Facebook   Twitter   Google+   YouTube Get FREE Online Help Free Download IObit Products  

Go Back   IObit.Com Forums > IObit Security Software > Spyware-Malware Removal Help!
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Spyware-Malware Removal Help! A separate area dedicated to virus, spyware, rootkit and all other forms of malware removal.

Reply
 
Thread Tools Display Modes
  #1  
Old Dec. 20th, 2011, 06:46
edat362007's Avatar
edat362007 edat362007 is offline
Junior Member
 
Join Date: 17 Apr 2011
Posts: 15
Default PolicePro picked up by Iobit Malware Fighter

Here are logs as instructed.

IObit Malware Fighter

OS: Windows 7
Version: 1.2.0.16
Define Version: 1088
Time Elapsed: 00:02:45
Objects Scanned: 52050
Threats Found: 1
Save Time: 12/19/2011 4:34:37 PM

|Name|Type|Description|ID|
Misleading.WindowPolicePro, FILE, C:\Windows\system32\Macromed\Flash\mms.cfg, 1009971

DDS Log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Boneman at 1:15:00 on 2011-12-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2409 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files (x86)\Realtek\RtkDashClientInstaller\RtkDashClient .exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Users\Boneman\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [SansaDispatch] C:\Users\Boneman\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Boneman\AppData\Roaming\MICROS~1\Windows\ STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: Interfaces\{0B9D6DAF-C53B-4283-9586-30D065D66211} : NameServer = 69.78.96.14 66.174.92.14
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
mRun-x64: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
mRun-x64: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Boneman\AppData\Roaming\Mozilla\Firefox\P rofiles\r6rbl1ew.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_20 2_95.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,BestVideoDownloader,BestVid eoDownloader,
FF - user.js: extentions.y2layers.installId - 0129782b-dc9f-42a3-8d8e-eaf5570bb570
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: security.csp.enable - false
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\sys tem32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-19 494424]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-7-4 820568]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-9 366152]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-17 2348864]
R2 NWVZHelper;Novatel Wireless Verizon Device Helper;C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-6-14 270848]
R2 RtDashPt;Realtek DASH Protocol Driver;C:\Windows\system32\DRIVERS\RtDashPt.sys --> C:\Windows\system32\DRIVERS\RtDashPt.sys [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-23 381248]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-10-29 20336]
R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system3 2\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\system32\DRIVERS\nvoclk64.sys --> C:\Windows\system32\DRIVERS\nvoclk64.sys [?]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);C:\Windows\system32\DRIVERS\nwusbmdm_000.sy s --> C:\Windows\system32\DRIVERS\nwusbmdm_000.sys [?]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);C:\Windows\system32\DRIVERS\nwusbser_000.sy s --> C:\Windows\system32\DRIVERS\nwusbser_000.sys [?]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);C:\Windows\system32\DRIVERS\nwusbser2_000.s ys --> C:\Windows\system32\DRIVERS\nwusbser2_000.sys [?]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2011-10-29 33184]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2011-10-29 21872]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPl ayerUpdateService.exe [2011-12-5 252064]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssflt r.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys --> C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsus bflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-20 06:52:34 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A53C6770-39A7-4298-858C-9562232B327F}\offreg.dll
