011-12-07 00:18:55 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin

2011-12-07 00:18:54 -------- d-----w- C:\ProgramData\W3i

2011-12-07 00:18:54 -------- d-----w- C:\Program Files (x86)\W3i

2011-12-05 15:17:25 -------- d-----w- C:\Users\Boneman\AppData\Roaming\Expert PDF 7

2011-12-05 11:19:38 -------- d-----w- C:\ProgramData\Movielink

2011-12-05 11:19:25 -------- d-----w- C:\Program Files (x86)\Blockbuster

2011-12-05 09:06:39 417952 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2011-12-05 09:04:14 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll

2011-12-05 09:04:14 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll

2011-12-05 09:04:14 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll

2011-12-05 09:04:14 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll

2011-12-05 05:25:26 -------- d-----w- C:\Users\Boneman\AppData\Roaming\GetRightToGo

2011-12-05 05:20:03 -------- d-----w- C:\Program Files (x86)\FileHippo.com

2011-12-04 19:19:23 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine

2011-12-04 19:18:58 -------- d-----w- C:\Program Files\DivX

2011-12-04 19:09:50 -------- d-----w- C:\Program Files (x86)\DivX

2011-12-04 19:08:03 -------- d-----w- C:\ProgramData\DivX

2011-12-04 19:02:47 -------- d-----w- C:\Users\Boneman\AppData\Local\Ilivid Player

2011-12-04 18:48:00 -------- dc-h--w- C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}

2011-12-04 18:47:50 -------- d-----w- C:\Program Files (x86)\iLivid

2011-12-04 18:45:23 -------- d-----w- C:\Users\Boneman\AppData\Local\PackageAware

2011-12-04 18:44:01 -------- d-----w- C:\ProgramData\Expert PDF Jobs

2011-12-04 18:44:01 -------- d-----w- C:\ProgramData\Expert PDF 7

2011-12-04 18:44:01 -------- d-----w- C:\ProgramData\Avanquest

2011-12-04 18:44:01 -------- d-----w- C:\Program Files (x86)\Avanquest

2011-12-04 18:31:37 696832 ----a-w- C:\Windows\System32\xvidcore.dll

2011-12-04 18:31:37 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll

2011-12-04 18:31:37 255488 ----a-w- C:\Windows\System32\xvidvfw.dll

2011-12-04 18:31:37 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll

2011-12-04 18:31:37 173568 ----a-w- C:\Windows\System32\xvid.ax

2011-12-04 18:31:37 153088 ----a-w- C:\Windows\SysWow64\xvid.ax

2011-12-04 18:29:10 -------- d-----w- C:\Users\Boneman\.bitrock

2011-12-04 18:10:30 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared

2011-12-04 18:09:45 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2011-12-04 18:09:45 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2011-12-04 17:59:08 -------- d-----w- C:\Program Files (x86)\Xvid

2011-12-03 06:22:06 -------- d-----w- C:\Users\Boneman\AppData\Local\Oberon Media

2011-11-30 05:16:59 -------- d-----w- C:\Program Files (x86)\Common Files\Oberon Media

2011-11-30 04:39:12 -------- d-----w- C:\Users\Boneman\AppData\Roaming\Oberon Media

2011-11-30 04:03:21 -------- d-----w- C:\ProgramData\Oberon Media

2011-11-30 04:03:10 -------- d-----w- C:\Program Files (x86)\Oberon Media

2011-11-26 19:54:27 2562368 ----a-w- C:\Windows\System32\nvsvcr.dll

2011-11-26 19:51:50 14854464 ----a-w- C:\Windows\SysWow64\nvd3dum.dll

2011-11-24 01:29:36 406336 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2011-11-20 11:48:05 -------- d-----w- C:\ProgramData\Big Fish Games

2011-11-20 10:10:18 -------- d-----w- C:\ProgramData\PopCap Games

2011-11-20 10:10:18 -------- d-----w- C:\Program Files (x86)\PopCap Games

2011-11-20 09:46:30 660368 ----a-w- C:\Windows\System32\deployJava1.dll

.

==================== Find3M ====================

.

2011-12-12 02:32:03 69792 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-24 02:47:47 6004544 ----a-w- C:\Windows\System32\nvcpl.dll

2011-11-24 02:41:24 3028800 ----a-w- C:\Windows\System32\nvsvc64.dll

2011-11-24 02:38:49 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2011-11-24 02:38:44 63296 ----a-w- C:\Windows\System32\nvshext.dll

2011-11-24 02:38:44 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2011-11-09 14:21:44 31040 ----a-w- C:\Windows\System32\nvhdap64.dll

2011-11-09 14:21:39 187200 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2011-11-09 14:21:39 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll

2011-11-09 05:16:19 13812256 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe

2011-11-05 10:02:35 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-20 05:10:14 22872 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe

