Announcement

Announcement Module
Collapse
No announcement yet.

PolicePro picked up by Iobit Malware Fighter

Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • PolicePro picked up by Iobit Malware Fighter

    Here are logs as instructed.

    IObit Malware Fighter

    OS: Windows 7
    Version: 1.2.0.16
    Define Version: 1088
    Time Elapsed: 00:02:45
    Objects Scanned: 52050
    Threats Found: 1
    Save Time: 12/19/2011 4:34:37 PM

    |Name|Type|Description|ID|
    Misleading.WindowPolicePro, FILE, C:\Windows\system32\Macromed\Flash\mms.cfg, 1009971

    DDS Log
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Boneman at 1:15:00 on 2011-12-20
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2409 [GMT -6:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
    C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
    C:\Program Files (x86)\Realtek\RtkDashClientInstaller\RtkDashClient.exe
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
    C:\Users\Boneman\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
    C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
    C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Logitech\SetPointG\SetPointII.exe
    C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
    C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
    C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
    uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
    uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
    uRun: [SansaDispatch] C:\Users\Boneman\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
    mRun: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
    mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\Users\Boneman\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
    IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    TCP: Interfaces\{0B9D6DAF-C53B-4283-9586-30D065D66211} : NameServer = 69.78.96.14 66.174.92.14
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
    BHO-X64: LastPass Browser Helper Object - No File
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    BHO-X64: Yontoo Layers - No File
    TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
    mRun-x64: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
    mRun-x64: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Boneman\AppData\Roaming\Mozilla\Firefox\Profiles\r6rbl1ew.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://google.com
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_95.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: browser.xul.error_pages.enabled - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 8191
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,BestVideoDownloader,BestVideoDownloader,
    FF - user.js: extentions.y2layers.installId - 0129782b-dc9f-42a3-8d8e-eaf5570bb570
    FF - user.js: network.http.max-connections - 32
    FF - user.js: network.http.max-connections-per-server - 8
    FF - user.js: network.http.max-persistent-connections-per-proxy - 8
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: security.csp.enable - false
    FF - user.js: ui.submenuDelay - 0
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-19 494424]
    R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-7-4 820568]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-9 366152]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-17 2348864]
    R2 NWVZHelper;Novatel Wireless Verizon Device Helper;C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-6-14 270848]
    R2 RtDashPt;Realtek DASH Protocol Driver;C:\Windows\system32\DRIVERS\RtDashPt.sys --> C:\Windows\system32\DRIVERS\RtDashPt.sys [?]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-23 381248]
    R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-10-29 20336]
    R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys --> C:\Windows\system32\DRIVERS\nvoclk64.sys [?]
    R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);C:\Windows\system32\DRIVERS\nwusbmdm_000.sys --> C:\Windows\system32\DRIVERS\nwusbmdm_000.sys [?]
    R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);C:\Windows\system32\DRIVERS\nwusbser_000.sys --> C:\Windows\system32\DRIVERS\nwusbser_000.sys [?]
    R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);C:\Windows\system32\DRIVERS\nwusbser2_000.sys --> C:\Windows\system32\DRIVERS\nwusbser2_000.sys [?]
    R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2011-10-29 33184]
    R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2011-10-29 21872]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2011-12-5 252064]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys --> C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-12-20 06:52:34 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A53C6770-39A7-4298-858C-9562232B327F}\offreg.dll
    2011-12-20 06:52:32 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A53C6770-39A7-4298-858C-9562232B327F}\mpengine.dll
    2011-12-20 06:09:21 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-12-20 05:46:47 98816 ----a-w- C:\Windows\sed.exe
    2011-12-20 05:46:47 518144 ----a-w- C:\Windows\SWREG.exe
    2011-12-20 05:46:47 256000 ----a-w- C:\Windows\PEV.exe
    2011-12-20 05:46:47 208896 ----a-w- C:\Windows\MBR.exe
    2011-12-19 23:36:39 -------- d-----w- C:\sh4ldr
    2011-12-19 23:36:38 -------- d-----w- C:\Program Files\Enigma Software Group
    2011-12-19 22:54:57 -------- d-----w- C:\Users\Boneman\AppData\Local\IM
    2011-12-19 22:54:44 -------- d-----w- C:\ProgramData\IncrediMail
    2011-12-19 22:54:44 -------- d-----w- C:\ProgramData\IM
    2011-12-19 14:37:38 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2011-12-19 14:37:38 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2011-12-19 14:37:38 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2011-12-19 10:25:51 -------- d-----w- C:\Program Files\iTunes
    2011-12-18 16:39:16 -------- d-----w- C:\Users\Boneman\AppData\Local\MPlayer
    2011-12-18 11:40:36 -------- d-----w- C:\Users\Boneman\AppData\Local\Microsoft Games
    2011-12-17 12:42:01 -------- d-----w- C:\Users\Boneman\AppData\Local\Apple Computer
    2011-12-17 12:41:38 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2011-12-17 12:41:38 -------- d-----w- C:\Program Files\iPod
    2011-12-17 12:41:38 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-12-17 12:40:51 -------- d-----w- C:\Users\Boneman\AppData\Local\Apple
    2011-12-17 12:40:14 -------- d-----w- C:\Program Files\Bonjour
    2011-12-17 12:40:14 -------- d-----w- C:\Program Files (x86)\Bonjour
    2011-12-17 07:00:24 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
    2011-12-14 03:08:52 3145216 ----a-w- C:\Windows\System32\win32k.sys
    2011-12-14 03:08:43 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-12-14 03:08:43 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-12-14 03:08:30 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2011-12-14 02:54:00 723456 ----a-w- C:\Windows\System32\EncDec.dll
    2011-12-14 02:54:00 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-12-14 00:19:52 4448256 ----a-w- C:\Windows\SysWow64\GPhotos.scr
    2011-12-12 02:15:29 -------- d-----w- C:\Users\Boneman\AppData\Roaming\SanDisk
    2011-12-09 06:32:09 53248 ----a-r- C:\Users\Boneman\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2011-12-09 06:04:22 -------- d-----w- C:\Users\Boneman\AppData\Roaming\Malwarebytes
    2011-12-09 06:04:00 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-12-09 06:03:57 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-12-09 06:03:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-12-09 05:57:27 -------- d-----w- C:\Users\Boneman\AppData\Roaming\CBS Interactive
    2011-12-07 00:26:05 -------- d-----w- C:\Program Files (x86)\Mplayer
    2011-12-07 00:18:55 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
    2011-12-07 00:18:54 -------- d-----w- C:\ProgramData\W3i
    2011-12-07 00:18:54 -------- d-----w- C:\Program Files (x86)\W3i
    2011-12-05 15:17:25 -------- d-----w- C:\Users\Boneman\AppData\Roaming\Expert PDF 7
    2011-12-05 11:19:38 -------- d-----w- C:\ProgramData\Movielink
    2011-12-05 11:19:25 -------- d-----w- C:\Program Files (x86)\Blockbuster
    2011-12-05 09:06:39 417952 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2011-12-05 09:04:14 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
    2011-12-05 09:04:14 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
    2011-12-05 09:04:14 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
    2011-12-05 09:04:14 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
    2011-12-05 05:25:26 -------- d-----w- C:\Users\Boneman\AppData\Roaming\GetRightToGo
    2011-12-05 05:20:03 -------- d-----w- C:\Program Files (x86)\FileHippo.com
    2011-12-04 19:19:23 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
    2011-12-04 19:18:58 -------- d-----w- C:\Program Files\DivX
    2011-12-04 19:09:50 -------- d-----w- C:\Program Files (x86)\DivX
    2011-12-04 19:08:03 -------- d-----w- C:\ProgramData\DivX
    2011-12-04 19:02:47 -------- d-----w- C:\Users\Boneman\AppData\Local\Ilivid Player
    2011-12-04 18:48:00 -------- dc-h--w- C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}
    2011-12-04 18:47:50 -------- d-----w- C:\Program Files (x86)\iLivid
    2011-12-04 18:45:23 -------- d-----w- C:\Users\Boneman\AppData\Local\PackageAware
    2011-12-04 18:44:01 -------- d-----w- C:\ProgramData\Expert PDF Jobs
    2011-12-04 18:44:01 -------- d-----w- C:\ProgramData\Expert PDF 7
    2011-12-04 18:44:01 -------- d-----w- C:\ProgramData\Avanquest
    2011-12-04 18:44:01 -------- d-----w- C:\Program Files (x86)\Avanquest
    2011-12-04 18:31:37 696832 ----a-w- C:\Windows\System32\xvidcore.dll
    2011-12-04 18:31:37 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll
    2011-12-04 18:31:37 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
    2011-12-04 18:31:37 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
    2011-12-04 18:31:37 173568 ----a-w- C:\Windows\System32\xvid.ax
    2011-12-04 18:31:37 153088 ----a-w- C:\Windows\SysWow64\xvid.ax
    2011-12-04 18:29:10 -------- d-----w- C:\Users\Boneman\.bitrock
    2011-12-04 18:10:30 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
    2011-12-04 18:09:45 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2011-12-04 18:09:45 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2011-12-04 17:59:08 -------- d-----w- C:\Program Files (x86)\Xvid
    2011-12-03 06:22:06 -------- d-----w- C:\Users\Boneman\AppData\Local\Oberon Media
    2011-11-30 05:16:59 -------- d-----w- C:\Program Files (x86)\Common Files\Oberon Media
    2011-11-30 04:39:12 -------- d-----w- C:\Users\Boneman\AppData\Roaming\Oberon Media
    2011-11-30 04:03:21 -------- d-----w- C:\ProgramData\Oberon Media
    2011-11-30 04:03:10 -------- d-----w- C:\Program Files (x86)\Oberon Media
    2011-11-26 19:54:27 2562368 ----a-w- C:\Windows\System32\nvsvcr.dll
    2011-11-26 19:51:50 14854464 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
    2011-11-24 01:29:36 406336 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2011-11-20 11:48:05 -------- d-----w- C:\ProgramData\Big Fish Games
    2011-11-20 10:10:18 -------- d-----w- C:\ProgramData\PopCap Games
    2011-11-20 10:10:18 -------- d-----w- C:\Program Files (x86)\PopCap Games
    2011-11-20 09:46:30 660368 ----a-w- C:\Windows\System32\deployJava1.dll
    .
    ==================== Find3M ====================
    .
    2011-12-12 02:32:03 69792 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-24 02:47:47 6004544 ----a-w- C:\Windows\System32\nvcpl.dll
    2011-11-24 02:41:24 3028800 ----a-w- C:\Windows\System32\nvsvc64.dll
    2011-11-24 02:38:49 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
    2011-11-24 02:38:44 63296 ----a-w- C:\Windows\System32\nvshext.dll
    2011-11-24 02:38:44 118080 ----a-w- C:\Windows\System32\nvmctray.dll
    2011-11-09 14:21:44 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
    2011-11-09 14:21:39 187200 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
    2011-11-09 14:21:39 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
    2011-11-09 05:16:19 13812256 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
    2011-11-05 10:02:35 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
    2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
    2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-10-20 05:10:14 22872 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
    2011-10-19 00:53:14 2957544 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
    2011-10-18 23:10:30 99432 ----a-w- C:\Windows\System32\RCoInst64.dll
    2011-10-18 18:55:50 331880 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
    2011-10-18 18:47:22 1914472 ----a-w- C:\Windows\System32\RtkApi64.dll
    2011-10-18 16:05:00 2528872 ----a-w- C:\Windows\System32\RtPgEx64.dll
    2011-10-17 22:30:38 3213928 ----a-w- C:\Windows\System32\RtkAPO64.dll
    2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    .
    ============= FINISH: 1:17:06.39 ===============