2011-12-20 06:52:32 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A53C6770-39A7-4298-858C-9562232B327F}\mpengine.dll
2011-12-20 06:09:21 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-20 05:46:47 98816 ----a-w- C:\Windows\sed.exe
2011-12-20 05:46:47 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-20 05:46:47 256000 ----a-w- C:\Windows\PEV.exe
2011-12-20 05:46:47 208896 ----a-w- C:\Windows\MBR.exe
2011-12-19 23:36:39 -------- d-----w- C:\sh4ldr
2011-12-19 23:36:38 -------- d-----w- C:\Program Files\Enigma Software Group
2011-12-19 22:54:57 -------- d-----w- C:\Users\Boneman\AppData\Local\IM
2011-12-19 22:54:44 -------- d-----w- C:\ProgramData\IncrediMail
2011-12-19 22:54:44 -------- d-----w- C:\ProgramData\IM
2011-12-19 14:37:38 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-12-19 14:37:38 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-12-19 14:37:38 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-12-19 10:25:51 -------- d-----w- C:\Program Files\iTunes
2011-12-18 16:39:16 -------- d-----w- C:\Users\Boneman\AppData\Local\MPlayer
2011-12-18 11:40:36 -------- d-----w- C:\Users\Boneman\AppData\Local\Microsoft Games
2011-12-17 12:42:01 -------- d-----w- C:\Users\Boneman\AppData\Local\Apple Computer
2011-12-17 12:41:38 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-12-17 12:41:38 -------- d-----w- C:\Program Files\iPod
2011-12-17 12:41:38 -------- d-----w- C:\Program Files (x86)\iTunes
2011-12-17 12:40:51 -------- d-----w- C:\Users\Boneman\AppData\Local\Apple
2011-12-17 12:40:14 -------- d-----w- C:\Program Files\Bonjour
2011-12-17 12:40:14 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-12-17 07:00:24 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2011-12-14 03:08:52 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-14 03:08:43 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-14 03:08:43 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-14 03:08:30 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-14 02:54:00 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-14 02:54:00 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-14 00:19:52 4448256 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2011-12-12 02:15:29 -------- d-----w- C:\Users\Boneman\AppData\Roaming\SanDisk
2011-12-09 06:32:09 53248 ----a-r- C:\Users\Boneman\AppData\Roaming\Microsoft\Install er\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-12-09 06:04:22 -------- d-----w- C:\Users\Boneman\AppData\Roaming\Malwarebytes
2011-12-09 06:04:00 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-09 06:03:57 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-09 06:03:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-09 05:57:27 -------- d-----w- C:\Users\Boneman\AppData\Roaming\CBS Interactive
2011-12-07 00:26:05 -------- d-----w- C:\Program Files (x86)\Mplayer
2011-12-07 00:18:55 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2011-12-07 00:18:54 -------- d-----w- C:\ProgramData\W3i
2011-12-07 00:18:54 -------- d-----w- C:\Program Files (x86)\W3i
2011-12-05 15:17:25 -------- d-----w- C:\Users\Boneman\AppData\Roaming\Expert PDF 7
2011-12-05 11:19:38 -------- d-----w- C:\ProgramData\Movielink
2011-12-05 11:19:25 -------- d-----w- C:\Program Files (x86)\Blockbuster
2011-12-05 09:06:39 417952 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2011-12-05 09:04:14 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-05 09:04:14 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-05 09:04:14 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-05 09:04:14 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2011-12-05 05:25:26 -------- d-----w- C:\Users\Boneman\AppData\Roaming\GetRightToGo
2011-12-05 05:20:03 -------- d-----w- C:\Program Files (x86)\FileHippo.com
2011-12-04 19:19:23 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-12-04 19:18:58 -------- d-----w- C:\Program Files\DivX