2011-10-19 00:53:14 2957544 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys

2011-10-18 23:10:30 99432 ----a-w- C:\Windows\System32\RCoInst64.dll

2011-10-18 18:55:50 331880 ----a-w- C:\Windows\System32\RtlCPAPI64.dll

2011-10-18 18:47:22 1914472 ----a-w- C:\Windows\System32\RtkApi64.dll

2011-10-18 16:05:00 2528872 ----a-w- C:\Windows\System32\RtPgEx64.dll

2011-10-17 22:30:38 3213928 ----a-w- C:\Windows\System32\RtkAPO64.dll

2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 1:17:06.39 ===============

Link to comment
Share on other sites

Attach log

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 7/3/2011 11:04:36 PM

System Uptime: 12/20/2011 12:48:30 AM (1 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA770T-UD3P

Processor: AMD Phenom II X4 965 Processor | Socket M2 | 3400/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 932 GiB total, 865.675 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 28 GiB total, 6.382 GiB free.

F: is FIXED (NTFS) - 37 GiB total, 36.966 GiB free.

G: is CDROM (CDFS)

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP174: 12/17/2011 2:17:13 AM - 12-17-11

RP175: 12/17/2011 2:20:18 AM - Device Driver Package Install: NVIDIA Display adapters

RP176: 12/17/2011 6:40:53 AM - Installed iTunes

RP177: 12/18/2011 10:19:16 AM - Restore Operation

RP178: 12/18/2011 5:48:02 PM - Installed Perfect Attorney - Forms

RP179: 12/18/2011 5:49:01 PM - Installed Perfect Attorney - Forms

RP180: 12/18/2011 5:54:53 PM - Installed Perfect Attorney - Tutorials

RP181: 12/18/2011 5:57:46 PM - Installed Perfect Attorney - Federal

RP182: 12/18/2011 6:01:37 PM - Installed Perfect Attorney - Business

RP183: 12/18/2011 6:03:37 PM - Installed Perfect Attorney - Divorce & Video

RP184: 12/18/2011 6:22:04 PM - IObit Uninstaller restore point

RP185: 12/18/2011 7:00:04 PM - Windows Backup

RP186: 12/18/2011 10:14:46 PM - Windows Update

RP187: 12/19/2011 4:25:23 AM - Installed iTunes

RP188: 12/19/2011 7:32:42 AM - Restore Operation

RP189: 12/19/2011 8:36:45 AM - Installed iTunes

RP190: 12/19/2011 4:54:17 PM - Installed IncrediMail.

RP191: 12/19/2011 5:35:47 PM - Installed SpyHunter

RP192: 12/19/2011 6:23:56 PM - IObit Uninstaller restore point

RP193: 12/19/2011 6:24:11 PM - Removed SpyHunter

RP194: 12/20/2011 12:13:57 AM - IObit Uninstaller restore point

RP195: 12/20/2011 12:14:41 AM - Removed IncrediMail.

RP196: 12/20/2011 12:34:42 AM - IObit Uninstaller restore point

.

==== Installed Programs ======================

.

Adobe Reader X (10.1.1)

Advanced SystemCare 5

AMD System Monitor

Apple Application Support

Apple Software Update

Bandicam

Bandisoft MPEG-1 Decoder

Bejeweled 2

Bejeweled 2 Deluxe

Call of Duty: Black Ops

Call of Duty: Black Ops - Multiplayer

Call of Duty: Modern Warfare 2 - Multiplayer

CNET TechTracker

D3DX10

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Driver Whiz

eReg

Expert PDF 7 Reader

FileHippo.com Update Checker

Game Booster 3

iLivid

InstallIQ Updater

Internet TV for Windows Media Center

IObit Malware Fighter

Junk Mail filter update

LastPass (uninstall only)

Malwarebytes' Anti-Malware version 1.51.2.1300

Messenger Companion

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 9.0 (x86 en-US)

Mplayer 0.6.9

MSI Afterburner 2.1.0

MSVCRT

MSVCRT_amd64

Netflix in Windows Media Center

NVIDIA 3D Vision Controller Driver

NVIDIA Performance

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

NVIDIA System Monitor

NVIDIA System Update

Picasa 3

Razer Lycosa

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

RtkDashClientInstaller

Sansa Updater

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

SIW version 2011.10.29

Skype Click to Call

Skype™ 5.7

Smart Defrag 2

Steam

System Requirements Lab

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

VC80CRTRedist - 8.0.50727.6195

Verizon Mobile Broadband Drivers

Verizon Wireless USB760 Firmware Updates

VZAccess Manager

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Xvid Video Codec

.

==== Event Viewer Messages From Past Week ========

.

12/20/2011 12:50:08 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

12/20/2011 12:47:39 AM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 5 service terminated unexpectedly. It has done this 1 time(s).