  • #2
    Attach log
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/3/2011 11:04:36 PM
    System Uptime: 12/20/2011 12:48:30 AM (1 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA770T-UD3P
    Processor: AMD Phenom(tm) II X4 965 Processor | Socket M2 | 3400/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 932 GiB total, 865.675 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 28 GiB total, 6.382 GiB free.
    F: is FIXED (NTFS) - 37 GiB total, 36.966 GiB free.
    G: is CDROM (CDFS)
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP174: 12/17/2011 2:17:13 AM - 12-17-11
    RP175: 12/17/2011 2:20:18 AM - Device Driver Package Install: NVIDIA Display adapters
    RP176: 12/17/2011 6:40:53 AM - Installed iTunes
    RP177: 12/18/2011 10:19:16 AM - Restore Operation
    RP178: 12/18/2011 5:48:02 PM - Installed Perfect Attorney - Forms
    RP179: 12/18/2011 5:49:01 PM - Installed Perfect Attorney - Forms
    RP180: 12/18/2011 5:54:53 PM - Installed Perfect Attorney - Tutorials
    RP181: 12/18/2011 5:57:46 PM - Installed Perfect Attorney - Federal
    RP182: 12/18/2011 6:01:37 PM - Installed Perfect Attorney - Business
    RP183: 12/18/2011 6:03:37 PM - Installed Perfect Attorney - Divorce & Video
    RP184: 12/18/2011 6:22:04 PM - IObit Uninstaller restore point
    RP185: 12/18/2011 7:00:04 PM - Windows Backup
    RP186: 12/18/2011 10:14:46 PM - Windows Update
    RP187: 12/19/2011 4:25:23 AM - Installed iTunes
    RP188: 12/19/2011 7:32:42 AM - Restore Operation
    RP189: 12/19/2011 8:36:45 AM - Installed iTunes
    RP190: 12/19/2011 4:54:17 PM - Installed IncrediMail.
    RP191: 12/19/2011 5:35:47 PM - Installed SpyHunter
    RP192: 12/19/2011 6:23:56 PM - IObit Uninstaller restore point
    RP193: 12/19/2011 6:24:11 PM - Removed SpyHunter
    RP194: 12/20/2011 12:13:57 AM - IObit Uninstaller restore point
    RP195: 12/20/2011 12:14:41 AM - Removed IncrediMail.
    RP196: 12/20/2011 12:34:42 AM - IObit Uninstaller restore point
    .
    ==== Installed Programs ======================
    .
    Adobe Reader X (10.1.1)
    Advanced SystemCare 5
    AMD System Monitor
    Apple Application Support
    Apple Software Update
    Bandicam
    Bandisoft MPEG-1 Decoder
    Bejeweled 2
    Bejeweled 2 Deluxe
    Call of Duty: Black Ops
    Call of Duty: Black Ops - Multiplayer
    Call of Duty: Modern Warfare 2 - Multiplayer
    CNET TechTracker
    D3DX10
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Driver Whiz
    eReg
    Expert PDF 7 Reader
    FileHippo.com Update Checker
    Game Booster 3
    iLivid
    InstallIQ Updater
    Internet TV for Windows Media Center
    IObit Malware Fighter
    Junk Mail filter update
    LastPass (uninstall only)
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Messenger Companion
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 9.0 (x86 en-US)
    Mplayer 0.6.9
    MSI Afterburner 2.1.0
    MSVCRT
    MSVCRT_amd64
    Netflix in Windows Media Center
    NVIDIA 3D Vision Controller Driver
    NVIDIA Performance
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    NVIDIA System Monitor
    NVIDIA System Update
    Picasa 3
    Razer Lycosa
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    RtkDashClientInstaller
    Sansa Updater
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    SIW version 2011.10.29
    Skype Click to Call
    Skype™ 5.7
    Smart Defrag 2
    Steam
    System Requirements Lab
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    VC80CRTRedist - 8.0.50727.6195
    Verizon Mobile Broadband Drivers
    Verizon Wireless USB760 Firmware Updates
    VZAccess Manager
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Xvid Video Codec
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/20/2011 12:50:08 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    12/20/2011 12:47:39 AM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 5 service terminated unexpectedly. It has done this 1 time(s).
    12/19/2011 9:02:55 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{ba905d59-a601-11e0-8e8d-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{C1C4BD41-BAF8-4E18-A3D4-02095E6E66D7}' was corrupted and it has been recovered. Some data might have been lost.
    12/19/2011 9:02:36 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{ba905d59-a601-11e0-8e8d-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{9338A5B5-C412-4A1D-8E23-76B3D7A3869B}' was corrupted and it has been recovered. Some data might have been lost.
    12/19/2011 9:02:31 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{ba905d59-a601-11e0-8e8d-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{E6D457AF-66AD-44E7-BCEE-37E2F66788B4}' was corrupted and it has been recovered. Some data might have been lost.
    12/19/2011 9:02:28 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{ba905d59-a601-11e0-8e8d-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{EF00FE70-A719-47D3-A9E2-28FE99B65A30}' was corrupted and it has been recovered. Some data might have been lost.
    12/19/2011 8:36:42 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/19/2011 8:34:22 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
    12/19/2011 7:45:27 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1260.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    12/19/2011 7:35:19 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
    12/19/2011 4:16:32 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/19/2011 11:51:56 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    12/19/2011 11:51:32 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    12/18/2011 9:05:10 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1260.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    12/18/2011 8:55:32 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/18/2011 4:34:48 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1260.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    12/18/2011 4:25:05 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/18/2011 2:31:58 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/18/2011 10:37:40 AM, Error: Service Control Manager [7000] - The atillk64 service failed to start due to the following error: The system cannot find the file specified.
    12/18/2011 10:37:40 AM, Error: Service Control Manager [7000] - The atidgllk service failed to start due to the following error: The system cannot find the file specified.
    12/18/2011 10:36:48 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1260.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    12/18/2011 1:03:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1260.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    12/17/2011 9:37:39 PM, Error: Service Control Manager [7024] - The Power service terminated with service-specific error The operation completed successfully..
    12/17/2011 6:25:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    12/17/2011 6:25:16 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/17/2011 5:08:45 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {A483C63A-CDBC-426E-BF93-872502E8144E}. The error: "740" Happened while starting this command: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_95_ActiveX.exe -Embedding
    12/17/2011 5:02:43 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121711-21840-01.
    12/17/2011 3:54:55 PM, Error: RasMan [20276] - CoId={72B6795C-ECF8-4E9E-9B16-88EE87981815}: Layer=PPP: SubLayer=LCP: The connection attempt failed on port: COM4 because of the authentication protocol selected. Check to see if the authentication protocol is supported in the operating systems at the client and server ends of the connection
    12/16/2011 6:08:55 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\UpdatusUser\ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.
    12/16/2011 6:07:04 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/16/2011 3:49:10 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/16/2011 11:10:46 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {A483C63A-CDBC-426E-BF93-872502E8144E}. The error: "740" Happened while starting this command: C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_95_ActiveX.exe -Embedding
    12/15/2011 6:38:42 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/13/2011 8:08:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12/13/2011 1:16:08 AM, Error: RasMan [20276] - CoId={9E937857-85DD-4136-BD67-E9AD37B9A633}: Layer=PPP: SubLayer=LCP: The connection attempt failed on port: COM4 because of the authentication protocol selected. Check to see if the authentication protocol is supported in the operating systems at the client and server ends of the connection
    .
    ==== End Of File ===========================