2011-12-04 19:09:50 -------- d-----w- C:\Program Files (x86)\DivX
2011-12-04 19:08:03 -------- d-----w- C:\ProgramData\DivX
2011-12-04 19:02:47 -------- d-----w- C:\Users\Boneman\AppData\Local\Ilivid Player
2011-12-04 18:48:00 -------- dc-h--w- C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}
2011-12-04 18:47:50 -------- d-----w- C:\Program Files (x86)\iLivid
2011-12-04 18:45:23 -------- d-----w- C:\Users\Boneman\AppData\Local\PackageAware
2011-12-04 18:44:01 -------- d-----w- C:\ProgramData\Expert PDF Jobs
2011-12-04 18:44:01 -------- d-----w- C:\ProgramData\Expert PDF 7
2011-12-04 18:44:01 -------- d-----w- C:\ProgramData\Avanquest
2011-12-04 18:44:01 -------- d-----w- C:\Program Files (x86)\Avanquest
2011-12-04 18:31:37 696832 ----a-w- C:\Windows\System32\xvidcore.dll
2011-12-04 18:31:37 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2011-12-04 18:31:37 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
2011-12-04 18:31:37 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2011-12-04 18:31:37 173568 ----a-w- C:\Windows\System32\xvid.ax
2011-12-04 18:31:37 153088 ----a-w- C:\Windows\SysWow64\xvid.ax
2011-12-04 18:29:10 -------- d-----w- C:\Users\Boneman\.bitrock
2011-12-04 18:10:30 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2011-12-04 18:09:45 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-12-04 18:09:45 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-12-04 17:59:08 -------- d-----w- C:\Program Files (x86)\Xvid
2011-12-03 06:22:06 -------- d-----w- C:\Users\Boneman\AppData\Local\Oberon Media
2011-11-30 05:16:59 -------- d-----w- C:\Program Files (x86)\Common Files\Oberon Media
2011-11-30 04:39:12 -------- d-----w- C:\Users\Boneman\AppData\Roaming\Oberon Media
2011-11-30 04:03:21 -------- d-----w- C:\ProgramData\Oberon Media
2011-11-30 04:03:10 -------- d-----w- C:\Program Files (x86)\Oberon Media
2011-11-26 19:54:27 2562368 ----a-w- C:\Windows\System32\nvsvcr.dll
2011-11-26 19:51:50 14854464 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2011-11-24 01:29:36 406336 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-11-20 11:48:05 -------- d-----w- C:\ProgramData\Big Fish Games
2011-11-20 10:10:18 -------- d-----w- C:\ProgramData\PopCap Games
2011-11-20 10:10:18 -------- d-----w- C:\Program Files (x86)\PopCap Games
2011-11-20 09:46:30 660368 ----a-w- C:\Windows\System32\deployJava1.dll
.
==================== Find3M ====================
.
2011-12-12 02:32:03 69792 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 02:47:47 6004544 ----a-w- C:\Windows\System32\nvcpl.dll
2011-11-24 02:41:24 3028800 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-11-24 02:38:49 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-11-24 02:38:44 63296 ----a-w- C:\Windows\System32\nvshext.dll
2011-11-24 02:38:44 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2011-11-09 14:21:44 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2011-11-09 14:21:39 187200 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2011-11-09 14:21:39 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2011-11-09 05:16:19 13812256 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2011-11-05 10:02:35 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-20 05:10:14 22872 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2011-10-19 00:53:14 2957544 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2011-10-18 23:10:30 99432 ----a-w- C:\Windows\System32\RCoInst64.dll
2011-10-18 18:55:50 331880 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
2011-10-18 18:47:22 1914472 ----a-w- C:\Windows\System32\RtkApi64.dll
2011-10-18 16:05:00 2528872 ----a-w- C:\Windows\System32\RtPgEx64.dll
2011-10-17 22:30:38 3213928 ----a-w- C:\Windows\System32\RtkAPO64.dll
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 1:17:06.39 ===============
Reply With Quote
  #2  
Old Dec. 20th, 2011, 06:47
edat362007's Avatar
edat362007 edat362007 is offline
Junior Member
 