12/19/2011 9:02:55 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{ba905d59-a601-11e0-8e8d-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{C1C4BD41-BAF8-4E18-A3D4-02095E6E66D7}' was corrupted and it has been recovered. Some data might have been lost.

12/19/2011 9:02:36 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{ba905d59-a601-11e0-8e8d-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{9338A5B5-C412-4A1D-8E23-76B3D7A3869B}' was corrupted and it has been recovered. Some data might have been lost.

12/19/2011 9:02:31 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{ba905d59-a601-11e0-8e8d-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{E6D457AF-66AD-44E7-BCEE-37E2F66788B4}' was corrupted and it has been recovered. Some data might have been lost.

12/19/2011 9:02:28 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{ba905d59-a601-11e0-8e8d-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{EF00FE70-A719-47D3-A9E2-28FE99B65A30}' was corrupted and it has been recovered. Some data might have been lost.

12/19/2011 8:36:42 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/19/2011 8:34:22 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0

12/19/2011 7:45:27 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1260.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

12/19/2011 7:35:19 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0

12/19/2011 4:16:32 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/19/2011 11:51:56 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

12/19/2011 11:51:32 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

12/18/2011 9:05:10 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1260.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

12/18/2011 8:55:32 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/18/2011 4:34:48 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1260.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

12/18/2011 4:25:05 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/18/2011 2:31:58 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/18/2011 10:37:40 AM, Error: Service Control Manager [7000] - The atillk64 service failed to start due to the following error: The system cannot find the file specified.

12/18/2011 10:37:40 AM, Error: Service Control Manager [7000] - The atidgllk service failed to start due to the following error: The system cannot find the file specified.

12/18/2011 10:36:48 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1260.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

12/18/2011 1:03:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1260.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

12/17/2011 9:37:39 PM, Error: Service Control Manager [7024] - The Power service terminated with service-specific error The operation completed successfully..

12/17/2011 6:25:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

12/17/2011 6:25:16 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/17/2011 5:08:45 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {A483C63A-CDBC-426E-BF93-872502E8144E}. The error: "740" Happened while starting this command: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_95_ActiveX.exe -Embedding

12/17/2011 5:02:43 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121711-21840-01.

12/17/2011 3:54:55 PM, Error: RasMan [20276] - CoId={72B6795C-ECF8-4E9E-9B16-88EE87981815}: Layer=PPP: SubLayer=LCP: The connection attempt failed on port: COM4 because of the authentication protocol selected. Check to see if the authentication protocol is supported in the operating systems at the client and server ends of the connection

12/16/2011 6:08:55 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\UpdatusUser\ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.

12/16/2011 6:07:04 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/16/2011 3:49:10 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/16/2011 11:10:46 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {A483C63A-CDBC-426E-BF93-872502E8144E}. The error: "740" Happened while starting this command: C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_95_ActiveX.exe -Embedding

12/15/2011 6:38:42 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/13/2011 8:08:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/13/2011 1:16:08 AM, Error: RasMan [20276] - CoId={9E937857-85DD-4136-BD67-E9AD37B9A633}: Layer=PPP: SubLayer=LCP: The connection attempt failed on port: COM4 because of the authentication protocol selected. Check to see if the authentication protocol is supported in the operating systems at the client and server ends of the connection

.

==== End Of File ===========================

Link to comment
Share on other sites

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

Did you create this folder or do you know what it's for?

C:\sh4ldr

 

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

*****************************************************

 

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

*********************************************

 

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Link to comment
Share on other sites

Hi Superdave,

 

Misleading.WindowPolicePro, FILE, C:\Windows\system32\Macromed\Flash\mms.cfg, 1009971

 

 

mms.cfg found by IMF may well be a false positive, as in all the PCs with IMF I have seen (even with db 1089), most resent flash mms.cfg file is flagged as a malware.

 

Cheers.

Link to comment
Share on other sites

Hello edat362007, SuperDave, and Enoskype!

 

The IMF possible false positive really doesn't matter as DDS indicates a few problems anyway and the machine should be put through the process of cleaning.:-)

 

Sincerely,

-Mel

Live long and prosper!

 

To edat362007. Welcome to Iobit forum!! Please follow all of SuperDaves instructions exactly as he posts them!:wink:

To Enoskype: Thank you for your diligence! The varient of WindowPolicePro (known malware does not insert this... it is part of the flash system and is indeed a FP).

Link to comment
Share on other sites

Hello, Dave, Enoskype, and Melvin. Thanks for the welcome and taking your time to help me with this issue.

 

"Did you create this folder or do you know what it's for?

Code:

 

C:\sh4ldr". No I did not and I have no idea what it is for.