    Comment


    • #3
      Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

      1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
      2. The fixes are specific to your problem and should only be used for this issue on this machine.
      3. If you don't know or understand something, please don't hesitate to ask.
      4. Please DO NOT run any other tools or scans while I am helping you.
      5. It is important that you reply to this thread. Do not start a new topic.
      6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
      7. Absence of symptoms does not mean that everything is clear.

      If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
      *************************************************************
      Did you create this folder or do you know what it's for?
      Code:
      C:\sh4ldr
      Download Security Check by screen317 from one of the following links and save it to your desktop.

      Link 1
      Link 2

      * Double-click Security Check.bat
      * Follow the on-screen instructions inside of the black box.
      * A Notepad document should open automatically called checkup.txt
      * Post the contents of that document in your next reply.

      Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
      *****************************************************

      SUPERAntiSpyware

      If you already have SUPERAntiSpyware be sure to check for updates before scanning!

      Download SuperAntispyware Free Edition (SAS)
      * Double-click the icon on your desktop to run the installer.
      * When asked to Update the program definitions, click Yes
      * If you encounter any problems while downloading the updates, manually download and unzip them from here
      * Next click the Preferences button.

      •Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
      * Click the Scanning Control tab.
      * Under Scanner Options make sure only the following are checked:

      •Close browsers before scanning
      •Scan for tracking cookies
      •Terminate memory threats before quarantining
      Please leave the others unchecked

      •Click the Close button to leave the control center screen.

      * On the main screen click Scan your computer
      * On the left check the box for the drive you are scanning.
      * On the right choose Perform Complete Scan
      * Click Next to start the scan. Please be patient while it scans your computer.
      * After the scan is complete a summary box will appear. Click OK
      * Make sure everything in the white box has a check next to it, then click Next
      * It will quarantine what it found and if it asks if you want to reboot, click Yes

      •To retrieve the removal information please do the following:
      •After reboot, double-click the SUPERAntiSpyware icon on your desktop.
      •Click Preferences. Click the Statistics/Logs tab.

      •Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

      •It will open in your default text editor (preferably Notepad).
      •Save the notepad file to your desktop by clicking (in notepad) File > Save As...