Join Date: 17 Apr 2011
Posts: 15
Default

Attach log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/3/2011 11:04:36 PM
System Uptime: 12/20/2011 12:48:30 AM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA770T-UD3P
Processor: AMD Phenom(tm) II X4 965 Processor | Socket M2 | 3400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 932 GiB total, 865.675 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 28 GiB total, 6.382 GiB free.
F: is FIXED (NTFS) - 37 GiB total, 36.966 GiB free.
G: is CDROM (CDFS)
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP174: 12/17/2011 2:17:13 AM - 12-17-11
RP175: 12/17/2011 2:20:18 AM - Device Driver Package Install: NVIDIA Display adapters
RP176: 12/17/2011 6:40:53 AM - Installed iTunes
RP177: 12/18/2011 10:19:16 AM - Restore Operation
RP178: 12/18/2011 5:48:02 PM - Installed Perfect Attorney - Forms
RP179: 12/18/2011 5:49:01 PM - Installed Perfect Attorney - Forms
RP180: 12/18/2011 5:54:53 PM - Installed Perfect Attorney - Tutorials
RP181: 12/18/2011 5:57:46 PM - Installed Perfect Attorney - Federal
RP182: 12/18/2011 6:01:37 PM - Installed Perfect Attorney - Business
RP183: 12/18/2011 6:03:37 PM - Installed Perfect Attorney - Divorce & Video
RP184: 12/18/2011 6:22:04 PM - IObit Uninstaller restore point
RP185: 12/18/2011 7:00:04 PM - Windows Backup
RP186: 12/18/2011 10:14:46 PM - Windows Update
RP187: 12/19/2011 4:25:23 AM - Installed iTunes
RP188: 12/19/2011 7:32:42 AM - Restore Operation
RP189: 12/19/2011 8:36:45 AM - Installed iTunes
RP190: 12/19/2011 4:54:17 PM - Installed IncrediMail.
RP191: 12/19/2011 5:35:47 PM - Installed SpyHunter
RP192: 12/19/2011 6:23:56 PM - IObit Uninstaller restore point
RP193: 12/19/2011 6:24:11 PM - Removed SpyHunter
RP194: 12/20/2011 12:13:57 AM - IObit Uninstaller restore point
RP195: 12/20/2011 12:14:41 AM - Removed IncrediMail.
RP196: 12/20/2011 12:34:42 AM - IObit Uninstaller restore point
.
==== Installed Programs ======================
.
Adobe Reader X (10.1.1)
Advanced SystemCare 5
AMD System Monitor
Apple Application Support
Apple Software Update
Bandicam
Bandisoft MPEG-1 Decoder
Bejeweled 2
Bejeweled 2 Deluxe
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Call of Duty: Modern Warfare 2 - Multiplayer
CNET TechTracker
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Driver Whiz
eReg
Expert PDF 7 Reader
FileHippo.com Update Checker
Game Booster 3
iLivid
InstallIQ Updater
Internet TV for Windows Media Center
IObit Malware Fighter
Junk Mail filter update
LastPass (uninstall only)
Malwarebytes' Anti-Malware version 1.51.2.1300
Messenger Companion
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 9.0 (x86 en-US)
Mplayer 0.6.9
MSI Afterburner 2.1.0
MSVCRT
MSVCRT_amd64
Netflix in Windows Media Center
NVIDIA 3D Vision Controller Driver
NVIDIA Performance
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA System Monitor
NVIDIA System Update
Picasa 3
Razer Lycosa
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
RtkDashClientInstaller
Sansa Updater
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
SIW version 2011.10.29
Skype Click to Call
Skype™ 5.7
Smart Defrag 2
Steam
System Requirements Lab
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VC80CRTRedist - 8.0.50727.6195
Verizon Mobile Broadband Drivers
Verizon Wireless USB760 Firmware Updates
VZAccess Manager
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
12/20/2011 12:50:08 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/20/2011 12:47:39 AM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 5 service terminated unexpectedly. It has done this 1 time(s).
12/19/2011 9:02:55 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{ba905d59-a601-11e0-8e8d-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{C1C4BD41-BAF8-4E18-A3D4-02095E6E66D7}' was corrupted and it has been recovered. Some data might have been lost.
12/19/2011 9:02:36 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{ba905d59-a601-11e0-8e8d-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{9338A5B5-C412-4A1D-8E23-76B3D7A3869B}' was corrupted and it has been recovered. Some data might have been lost.