 

Results of screen317's Security Check version 0.99.29

Windows 7 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Adobe Reader X (10.1.1)

Mozilla Firefox (9.0.)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

IObit IObit Malware Fighter IMFsrv.exe

Microsoft Security Client Antimalware NisSrv.exe

IObit IObit Malware Fighter IMF.exe

``````````End of Log````````````

 

I just finished downloading the other 2 you told me to and I am running them after I post this reply.

The IMF possible false positive really doesn't matter as DDS indicates a few problems anyway and the machine should be put through the process of cleaning.:-)

 

Sincerely,

-Mel

Live long and prosper!

 

To edat362007. Welcome to Iobit forum!! Please follow all of SuperDaves instructions exactly as he posts them!:wink:

To Enoskype: Thank you for your diligence! The varient of WindowPolicePro (known malware does not insert this... it is part of the flash system and is indeed a FP).

 

I have been reading the forums a lot lately and have seen your 3 names quite a bit and I must say you guys rock. I will follow Dave's instructions to the letter and look forward to learning something here.

Link to comment
Share on other sites

Here are the other 2 logs

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 12/20/2011 at 10:51 PM

 

Application Version : 5.0.1142

 

Core Rules Database Version : 8076

Trace Rules Database Version: 5888

 

Scan type : Complete Scan

Total Scan Time : 00:31:44

 

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User

 

Memory items scanned : 580

Memory threats detected : 0

Registry items scanned : 74315

Registry threats detected : 0

File items scanned : 132300

File threats detected : 2

 

Adware.Tracking Cookie

C:\USERS\MRS. BONEMAN\AppData\Roaming\Microsoft\Windows\Cookies\H25H54XI.txt [ Cookie:mrs. boneman@2o7.net/ ]

C:\USERS\MRS. BONEMAN\Cookies\H25H54XI.txt [ Cookie:mrs. boneman@2o7.net/ ]

 

Malwarebytes' Anti-Malware 1.51.2.1300

http://www.malwarebytes.org

 

Database version: 911122102

 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

 

12/20/2011 10:07:26 PM

mbam-log-2011-12-20 (22-07-26).txt

 

Scan type: Full scan (C:\|E:\|F:\|)

Objects scanned: 330576

Time elapsed: 23 minute(s), 1 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Link to comment
Share on other sites

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

 

link # 1

Link # 2

If you are using Firefox, make sure that your download settings are as follows:

 

* Tools->Options->Main tab

* Set to "Always ask me where to Save the files".

 

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

 

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

 

Right-click combofix.exe and select Run as Administrator and follow the prompts.

When finished, ComboFix will produce a log for you.

Post the ComboFix login your next reply.

 

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

 

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Link to comment
Share on other sites

ComboFix report

 

ComboFix 11-12-25.01 - Boneman 12/25/2011 19:01:32.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2724 [GMT -6:00]

Running from: c:\users\Boneman\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\java.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-11-26 to 2011-12-26 )))))))))))))))))))))))))))))))

.

.

2011-12-26 01:05 . 2011-12-26 01:05 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DDC4972-1170-45A8-BF9A-88B6B669C117}\offreg.dll

2011-12-26 01:05 . 2011-12-26 01:05 -------- d-----w- c:\users\Mrs. Boneman\AppData\Local\temp

2011-12-26 01:05 . 2011-12-26 01:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-26 00:41 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DDC4972-1170-45A8-BF9A-88B6B669C117}\mpengine.dll

2011-12-21 18:21 . 2011-12-21 18:21 -------- d-----w- c:\users\Mrs. Boneman\vw

2011-12-21 18:20 . 2011-12-21 18:20 -------- d-----w- c:\users\Mrs. Boneman\MyConnection PC

2011-12-21 18:19 . 2011-12-21 18:19 -------- d-----w- c:\users\Mrs. Boneman\AppData\Roaming\SUPERAntiSpyware.com

2011-12-21 05:30 . 2011-12-21 05:30 -------- d-----w- c:\users\Boneman\vw

2011-12-21 05:30 . 2011-12-21 05:30 -------- d-----w- c:\users\Boneman\MyConnection PC

2011-12-21 05:30 . 2011-12-21 05:30 -------- d-----w- c:\program files (x86)\MyConnection PC

2011-12-21 05:29 . 2004-12-07 03:31 49265 ----a-w- c:\windows\SysWow64\jpicpl32.cpl

2011-12-21 05:28 . 2011-12-21 05:28 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-12-21 04:13 . 2011-12-21 04:13 -------- d-----w- c:\users\Boneman\AppData\Roaming\SUPERAntiSpyware.com

2011-12-21 04:11 . 2011-12-21 04:13 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-12-21 04:11 . 2011-12-21 04:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-12-19 23:36 . 2011-12-20 00:24 -------- d-----w- C:\sh4ldr

2011-12-19 22:55 . 2011-12-19 23:03 -------- d-----w- c:\users\Mrs. Boneman\AppData\Local\IM

2011-12-19 22:54 . 2011-12-20 04:45 -------- d-----w- c:\users\Boneman\AppData\Local\IM