      * Save the log somewhere you can easily find it. (normally the desktop)
      * Click close and close again to exit the program.
      *Copy and Paste the log in your post.
      *********************************************


      Please download Malwarebytes Anti-Malware from here.
      Double Click mbam-setup.exe to install the application.
      • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
      • If an update is found, it will download and install the latest version.
      • Once the program has loaded, select "Perform Full Scan", then click Scan.
      • The scan may take some time to finish,so please be patient.
      • When the scan is complete, click OK, then Show Results to view the results.
      • Make sure that everything is checked, and click Remove Selected.
      • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
      • Please save the log to a location you will remember.
      • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
      • Copy and paste the entire report in your next reply.
      Extra Note:

      If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

      Comment


      • #4
        Hi Superdave,

        Misleading.WindowPolicePro, FILE, C:\Windows\system32\Macromed\Flash\mms.cfg, 1009971


        mms.cfg found by IMF may well be a false positive, as in all the PCs with IMF I have seen (even with db 1089), most resent flash mms.cfg file is flagged as a malware.

        Cheers.
        enoskype

        - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

        Comment


        • #5
          Hello edat362007, SuperDave, and Enoskype!

          The IMF possible false positive really doesn't matter as DDS indicates a few problems anyway and the machine should be put through the process of cleaning.

          Sincerely,
          -Mel
          Live long and prosper!

          To edat362007. Welcome to Iobit forum!! Please follow all of SuperDaves instructions exactly as he posts them!:wink:

          To Enoskype: Thank you for your diligence! The varient of WindowPolicePro (known malware does not insert this... it is part of the flash system and is indeed a FP).
          Last edited by Melvin_Deal; Dec. 21st, 2011, 01:10.


          Comment


          • #6
            Hello, Dave, Enoskype, and Melvin. Thanks for the welcome and taking your time to help me with this issue.

            "Did you create this folder or do you know what it's for?
            Code:

            C:\sh4ldr". No I did not and I have no idea what it is for.

            Results of screen317's Security Check version 0.99.29
            Windows 7 x64 (UAC is enabled)
            Internet Explorer 9
            ``````````````````````````````
            Antivirus/Firewall Check:

            Windows Firewall Enabled!
            WMI entry may not exist for antivirus; attempting automatic update.
            ```````````````````````````````
            Anti-malware/Other Utilities Check:

            Malwarebytes' Anti-Malware
            Adobe Reader X (10.1.1)
            Mozilla Firefox (9.0.)
            ````````````````````````````````
            Process Check:
            objlist.exe by Laurent

            Windows Defender MSMpEng.exe
            Malwarebytes' Anti-Malware mbamservice.exe
            Malwarebytes' Anti-Malware mbamgui.exe
            Microsoft Security Essentials msseces.exe
            Microsoft Security Client Antimalware MsMpEng.exe
            IObit IObit Malware Fighter IMFsrv.exe
            Microsoft Security Client Antimalware NisSrv.exe
            IObit IObit Malware Fighter IMF.exe
            ``````````End of Log````````````

            I just finished downloading the other 2 you told me to and I am running them after I post this reply.
            Originally posted by Melvin_Deal View Post
            The IMF possible false positive really doesn't matter as DDS indicates a few problems anyway and the machine should be put through the process of cleaning.

            Sincerely,
            -Mel
            Live long and prosper!

            To edat362007. Welcome to Iobit forum!! Please follow all of SuperDaves instructions exactly as he posts them!:wink:

            To Enoskype: Thank you for your diligence! The varient of WindowPolicePro (known malware does not insert this... it is part of the flash system and is indeed a FP).
            I have been reading the forums a lot lately and have seen your 3 names quite a bit and I must say you guys rock. I will follow Dave's instructions to the letter and look forward to learning something here.

            Comment


            • #7
              Here are the other 2 logs

              SUPERAntiSpyware Scan Log
              http://www.superantispyware.com

              Generated 12/20/2011 at 10:51 PM

              Application Version : 5.0.1142

              Core Rules Database Version : 8076
              Trace Rules Database Version: 5888

              Scan type : Complete Scan
              Total Scan Time : 00:31:44

              Operating System Information
              Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
              UAC On - Limited User

              Memory items scanned : 580
              Memory threats detected : 0
              Registry items scanned : 74315
              Registry threats detected : 0
              File items scanned : 132300
              File threats detected : 2

              Adware.Tracking Cookie
              C:\USERS\MRS. BONEMAN\AppData\Roaming\Microsoft\Windows\Cookies\H25H54XI.txt [ Cookie:mrs. boneman@2o7.net/ ]
              C:\USERS\MRS. BONEMAN\Cookies\H25H54XI.txt [ Cookie:mrs. boneman@2o7.net/ ]

              Malwarebytes' Anti-Malware 1.51.2.1300
              www.malwarebytes.org

              Database version: 911122102

              Windows 6.1.7601 Service Pack 1
              Internet Explorer 9.0.8112.16421

              12/20/2011 10:07:26 PM
              mbam-log-2011-12-20 (22-07-26).txt

              Scan type: Full scan (C:\|E:\|F:\|)
              Objects scanned: 330576
              Time elapsed: 23 minute(s), 1 second(s)

              Memory Processes Infected: 0
              Memory Modules Infected: 0
              Registry Keys Infected: 0
              Registry Values Infected: 0
              Registry Data Items Infected: 0
              Folders Infected: 0
              Files Infected: 0

              Memory Processes Infected:
              (No malicious items detected)

              Memory Modules Infected:
              (No malicious items detected)

              Registry Keys Infected:
              (No malicious items detected)

              Registry Values Infected:
              (No malicious items detected)

              Registry Data Items Infected:
              (No malicious items detected)

              Folders Infected:
              (No malicious items detected)

              Files Infected:
              (No malicious items detected)

              Comment


              • #8
                Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

                link # 1
                Link # 2
                If you are using Firefox, make sure that your download settings are as follows:

                * Tools->Options->Main tab
                * Set to "Always ask me where to Save the files".

                Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

                Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

                Right-click combofix.exe and select Run as Administrator and follow the prompts.
                When finished, ComboFix will produce a log for you.
                Post the ComboFix login your next reply.

                NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

                Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

                Comment


                • #9
                  ComboFix report

                  ComboFix 11-12-25.01 - Boneman 12/25/2011 19:01:32.3.4 - x64
                  Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2724 [GMT -6:00]
                  Running from: c:\users\Boneman\Desktop\ComboFix.exe
                  AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
                  SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
                  SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
                  SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                  .
                  .
                  ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  c:\windows\system32\java.exe
                  .
                  .
                  ((((((((((((((((((((((((( Files Created from 2011-11-26 to 2011-12-26 )))))))))))))))))))))))))))))))
                  .
                  .
                  2011-12-26 01:05 . 2011-12-26 01:05 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DDC4972-1170-45A8-BF9A-88B6B669C117}\offreg.dll
                  2011-12-26 01:05 . 2011-12-26 01:05 -------- d-----w- c:\users\Mrs. Boneman\AppData\Local\temp
                  2011-12-26 01:05 . 2011-12-26 01:05 -------- d-----w- c:\users\Default\AppData\Local\temp
                  2011-12-26 00:41 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DDC4972-1170-45A8-BF9A-88B6B669C117}\mpengine.dll
                  2011-12-21 18:21 . 2011-12-21 18:21 -------- d-----w- c:\users\Mrs. Boneman\vw
                  2011-12-21 18:20 . 2011-12-21 18:20 -------- d-----w- c:\users\Mrs. Boneman\MyConnection PC
                  2011-12-21 18:19 . 2011-12-21 18:19 -------- d-----w- c:\users\Mrs. Boneman\AppData\Roaming\SUPERAntiSpyware.com
                  2011-12-21 05:30 . 2011-12-21 05:30 -------- d-----w- c:\users\Boneman\vw
                  2011-12-21 05:30 . 2011-12-21 05:30 -------- d-----w- c:\users\Boneman\MyConnection PC
                  2011-12-21 05:30 . 2011-12-21 05:30 -------- d-----w- c:\program files (x86)\MyConnection PC
                  2011-12-21 05:29 . 2004-12-07 03:31 49265 ----a-w- c:\windows\SysWow64\jpicpl32.cpl
                  2011-12-21 05:28 . 2011-12-21 05:28 -------- d-----w- c:\program files (x86)\Common Files\Java
                  2011-12-21 04:13 . 2011-12-21 04:13 -------- d-----w- c:\users\Boneman\AppData\Roaming\SUPERAntiSpyware.com
                  2011-12-21 04:11 . 2011-12-21 04:13 -------- d-----w- c:\program files\SUPERAntiSpyware
                  2011-12-21 04:11 . 2011-12-21 04:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
                  2011-12-19 23:36 . 2011-12-20 00:24 -------- d-----w- C:\sh4ldr
                  2011-12-19 22:55 . 2011-12-19 23:03 -------- d-----w- c:\users\Mrs. Boneman\AppData\Local\IM
                  2011-12-19 22:54 . 2011-12-20 04:45 -------- d-----w- c:\users\Boneman\AppData\Local\IM
                  2011-12-19 22:54 . 2011-12-19 22:56 -------- d-----w- c:\programdata\IM
                  2011-12-19 22:54 . 2011-12-19 22:54 -------- d-----w- c:\programdata\IncrediMail
                  2011-12-19 14:37 . 2009-05-18 19:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
                  2011-12-19 14:37 . 2008-04-17 18:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
                  2011-12-17 12:41 . 2011-12-19 10:25 -------- d-----w- c:\program files\iPod
                  2011-12-17 12:41 . 2011-12-19 10:25 -------- d-----w- c:\programdata\Apple Computer
                  2011-12-17 12:41 . 2011-12-17 12:41 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
                  2011-12-17 12:40 . 2011-12-17 12:40 -------- d-----w- c:\users\Boneman\AppData\Local\Apple
                  2011-12-17 12:40 . 2011-12-17 12:40 -------- d-----w- c:\program files (x86)\Apple Software Update
                  2011-12-17 12:40 . 2011-12-17 12:40 -------- d-----w- c:\program files\Common Files\Apple
                  2011-12-17 12:40 . 2011-12-17 12:40 -------- d-----w- c:\program files\Bonjour
                  2011-12-17 12:40 . 2011-12-17 12:40 -------- d-----w- c:\program files (x86)\Bonjour
                  2011-12-17 12:40 . 2011-12-17 12:40 -------- d-----w- c:\programdata\Apple
                  2011-12-17 12:40 . 2011-12-17 12:40 -------- d-----w- c:\program files (x86)\Common Files\Apple
                  2011-12-17 08:22 . 2011-12-25 21:59 -------- d-----w- c:\users\UpdatusUser
                  2011-12-17 07:00 . 2011-12-17 07:00 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
                  2011-12-14 03:08 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
                  2011-12-14 03:08 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
                  2011-12-14 03:08 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
                  2011-12-14 03:08 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
                  2011-12-14 02:54 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
                  2011-12-14 02:54 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
                  2011-12-14 00:19 . 2011-12-14 00:19 4448256 ----a-w- c:\windows\SysWow64\GPhotos.scr
                  2011-12-12 02:15 . 2011-12-12 02:15 -------- d-----w- c:\users\Boneman\AppData\Roaming\SanDisk
                  2011-12-09 16:26 . 2011-12-09 16:26 -------- d-----w- c:\users\Mrs. Boneman\AppData\Roaming\Malwarebytes
                  2011-12-09 06:32 . 2011-12-09 06:32 53248 ----a-r- c:\users\Boneman\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
                  2011-12-09 06:04 . 2011-12-09 06:04 -------- d-----w- c:\users\Boneman\AppData\Roaming\Malwarebytes
                  2011-12-09 06:04 . 2011-12-09 06:04 -------- d-----w- c:\programdata\Malwarebytes
                  2011-12-09 06:03 . 2011-12-09 06:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
                  2011-12-09 06:03 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
                  2011-12-09 05:57 . 2011-12-09 05:57 -------- d-----w- c:\users\Boneman\AppData\Roaming\CBS Interactive
                  2011-12-07 00:18 . 2011-12-07 00:18 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
                  2011-12-07 00:18 . 2011-12-07 00:18 -------- d-----w- c:\programdata\W3i
                  2011-12-07 00:18 . 2011-12-07 00:18 -------- d-----w- c:\program files (x86)\W3i
                  2011-12-05 15:17 . 2011-12-05 15:17 -------- d-----w- c:\users\Boneman\AppData\Roaming\Expert PDF 7
                  2011-12-05 11:19 . 2011-12-05 11:19 -------- d-----w- c:\programdata\Movielink
                  2011-12-05 11:19 . 2011-12-05 15:38 -------- d-----w- c:\program files (x86)\Blockbuster
                  2011-12-05 09:10 . 2011-12-05 09:10 -------- d-----w- c:\program files (x86)\Common Files\Skype
                  2011-12-05 09:06 . 2011-12-12 02:32 417952 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
                  2011-12-05 09:04 . 2011-12-16 09:50 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
                  2011-12-05 09:04 . 2011-12-10 01:40 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
                  2011-12-05 09:04 . 2011-12-10 01:40 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
                  2011-12-05 09:04 . 2011-12-10 01:40 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
                  2011-12-05 05:25 . 2011-12-17 06:31 -------- d-----w- c:\users\Boneman\AppData\Roaming\GetRightToGo
                  2011-12-05 05:20 . 2011-12-05 05:20 -------- d-----w- c:\program files (x86)\FileHippo.com
                  2011-12-04 19:19 . 2011-12-05 09:47 -------- d-----w- c:\users\Boneman\AppData\Roaming\DivX
                  2011-12-04 19:19 . 2011-12-06 04:45 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
                  2011-12-04 19:09 . 2011-12-06 04:45 -------- d-----w- c:\program files (x86)\DivX
                  2011-12-04 19:02 . 2011-12-04 19:02 -------- d-----w- c:\users\Boneman\AppData\Local\Ilivid Player
                  2011-12-04 18:45 . 2011-12-04 18:45 -------- d-----w- c:\users\Boneman\AppData\Local\PackageAware
                  2011-12-04 18:44 . 2011-12-04 18:44 -------- d-----w- c:\program files (x86)\Avanquest
                  2011-12-04 18:29 . 2011-12-04 18:29 -------- d-----w- c:\users\Boneman\.bitrock
                  2011-12-04 18:10 . 2011-12-04 18:10 -------- d-----w- c:\program files (x86)\Common Files\xing shared
                  2011-12-04 18:09 . 2011-12-04 18:09 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
                  2011-12-04 18:09 . 2011-12-04 18:09 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
                  2011-12-03 06:22 . 2011-12-05 16:27 -------- d-----w- c:\users\Boneman\AppData\Local\Oberon Media
                  2011-11-30 05:17 . 2011-11-30 05:17 -------- d-----w- c:\users\Mrs. Boneman\AppData\Local\Oberon Media
                  2011-11-30 05:16 . 2011-11-30 05:17 -------- d-----w- c:\program files (x86)\Common Files\Oberon Media
                  2011-11-30 04:39 . 2011-11-30 17:16 -------- d-----w- c:\users\Boneman\AppData\Roaming\Oberon Media
                  2011-11-30 04:03 . 2011-11-30 05:21 -------- d-----w- c:\programdata\Oberon Media
                  2011-11-30 04:03 . 2011-12-06 04:01 -------- d-----w- c:\program files (x86)\Oberon Media
                  2011-11-30 03:44 . 2011-11-30 05:19 -------- d-----w- c:\users\Mrs. Boneman\AppData\Roaming\Oberon Media
                  2011-11-26 19:54 . 2011-11-24 02:38 2562368 ----a-w- c:\windows\system32\nvsvcr.dll
                  2011-11-26 19:51 . 2011-11-24 04:59 14854464 ----a-w- c:\windows\SysWow64\nvd3dum.dll
                  .
                  .
                  .
                  (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2011-12-17 07:00 . 2011-11-20 09:46 660368 ----a-w- c:\windows\system32\deployJava1.dll