12/19/2011 9:02:31 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{ba905d59-a601-11e0-8e8d-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{E6D457AF-66AD-44E7-BCEE-37E2F66788B4}' was corrupted and it has been recovered. Some data might have been lost.
12/19/2011 9:02:28 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{ba905d59-a601-11e0-8e8d-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{EF00FE70-A719-47D3-A9E2-28FE99B65A30}' was corrupted and it has been recovered. Some data might have been lost.
12/19/2011 8:36:42 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/19/2011 8:34:22 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
12/19/2011 7:45:27 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1260.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/19/2011 7:35:19 AM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
12/19/2011 4:16:32 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/19/2011 11:51:56 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/19/2011 11:51:32 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/18/2011 9:05:10 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1260.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/18/2011 8:55:32 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/18/2011 4:34:48 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1260.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/18/2011 4:25:05 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/18/2011 2:31:58 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/18/2011 10:37:40 AM, Error: Service Control Manager [7000] - The atillk64 service failed to start due to the following error: The system cannot find the file specified.
12/18/2011 10:37:40 AM, Error: Service Control Manager [7000] - The atidgllk service failed to start due to the following error: The system cannot find the file specified.
12/18/2011 10:36:48 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1260.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/18/2011 1:03:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1260.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/17/2011 9:37:39 PM, Error: Service Control Manager [7024] - The Power service terminated with service-specific error The operation completed successfully..
12/17/2011 6:25:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
12/17/2011 6:25:16 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/17/2011 5:08:45 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {A483C63A-CDBC-426E-BF93-872502E8144E}. The error: "740" Happened while starting this command: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 2_202_95_ActiveX.exe -Embedding
12/17/2011 5:02:43 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121711-21840-01.
12/17/2011 3:54:55 PM, Error: RasMan [20276] - CoId={72B6795C-ECF8-4E9E-9B16-88EE87981815}: Layer=PPP: SubLayer=LCP: The connection attempt failed on port: COM4 because of the authentication protocol selected. Check to see if the authentication protocol is supported in the operating systems at the client and server ends of the connection
12/16/2011 6:08:55 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\UpdatusUser\ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.
12/16/2011 6:07:04 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/16/2011 3:49:10 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/16/2011 11:10:46 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {A483C63A-CDBC-426E-BF93-872502E8144E}. The error: "740" Happened while starting this command: C:\Windows\system32\Macromed\Flash\FlashUtil64_11_ 2_202_95_ActiveX.exe -Embedding
12/15/2011 6:38:42 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/13/2011 8:08:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/13/2011 1:16:08 AM, Error: RasMan [20276] - CoId={9E937857-85DD-4136-BD67-E9AD37B9A633}: Layer=PPP: SubLayer=LCP: The connection attempt failed on port: COM4 because of the authentication protocol selected. Check to see if the authentication protocol is supported in the operating systems at the client and server ends of the connection
.
==== End Of File ===========================
Reply With Quote
  #3  
Old Dec. 20th, 2011, 18:12
Superdave's Avatar
Superdave Superdave is offline
Malware Fighter
 