2011-12-19 22:54 . 2011-12-19 22:56 -------- d-----w- c:\programdata\IM

2011-12-19 22:54 . 2011-12-19 22:54 -------- d-----w- c:\programdata\IncrediMail

2011-12-19 14:37 . 2009-05-18 19:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-12-19 14:37 . 2008-04-17 18:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll

2011-12-17 12:41 . 2011-12-19 10:25 -------- d-----w- c:\program files\iPod

2011-12-17 12:41 . 2011-12-19 10:25 -------- d-----w- c:\programdata\Apple Computer

2011-12-17 12:41 . 2011-12-17 12:41 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2011-12-17 12:40 . 2011-12-17 12:40 -------- d-----w- c:\users\Boneman\AppData\Local\Apple

2011-12-17 12:40 . 2011-12-17 12:40 -------- d-----w- c:\program files (x86)\Apple Software Update

2011-12-17 12:40 . 2011-12-17 12:40 -------- d-----w- c:\program files\Common Files\Apple

2011-12-17 12:40 . 2011-12-17 12:40 -------- d-----w- c:\program files\Bonjour

2011-12-17 12:40 . 2011-12-17 12:40 -------- d-----w- c:\program files (x86)\Bonjour

2011-12-17 12:40 . 2011-12-17 12:40 -------- d-----w- c:\programdata\Apple

2011-12-17 12:40 . 2011-12-17 12:40 -------- d-----w- c:\program files (x86)\Common Files\Apple

2011-12-17 08:22 . 2011-12-25 21:59 -------- d-----w- c:\users\UpdatusUser

2011-12-17 07:00 . 2011-12-17 07:00 750488 ----a-w- c:\windows\system32\npdeployJava1.dll

2011-12-14 03:08 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-12-14 03:08 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-14 03:08 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-12-14 03:08 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-14 02:54 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll

2011-12-14 02:54 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-12-14 00:19 . 2011-12-14 00:19 4448256 ----a-w- c:\windows\SysWow64\GPhotos.scr

2011-12-12 02:15 . 2011-12-12 02:15 -------- d-----w- c:\users\Boneman\AppData\Roaming\SanDisk

2011-12-09 16:26 . 2011-12-09 16:26 -------- d-----w- c:\users\Mrs. Boneman\AppData\Roaming\Malwarebytes

2011-12-09 06:32 . 2011-12-09 06:32 53248 ----a-r- c:\users\Boneman\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-12-09 06:04 . 2011-12-09 06:04 -------- d-----w- c:\users\Boneman\AppData\Roaming\Malwarebytes

2011-12-09 06:04 . 2011-12-09 06:04 -------- d-----w- c:\programdata\Malwarebytes

2011-12-09 06:03 . 2011-12-09 06:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-09 06:03 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-09 05:57 . 2011-12-09 05:57 -------- d-----w- c:\users\Boneman\AppData\Roaming\CBS Interactive

2011-12-07 00:18 . 2011-12-07 00:18 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin

2011-12-07 00:18 . 2011-12-07 00:18 -------- d-----w- c:\programdata\W3i

2011-12-07 00:18 . 2011-12-07 00:18 -------- d-----w- c:\program files (x86)\W3i

2011-12-05 15:17 . 2011-12-05 15:17 -------- d-----w- c:\users\Boneman\AppData\Roaming\Expert PDF 7

2011-12-05 11:19 . 2011-12-05 11:19 -------- d-----w- c:\programdata\Movielink

2011-12-05 11:19 . 2011-12-05 15:38 -------- d-----w- c:\program files (x86)\Blockbuster

2011-12-05 09:10 . 2011-12-05 09:10 -------- d-----w- c:\program files (x86)\Common Files\Skype

2011-12-05 09:06 . 2011-12-12 02:32 417952 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2011-12-05 09:04 . 2011-12-16 09:50 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll

2011-12-05 09:04 . 2011-12-10 01:40 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2011-12-05 09:04 . 2011-12-10 01:40 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2011-12-05 09:04 . 2011-12-10 01:40 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2011-12-05 05:25 . 2011-12-17 06:31 -------- d-----w- c:\users\Boneman\AppData\Roaming\GetRightToGo

2011-12-05 05:20 . 2011-12-05 05:20 -------- d-----w- c:\program files (x86)\FileHippo.com

2011-12-04 19:19 . 2011-12-05 09:47 -------- d-----w- c:\users\Boneman\AppData\Roaming\DivX

2011-12-04 19:19 . 2011-12-06 04:45 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine

2011-12-04 19:09 . 2011-12-06 04:45 -------- d-----w- c:\program files (x86)\DivX

2011-12-04 19:02 . 2011-12-04 19:02 -------- d-----w- c:\users\Boneman\AppData\Local\Ilivid Player

2011-12-04 18:45 . 2011-12-04 18:45 -------- d-----w- c:\users\Boneman\AppData\Local\PackageAware

2011-12-04 18:44 . 2011-12-04 18:44 -------- d-----w- c:\program files (x86)\Avanquest

2011-12-04 18:29 . 2011-12-04 18:29 -------- d-----w- c:\users\Boneman\.bitrock

2011-12-04 18:10 . 2011-12-04 18:10 -------- d-----w- c:\program files (x86)\Common Files\xing shared

2011-12-04 18:09 . 2011-12-04 18:09 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2011-12-04 18:09 . 2011-12-04 18:09 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2011-12-03 06:22 . 2011-12-05 16:27 -------- d-----w- c:\users\Boneman\AppData\Local\Oberon Media

2011-11-30 05:17 . 2011-11-30 05:17 -------- d-----w- c:\users\Mrs. Boneman\AppData\Local\Oberon Media