                  2011-12-12 02:32 . 2011-07-04 09:11 69792 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
                  2011-11-24 04:59 . 2011-11-05 07:10 7677248 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
                  2011-11-24 04:59 . 2011-11-05 07:10 1726272 ----a-w- c:\windows\system32\nvdispco64.dll
                  2011-11-24 04:59 . 2011-11-05 07:10 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
                  2011-11-24 04:59 . 2011-08-02 06:24 9622848 ----a-w- c:\windows\system32\nvwgf2umx.dll
                  2011-11-24 04:59 . 2011-08-02 06:24 2403136 ----a-w- c:\windows\system32\nvapi64.dll
                  2011-11-24 04:59 . 2011-08-02 06:24 2095424 ----a-w- c:\windows\SysWow64\nvapi.dll
                  2011-11-24 02:47 . 2011-08-02 06:25 6004544 ----a-w- c:\windows\system32\nvcpl.dll
                  2011-11-24 02:41 . 2011-08-02 06:25 3028800 ----a-w- c:\windows\system32\nvsvc64.dll
                  2011-11-24 02:38 . 2011-08-02 06:25 889664 ----a-w- c:\windows\system32\nvvsvc.exe
                  2011-11-24 02:38 . 2011-08-02 06:25 63296 ----a-w- c:\windows\system32\nvshext.dll
                  2011-11-24 02:38 . 2011-08-02 06:25 118080 ----a-w- c:\windows\system32\nvmctray.dll
                  2011-11-24 01:29 . 2011-11-24 01:29 406336 ----a-w- c:\windows\SysWow64\nvStreaming.exe
                  2011-11-21 11:40 . 2011-07-04 15:09 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
                  2011-11-09 05:16 . 2011-11-09 05:16 13812256 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
                  2011-11-05 10:02 . 2011-07-04 07:29 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
                  2011-10-20 05:10 . 2011-11-20 04:00 22872 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
                  2011-10-19 00:53 . 2011-11-05 11:54 2957544 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
                  2011-10-18 23:10 . 2011-11-05 11:54 99432 ----a-w- c:\windows\system32\RCoInst64.dll
                  2011-10-18 18:55 . 2011-11-05 11:54 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll
                  2011-10-18 18:47 . 2011-11-05 11:54 1914472 ----a-w- c:\windows\system32\RtkApi64.dll
                  2011-10-18 16:05 . 2011-11-05 11:54 2528872 ----a-w- c:\windows\system32\RtPgEx64.dll
                  2011-10-17 22:30 . 2011-11-05 11:54 3213928 ----a-w- c:\windows\system32\RtkAPO64.dll
                  2011-10-04 22:22 . 2011-10-15 22:58 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{986866F6-04DA-47F4-94A0-851A2A3DA9D2}\gapaengine.dll
                  2011-09-29 16:29 . 2011-11-09 05:17 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
                  .
                  .
                  ((((((((((((((((((((((((((((( SnapShot@2011-12-20_05.54.06 )))))))))))))))))))))))))))))))))))))))))
                  .
                  + 2011-12-21 05:29 . 2004-12-07 02:04 49250 c:\windows\SysWOW64\javaw.exe
                  + 2011-12-21 05:29 . 2004-12-07 02:04 49248 c:\windows\SysWOW64\java.exe
                  + 2011-07-04 04:20 . 2011-12-25 21:50 45434 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
                  + 2009-07-14 05:10 . 2011-12-25 21:50 33164 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
                  - 2011-07-04 05:55 . 2011-12-05 18:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
                  + 2011-07-04 05:55 . 2011-12-23 00:24 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
                  + 2011-12-23 00:24 . 2011-12-23 00:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
                  - 2011-07-04 05:55 . 2011-12-05 18:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
                  - 2009-07-14 04:54 . 2011-12-05 18:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
                  + 2009-07-14 04:54 . 2011-12-23 00:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
                  + 2011-07-11 21:37 . 2011-12-22 00:27 3280 c:\windows\system32\wdi\ERCQueuedResolutions.dat
                  - 2011-07-11 21:37 . 2011-11-27 19:01 3280 c:\windows\system32\wdi\ERCQueuedResolutions.dat
                  + 2011-11-07 05:38 . 2011-12-25 13:46 5176 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-954268748-191027934-3546955144-1006_UserData.bin
                  + 2011-07-04 04:17 . 2011-12-25 21:50 8794 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-954268748-191027934-3546955144-1000_UserData.bin
                  - 2011-12-20 05:53 . 2011-12-20 05:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
                  + 2011-12-26 01:05 . 2011-12-26 01:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
                  + 2011-12-26 01:05 . 2011-12-26 01:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
                  - 2011-12-20 05:53 . 2011-12-20 05:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
                  + 2011-12-21 05:29 . 2004-12-07 03:31 127078 c:\windows\SysWOW64\javaws.exe
                  + 2011-07-06 01:22 . 2011-12-25 21:16 314578 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
                  + 2009-07-14 02:36 . 2011-12-22 03:48 659832 c:\windows\system32\perfh009.dat
                  - 2009-07-14 02:36 . 2011-12-19 20:23 659832 c:\windows\system32\perfh009.dat
                  - 2009-07-14 02:36 . 2011-12-19 20:23 120522 c:\windows\system32\perfc009.dat
                  + 2009-07-14 02:36 . 2011-12-22 03:48 120522 c:\windows\system32\perfc009.dat
                  + 2009-07-14 05:01 . 2011-12-26 01:05 317292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
                  - 2009-07-14 05:01 . 2011-12-20 05:52 317292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
                  + 2011-12-21 05:27 . 2011-12-21 05:27 180224 c:\windows\Installer\118622.msi
                  + 2011-10-12 02:22 . 2011-12-22 20:23 9250483 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-954268748-191027934-3546955144-1006-8192.dat
                  + 2011-07-04 08:02 . 2011-12-26 01:05 21640536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-954268748-191027934-3546955144-1000-8192.dat
                  + 2011-07-04 08:53 . 2011-12-21 05:08 15460580 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-954268748-191027934-3546955144-1000-12288.dat
                  .
                  ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  *Note* empty entries & legit default entries are not shown
                  REGEDIT4
                  .
                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-17 619352]
                  "SansaDispatch"="c:\users\Boneman\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-12-12 79872]
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                  "Lycosa"="c:\program files (x86)\Razer\Razer Lycosa\razerhid.exe" [2011-03-22 233984]
                  "IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2011-10-08 4441944]
                  "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-12-04 296056]
                  "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
                  "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
                  "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
                  .
                  c:\users\Boneman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
                  Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                  "ConsentPromptBehaviorAdmin"= 5 (0x5)
                  "ConsentPromptBehaviorUser"= 3 (0x3)
                  "EnableUIADesktopToggle"= 0 (0x0)
                  .
                  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
                  Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
                  .
                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
                  @=""
                  .
                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
                  @="Service"
                  .
                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
                  @="Service"
                  .
                  R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
                  R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
                  R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2011-12-12 252064]
                  R3 atillk64;atillk64; [x]
                  R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
                  R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
                  R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
                  R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [x]
                  R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
                  R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-09-20 33184]
                  R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
                  R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-09-20 21872]
                  R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
                  R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-10-08 20336]
                  S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
                  S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
                  S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
                  S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
                  S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
                  S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-17 494424]
                  S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-10-08 820568]
                  S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
                  S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-11-24 2348864]
                  S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]
                  S2 RtDashPt;Realtek DASH Protocol Driver;c:\windows\system32\DRIVERS\RtDashPt.sys [x]