2011-11-30 05:16 . 2011-11-30 05:17 -------- d-----w- c:\program files (x86)\Common Files\Oberon Media

2011-11-30 04:39 . 2011-11-30 17:16 -------- d-----w- c:\users\Boneman\AppData\Roaming\Oberon Media

2011-11-30 04:03 . 2011-11-30 05:21 -------- d-----w- c:\programdata\Oberon Media

2011-11-30 04:03 . 2011-12-06 04:01 -------- d-----w- c:\program files (x86)\Oberon Media

2011-11-30 03:44 . 2011-11-30 05:19 -------- d-----w- c:\users\Mrs. Boneman\AppData\Roaming\Oberon Media

2011-11-26 19:54 . 2011-11-24 02:38 2562368 ----a-w- c:\windows\system32\nvsvcr.dll

2011-11-26 19:51 . 2011-11-24 04:59 14854464 ----a-w- c:\windows\SysWow64\nvd3dum.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-17 07:00 . 2011-11-20 09:46 660368 ----a-w- c:\windows\system32\deployJava1.dll

2011-12-12 02:32 . 2011-07-04 09:11 69792 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-24 04:59 . 2011-11-05 07:10 7677248 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2011-11-24 04:59 . 2011-11-05 07:10 1726272 ----a-w- c:\windows\system32\nvdispco64.dll

2011-11-24 04:59 . 2011-11-05 07:10 1466176 ----a-w- c:\windows\system32\nvgenco64.dll

2011-11-24 04:59 . 2011-08-02 06:24 9622848 ----a-w- c:\windows\system32\nvwgf2umx.dll

2011-11-24 04:59 . 2011-08-02 06:24 2403136 ----a-w- c:\windows\system32\nvapi64.dll

2011-11-24 04:59 . 2011-08-02 06:24 2095424 ----a-w- c:\windows\SysWow64\nvapi.dll

2011-11-24 02:47 . 2011-08-02 06:25 6004544 ----a-w- c:\windows\system32\nvcpl.dll

2011-11-24 02:41 . 2011-08-02 06:25 3028800 ----a-w- c:\windows\system32\nvsvc64.dll

2011-11-24 02:38 . 2011-08-02 06:25 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2011-11-24 02:38 . 2011-08-02 06:25 63296 ----a-w- c:\windows\system32\nvshext.dll

2011-11-24 02:38 . 2011-08-02 06:25 118080 ----a-w- c:\windows\system32\nvmctray.dll

2011-11-24 01:29 . 2011-11-24 01:29 406336 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2011-11-21 11:40 . 2011-07-04 15:09 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-11-09 05:16 . 2011-11-09 05:16 13812256 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe

2011-11-05 10:02 . 2011-07-04 07:29 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-10-20 05:10 . 2011-11-20 04:00 22872 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

2011-10-19 00:53 . 2011-11-05 11:54 2957544 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys

2011-10-18 23:10 . 2011-11-05 11:54 99432 ----a-w- c:\windows\system32\RCoInst64.dll

2011-10-18 18:55 . 2011-11-05 11:54 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll

2011-10-18 18:47 . 2011-11-05 11:54 1914472 ----a-w- c:\windows\system32\RtkApi64.dll

2011-10-18 16:05 . 2011-11-05 11:54 2528872 ----a-w- c:\windows\system32\RtPgEx64.dll

2011-10-17 22:30 . 2011-11-05 11:54 3213928 ----a-w- c:\windows\system32\RtkAPO64.dll

2011-10-04 22:22 . 2011-10-15 22:58 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{986866F6-04DA-47F4-94A0-851A2A3DA9D2}\gapaengine.dll

2011-09-29 16:29 . 2011-11-09 05:17 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-12-20_05.54.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-12-21 05:29 . 2004-12-07 02:04 49250 c:\windows\SysWOW64\javaw.exe

+ 2011-12-21 05:29 . 2004-12-07 02:04 49248 c:\windows\SysWOW64\java.exe

+ 2011-07-04 04:20 . 2011-12-25 21:50 45434 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-12-25 21:50 33164 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2011-07-04 05:55 . 2011-12-05 18:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-07-04 05:55 . 2011-12-23 00:24 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-12-23 00:24 . 2011-12-23 00:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-07-04 05:55 . 2011-12-05 18:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-12-05 18:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-12-23 00:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-07-11 21:37 . 2011-12-22 00:27 3280 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2011-07-11 21:37 . 2011-11-27 19:01 3280 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2011-11-07 05:38 . 2011-12-25 13:46 5176 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-954268748-191027934-3546955144-1006_UserData.bin

+ 2011-07-04 04:17 . 2011-12-25 21:50 8794 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-954268748-191027934-3546955144-1000_UserData.bin

- 2011-12-20 05:53 . 2011-12-20 05:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-12-26 01:05 . 2011-12-26 01:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-12-26 01:05 . 2011-12-26 01:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-12-20 05:53 . 2011-12-20 05:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-12-21 05:29 . 2004-12-07 03:31 127078 c:\windows\SysWOW64\javaws.exe

+ 2011-07-06 01:22 . 2011-12-25 21:16 314578 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