                  S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-24 381248]
                  S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]
                  S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
                  S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
                  S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [x]
                  S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [x]
                  S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [x]
                  S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [x]
                  S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
                  S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
                  S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
                  S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]
                  .
                  .
                  Contents of the 'Scheduled Tasks' folder
                  .
                  2011-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job
                  - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2011-12-05 02:32]
                  .
                  2011-12-26 c:\windows\Tasks\RtlDashSrvStart.job
                  - c:\program files (x86)\Realtek\RtkDashClientInstaller\RtkDashClient.exe [2011-09-22 21:21]
                  .
                  .
                  --------- x86-64 -----------
                  .
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
                  "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
                  "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
                  .
                  ------- Supplementary Scan -------
                  .
                  uLocal Page = c:\windows\system32\blank.htm
                  uStart Page = hxxp://www.google.com/
                  uDefault_Search_URL = hxxp://www.google.com/ie
                  uInternet Settings,ProxyOverride = *.local
                  uSearchAssistant = hxxp://www.google.com/ie
                  uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
                  IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
                  IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
                  IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
                  IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
                  IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
                  FF - ProfilePath - c:\users\Boneman\AppData\Roaming\Mozilla\Firefox\Profiles\r6rbl1ew.default\
                  FF - prefs.js: browser.search.selectedEngine - Google
                  FF - prefs.js: browser.startup.homepage - hxxp://google.com
                  FF - prefs.js: network.proxy.type - 0
                  FF - user.js: browser.cache.memory.capacity - 65536
                  FF - user.js: browser.chrome.favicons - false
                  FF - user.js: browser.display.show_image_placeholders - true
                  FF - user.js: browser.turbo.enabled - true
                  FF - user.js: browser.urlbar.autocomplete.enabled - true
                  FF - user.js: browser.urlbar.autofill - true
                  FF - user.js: browser.xul.error_pages.enabled - true
                  FF - user.js: content.interrupt.parsing - true
                  FF - user.js: content.max.tokenizing.time - 3000000
                  FF - user.js: content.maxtextrun - 8191
                  FF - user.js: content.notify.backoffcount - 5
                  FF - user.js: content.notify.interval - 750000
                  FF - user.js: content.notify.ontimer - true
                  FF - user.js: content.switch.threshold - 750000
                  FF - user.js: extensions.autoDisableScopes - 14
                  FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,BestVideoDownloader,BestVideoDownloader,
                  FF - user.js: extentions.y2layers.installId - 0129782b-dc9f-42a3-8d8e-eaf5570bb570
                  FF - user.js: network.http.max-connections - 32
                  FF - user.js: network.http.max-connections-per-server - 8
                  FF - user.js: network.http.max-persistent-connections-per-proxy - 8
                  FF - user.js: network.http.max-persistent-connections-per-server - 4
                  FF - user.js: network.http.pipelining - true
                  FF - user.js: network.http.pipelining.maxrequests - 8
                  FF - user.js: network.http.proxy.pipelining - true
                  FF - user.js: network.http.request.max-start-delay - 0
                  FF - user.js: nglayout.initialpaint.delay - 0
                  FF - user.js: plugin.expose_full_path - true
                  FF - user.js: security.csp.enable - false
                  FF - user.js: ui.submenuDelay - 0
                  FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
                  .
                  - - - - ORPHANS REMOVED - - - -
                  .
                  BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)
                  .
                  .
                  .
                  --------------------- LOCKED REGISTRY KEYS ---------------------
                  .
                  [HKEY_USERS\S-1-5-21-954268748-191027934-3546955144-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
                  @Denied: (2) (LocalSystem)
                  "Progid"="WindowsLiveMail.Email.1"
                  .
                  [HKEY_USERS\S-1-5-21-954268748-191027934-3546955144-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
                  @Denied: (2) (LocalSystem)
                  "Progid"="WindowsLiveMail.VCard.1"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
                  @Denied: (A 2) (Everyone)
                  @="FlashBroker"
                  "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_95_ActiveX.exe,-101"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
                  "Enabled"=dword:00000001
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
                  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_95_ActiveX.exe"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
                  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
                  @Denied: (A 2) (Everyone)
                  @="Shockwave Flash Object"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
                  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_95.ocx"
                  "ThreadingModel"="Apartment"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
                  @="0"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
                  @="ShockwaveFlash.ShockwaveFlash.10"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_95.ocx, 1"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
                  @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
                  @="1.0"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                  @="ShockwaveFlash.ShockwaveFlash"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
                  @Denied: (A 2) (Everyone)
                  @="Macromedia Flash Factory Object"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
                  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_95.ocx"
                  "ThreadingModel"="Apartment"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
                  @="FlashFactory.FlashFactory.1"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_95.ocx, 1"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
                  @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
                  @="1.0"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                  @="FlashFactory.FlashFactory"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
                  @Denied: (A 2) (Everyone)
                  @="IFlashBroker4"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
                  @="{00020424-0000-0000-C000-000000000046}"
                  .
                  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
                  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                  "Version"="1.0"
                  .
                  [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
                  @Denied: (A) (Everyone)
                  "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
                  .
                  [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
                  @Denied: (A) (Everyone)
                  .
                  [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
                  "Key"="ActionsPane3"
                  "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
                  .
                  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
                  @Denied: (A) (Users)
                  @Denied: (A) (Everyone)
                  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                  "BlindDial"=dword:00000000
                  .
                  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
                  @Denied: (Full) (Everyone)
                  .
                  ------------------------ Other Running Processes ------------------------
                  .
                  c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                  c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
                  .
                  **************************************************************************
                  .
                  Completion time: 2011-12-25 19:11:28 - machine was rebooted
                  ComboFix-quarantined-files.txt 2011-12-26 01:11
                  ComboFix2.txt 2011-12-20 05:58
                  .
                  Pre-Run: 929,106,931,712 bytes free
                  Post-Run: 928,660,074,496 bytes free
                  .
                  - - End Of File - - F56BA6362EC8F8939A3CABD810F48145

                  Comment


                  • #10
                    Please download Rooter and Save it to your desktop.
                    • Double click it to start the tool.Vista and Windows7 run as administrator.
                    • Click Scan.
                    • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

                    Comment


                    • #11
                      Rooster Log

                      Rooter.exe (v1.0.2) by Eric_71
                      .
                      SeDebugPrivilege granted successfully ...
                      .
                      Windows 7 Home Edition (6.1.7601) Service Pack 1
                      [32_bits] - AMD64 Family 16 Model 4 Stepping 3, AuthenticAMD
                      .
                      [wscsvc] (Security Center) RUNNING (state:4)
                      [MpsSvc] RUNNING (state:4)
                      Windows Firewall -> Enabled
                      Windows Defender -> Enabled
                      User Account Control (UAC) -> Enabled
                      .
                      Internet Explorer 9.0.8112.16421
                      Mozilla Firefox 9.0.1 (en-US)
                      .
                      C:\ [Fixed-NTFS] .. ( Total:931 Go - Free:864 Go )
                      D:\ [CD_Rom]
                      E:\ [Fixed-NTFS] .. ( Total:27 Go - Free:6 Go )
                      F:\ [Fixed-NTFS] .. ( Total:37 Go - Free:36 Go )
                      G:\ [CD_Rom]
                      H:\ [Removable]
                      .
                      Scan : 22:27.43
                      Path : C:\Users\Boneman\Desktop\Rooter.exe
                      User : Boneman ( Administrator -> YES )
                      .
                      ----------------------\\ Processes
                      .
                      Locked [System Process] (0)
                      Locked System (4)
                      ______ ???&?????? (284)
                      ______ ???&?????? (476)
                      ______ ???&?????? (536)
                      ______ ???&?????? (560)
                      ______ ???&?????? (608)
                      ______ ???&?????? (632)
                      ______ ???&?????? (640)
                      ______ ???&?????? (680)
                      ______ ???&?????? (772)
                      ______ C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (832)
                      ______ ???&?????? (876)
                      ______ C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (900)
                      ______ ???&?????? (932)
                      ______ ???&?????? (1008)
                      ______ ???&?????? (596)
                      ______ ???&?????? (760)
                      ______ ???&?????? (116)
                      ______ ???&?????? (1188)
                      ______ ???&?????? (1464)
                      ______ ???&?????? (1492)
                      ______ ???&?????? (1504)
                      ______ ???&?????? (1632)
                      ______ ???&?????? (1660)
                      ______ C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (1764)
                      ______ ???&?????? (1900)
                      ______ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1920)
                      ______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1948)
                      ______ ???&?????? (1076)
                      ______ ???&?????? (1356)
                      ______ ???&?????? (1428)
                      ______ ???&?????? (1052)
                      ______ ???&?????? (1332)
                      ______ ???&?????? (2120)
                      ______ ???&?????? (2344)
                      ______ ???&?????? (2436)
                      ______ ???&?????? (2688)
                      ______ ???&?????? (2744)
                      ______ ???&?????? (2768)
                      ______ ???&?????? (2812)
                      ______ ???&?????? (2948)
                      ______ ???&?????? (2980)
                      ______ C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (3040)
                      ______ ???&?????? (1728)
                      ______ ???&?????? (1724)
                      ______ ???&?????? (1344)
                      ______ C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (2092)
                      ______ ???&?????? (2392)
                      ______ C:\Users\Boneman\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (3128)
                      ______ ???&?????? (3384)
                      ______ C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe (3452)
                      ______ C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (3480)
                      ______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (3488)
                      ______ C:\Program Files (x86)\iTunes\iTunesHelper.exe (3520)
                      ______ C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe (3640)
                      ______ ???&?????? (3684)
                      ______ ???&?????? (3724)
                      ______ ???&?????? (3820)
                      ______ C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (3936)
                      ______ C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe (4048)
                      ______ C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (3572)
                      ______ ???&?????? (3212)
                      ______ ???&?????? (1588)
                      ______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (3632)
                      ______ C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (2520)
                      ______ C:\Program Files (x86)\IObit\Advanced SystemCare 5\Asc.exe (4896)
                      ______ ???&?????? (4956)
                      ______ C:\Program Files (x86)\Mozilla Firefox\firefox.exe (5020)
                      ______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4604)
                      Locked audiodg.exe (3860)
                      ______ C:\Users\Boneman\Desktop\Rooter.exe (5012)
                      .
                      ----------------------\\ Device\Harddisk0\
                      .
                      \Device\Harddisk0 [Sectors : 63 x 512 Bytes]
                      .
                      \Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:30014996480)
                      .
                      ----------------------\\ Scheduled Tasks
                      .
                      C:\Windows\Tasks\Adobe Flash Player Updater.job
                      C:\Windows\Tasks\RtlDashSrvStart.job
                      C:\Windows\Tasks\SA.DAT
                      C:\Windows\Tasks\SCHEDLGU.TXT
                      .
                      ----------------------\\ Registry
                      .
                      .
                      ----------------------\\ Files & Folders
                      .
                      ----------------------\\ Scan completed at 22:27.44
                      .
                      C:\Rooter$\Rooter_1.txt - (26/12/2011 | 22:27.44)

                      Comment


                      • #12
                        ESET Online Scan

                        Scan your computer with the ESET FREE Online Virus Scan

                        * Click the ESET Online Scanner button.

                        * For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
                        * Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
                        * Double click on the esetsmartinstaller_enu.exe icon on your desktop.
                        * Place a check mark next to YES, I accept the Terms of Use.

                        * Click the Start button.
                        * Accept any security warnings from your browser.
                        * Leave the check mark next to Remove found threats and place a check next to Scan archives.
                        * Click the Start button.
                        * ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
                        * When the scan completes, click List of found threats.
                        * Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
                        * Click the Back button then click Finish.

                        In your next reply please include the ESET Online Scan Log

                        Comment


                        • #13
                          ESETScan log

                          C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{794DBFF1-C02A-44C9-83BC-870F26A74964}-comon undone korn.mp3
                          a variant of WMA/TrojanDownloader.GetCodec.gen trojan
                          cleaned - quarantined
                          C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{2E1037EA-
                          038A-425F-86B9-6CD19B8497E9}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
                          C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-
                          14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
                          C:\Users\Boneman\Desktop\asc-setup.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined

                          Comment


                          • #14
                            How's your computer running now? Any other issues?

                            Comment


                            • #15
                              Dave, the computer is running good but yesterday afternoon IMF popped up an alert. I ran a full scan in IMF and it quarantined this again. "Misleading.WindowPolicePro, FILE, C:\Windows\system32\Macromed\Flash\mms.cfg,"
                              Also do I need to be concerned about the folder "C:\sh4ldr" that you asked me about in the beginning? Thanks for all your help with this.

                              Comment

                              Working...
                              X