+ 2009-07-14 02:36 . 2011-12-22 03:48 659832 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-12-19 20:23 659832 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-12-19 20:23 120522 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2011-12-22 03:48 120522 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2011-12-26 01:05 317292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-12-20 05:52 317292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-12-21 05:27 . 2011-12-21 05:27 180224 c:\windows\Installer\118622.msi

+ 2011-10-12 02:22 . 2011-12-22 20:23 9250483 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-954268748-191027934-3546955144-1006-8192.dat

+ 2011-07-04 08:02 . 2011-12-26 01:05 21640536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-954268748-191027934-3546955144-1000-8192.dat

+ 2011-07-04 08:53 . 2011-12-21 05:08 15460580 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-954268748-191027934-3546955144-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-17 619352]

"SansaDispatch"="c:\users\Boneman\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-12-12 79872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Lycosa"="c:\program files (x86)\Razer\Razer Lycosa\razerhid.exe" [2011-03-22 233984]

"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2011-10-08 4441944]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-12-04 296056]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]

.

c:\users\Boneman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2011-12-12 252064]

R3 atillk64;atillk64; [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-09-20 33184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-09-20 21872]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-10-08 20336]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-17 494424]

S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-10-08 820568]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-11-24 2348864]

S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]

S2 RtDashPt;Realtek DASH Protocol Driver;c:\windows\system32\DRIVERS\RtDashPt.sys [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-24 381248]

S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [x]

S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [x]

S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [x]

S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [x]

S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2011-12-05 02:32]

.

2011-12-26 c:\windows\Tasks\RtlDashSrvStart.job

- c:\program files (x86)\Realtek\RtkDashClientInstaller\RtkDashClient.exe [2011-09-22 21:21]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

FF - ProfilePath - c:\users\Boneman\AppData\Roaming\Mozilla\Firefox\Profiles\r6rbl1ew.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://google.com

FF - prefs.js: network.proxy.type - 0

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: browser.xul.error_pages.enabled - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 8191

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,BestVideoDownloader,BestVideoDownloader,

FF - user.js: extentions.y2layers.installId - 0129782b-dc9f-42a3-8d8e-eaf5570bb570

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: security.csp.enable - false

FF - user.js: ui.submenuDelay - 0

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-954268748-191027934-3546955144-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-954268748-191027934-3546955144-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_95_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_95_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_95.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_95.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_95.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_95.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe

.

**************************************************************************

.

Completion time: 2011-12-25 19:11:28 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-26 01:11

ComboFix2.txt 2011-12-20 05:58

.

Pre-Run: 929,106,931,712 bytes free

Post-Run: 928,660,074,496 bytes free

.

- - End Of File - - F56BA6362EC8F8939A3CABD810F48145

Link to comment
Share on other sites

Rooster Log

 

Rooter.exe (v1.0.2) by Eric_71

.

SeDebugPrivilege granted successfully ...

.

Windows 7 Home Edition (6.1.7601) Service Pack 1

[32_bits] - AMD64 Family 16 Model 4 Stepping 3, AuthenticAMD

.

[wscsvc] (Security Center) RUNNING (state:4)

[MpsSvc] RUNNING (state:4)

Windows Firewall -> Enabled

Windows Defender -> Enabled

User Account Control (UAC) -> Enabled

.

Internet Explorer 9.0.8112.16421

Mozilla Firefox 9.0.1 (en-US)

.

C:\ [Fixed-NTFS] .. ( Total:931 Go - Free:864 Go )

D:\ [CD_Rom]

E:\ [Fixed-NTFS] .. ( Total:27 Go - Free:6 Go )

F:\ [Fixed-NTFS] .. ( Total:37 Go - Free:36 Go )

G:\ [CD_Rom]

H:\ [Removable]

.

Scan : 22:27.43

Path : C:\Users\Boneman\Desktop\Rooter.exe

User : Boneman ( Administrator -> YES )

.

----------------------\\ Processes

.

Locked [system Process] (0)

Locked System (4)

______ ???&?????? (284)

______ ???&?????? (476)

______ ???&?????? (536)

______ ???&?????? (560)

______ ???&?????? (608)

______ ???&?????? (632)

______ ???&?????? (640)

______ ???&?????? (680)

______ ???&?????? (772)

______ C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (832)

______ ???&?????? (876)

______ C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (900)

______ ???&?????? (932)

______ ???&?????? (1008)

______ ???&?????? (596)

______ ???&?????? (760)

______ ???&?????? (116)

______ ???&?????? (1188)

______ ???&?????? (1464)

______ ???&?????? (1492)

______ ???&?????? (1504)

______ ???&?????? (1632)

______ ???&?????? (1660)

______ C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (1764)

______ ???&?????? (1900)

______ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1920)

______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1948)

______ ???&?????? (1076)

______ ???&?????? (1356)

______ ???&?????? (1428)

______ ???&?????? (1052)

______ ???&?????? (1332)

______ ???&?????? (2120)

______ ???&?????? (2344)

______ ???&?????? (2436)

______ ???&?????? (2688)

______ ???&?????? (2744)

______ ???&?????? (2768)

______ ???&?????? (2812)

______ ???&?????? (2948)

______ ???&?????? (2980)

______ C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (3040)

______ ???&?????? (1728)

______ ???&?????? (1724)

______ ???&?????? (1344)

______ C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (2092)

______ ???&?????? (2392)

______ C:\Users\Boneman\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (3128)

______ ???&?????? (3384)

______ C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe (3452)

______ C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (3480)

______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (3488)

______ C:\Program Files (x86)\iTunes\iTunesHelper.exe (3520)

______ C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe (3640)

______ ???&?????? (3684)

______ ???&?????? (3724)

______ ???&?????? (3820)

______ C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (3936)

______ C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe (4048)

______ C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (3572)

______ ???&?????? (3212)

______ ???&?????? (1588)

______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (3632)

______ C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (2520)

______ C:\Program Files (x86)\IObit\Advanced SystemCare 5\Asc.exe (4896)

______ ???&?????? (4956)

______ C:\Program Files (x86)\Mozilla Firefox\firefox.exe (5020)

______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4604)

Locked audiodg.exe (3860)

______ C:\Users\Boneman\Desktop\Rooter.exe (5012)

.

----------------------\\ Device\Harddisk0\

.

\Device\Harddisk0 [sectors : 63 x 512 Bytes]

.

\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:30014996480)

.

----------------------\\ Scheduled Tasks

.

C:\Windows\Tasks\Adobe Flash Player Updater.job

C:\Windows\Tasks\RtlDashSrvStart.job

C:\Windows\Tasks\SA.DAT

C:\Windows\Tasks\SCHEDLGU.TXT

.

----------------------\\ Registry

.

.

----------------------\\ Files & Folders

.

----------------------\\ Scan completed at 22:27.44

.

C:\Rooter$\Rooter_1.txt - (26/12/2011 | 22:27.44)

Link to comment
Share on other sites

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Link to comment
Share on other sites

ESETScan log

 

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{794DBFF1-C02A-44C9-83BC-870F26A74964}-comon undone korn.mp3

a variant of WMA/TrojanDownloader.GetCodec.gen trojan

cleaned - quarantined

C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{2E1037EA-

038A-425F-86B9-6CD19B8497E9}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-

14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined

C:\Users\Boneman\Desktop\asc-setup.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined

Link to comment
Share on other sites

Dave, the computer is running good but yesterday afternoon IMF popped up an alert. I ran a full scan in IMF and it quarantined this again. "Misleading.WindowPolicePro, FILE, C:\Windows\system32\Macromed\Flash\mms.cfg,"

Also do I need to be concerned about the folder "C:\sh4ldr" that you asked me about in the beginning? Thanks for all your help with this.

Link to comment
Share on other sites

Can you give a snap of the General tab? Or just go ahead and delete it!! 8kb file with no content!!! Why do you wish IMF not to quarantine it? :-)

 

 

 

Did you create this folder or do you know what it's for?

 

C:\sh4ldr".

 

No I did not and I have no idea what it is for.

 

 

 

 

What is the the value of the file that you said earlier on the thread you had no knowledge of?

 

-Mel

Link to comment
Share on other sites

@edat362007,

When found by IMF, you can put mms.cfg into Ignore List by right clicking on it until IObit corrects the false positive status of it. When done, you can delete it from the Ignore List.

 

@Mel,

I think we should let Superdave decide what to do with C:\sh4ldr folder/file.

 

Cheers.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...