Join Date: 07 Mar 2010
Posts: 808
Default

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
************************************************** ***********
Did you create this folder or do you know what it's for?
Code:
C:\sh4ldr
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
************************************************** ***

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************


Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Reply With Quote
  #4  
Old Dec. 20th, 2011, 20:41
enoskype's Avatar
enoskype enoskype is offline
Mediator®
 
Join Date: 27 Oct 2006
Posts: 10,277
Default

Hi Superdave,

Misleading.WindowPolicePro, FILE, C:\Windows\system32\Macromed\Flash\mms.cfg, 1009971


mms.cfg found by IMF may well be a false positive, as in all the PCs with IMF I have seen (even with db 1089), most resent flash mms.cfg file is flagged as a malware.

Cheers.
__________________
enoskype

- Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -
Reply With Quote
  #5  
Old Dec. 21st, 2011, 00:50
Melvin_Deal's Avatar
Melvin_Deal Melvin_Deal is offline
Malware Advisor Moderator
 
Join Date: 06 Jul 2009
Posts: 2,937
Default Hello edat362007, SuperDave, and Enoskype!

The IMF possible false positive really doesn't matter as DDS indicates a few problems anyway and the machine should be put through the process of cleaning.

Sincerely,
-Mel
Live long and prosper!

To edat362007. Welcome to Iobit forum!! Please follow all of SuperDaves instructions exactly as he posts them!

To Enoskype: Thank you for your diligence! The varient of WindowPolicePro (known malware does not insert this... it is part of the flash system and is indeed a FP).
__________________



Last edited by Melvin_Deal : Dec. 21st, 2011 at 01:10.
Reply With Quote
  #6  
Old Dec. 21st, 2011, 02:30
edat362007's Avatar
edat362007 edat362007 is offline
Junior Member
 
Join Date: 17 Apr 2011
Posts: 15
Default

Hello, Dave, Enoskype, and Melvin. Thanks for the welcome and taking your time to help me with this issue.

"Did you create this folder or do you know what it's for?
Code:

C:\sh4ldr". No I did not and I have no idea what it is for.

Results of screen317's Security Check version 0.99.29
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Adobe Reader X (10.1.1)
Mozilla Firefox (9.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
IObit IObit Malware Fighter IMFsrv.exe
Microsoft Security Client Antimalware NisSrv.exe
IObit IObit Malware Fighter IMF.exe
``````````End of Log````````````

I just finished downloading the other 2 you told me to and I am running them after I post this reply.
Quote:
Originally Posted by Melvin_Deal View Post
The IMF possible false positive really doesn't matter as DDS indicates a few problems anyway and the machine should be put through the process of cleaning.:-)

Sincerely,
-Mel
Live long and prosper!

To edat362007. Welcome to Iobit forum!! Please follow all of SuperDaves instructions exactly as he posts them!:wink:

To Enoskype: Thank you for your diligence! The varient of WindowPolicePro (known malware does not insert this... it is part of the flash system and is indeed a FP).
I have been reading the forums a lot lately and have seen your 3 names quite a bit and I must say you guys rock. I will follow Dave's instructions to the letter and look forward to learning something here.
Reply With Quote
  #7  
Old Dec. 21st, 2011, 04:20
edat362007's Avatar
edat362007 edat362007 is offline
Junior Member
 
Join Date: 17 Apr 2011
Posts: 15
Default Here are the other 2 logs

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/20/2011 at 10:51 PM

Application Version : 5.0.1142

Core Rules Database Version : 8076
Trace Rules Database Version: 5888

Scan type : Complete Scan
Total Scan Time : 00:31:44

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 580
Memory threats detected : 0
Registry items scanned : 74315
Registry threats detected : 0
File items scanned : 132300
File threats detected : 2

Adware.Tracking Cookie
C:\USERS\MRS. BONEMAN\AppData\Roaming\Microsoft\Windows\Cookies\ H25H54XI.txt [ Cookie:mrs. boneman@2o7.net/ ]
C:\USERS\MRS. BONEMAN\Cookies\H25H54XI.txt [ Cookie:mrs. boneman@2o7.net/ ]

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122102

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/20/2011 10:07:26 PM
mbam-log-2011-12-20 (22-07-26).txt

Scan type: Full scan (C:\|E:\|F:\|)
Objects scanned: 330576
Time elapsed: 23 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Reply With Quote
  #8  
Old Dec. 21st, 2011, 18:01
Superdave's Avatar
Superdave Superdave is offline
Malware Fighter
 
Join Date: 07 Mar 2010
Posts: 808
Default

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
Reply With Quote
  #9  
Old Dec. 26th, 2011, 00:26
edat362007's Avatar
edat362007 edat362007 is offline
Junior Member
 
Join Date: 17 Apr 2011
Posts: 15
Default ComboFix report

ComboFix 11-12-25.01 - Boneman 12/25/2011 19:01:32.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2724 [GMT -6:00]
Running from: c:\users\Boneman\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-26 to 2011-12-26 )))))))))))))))))))))))))))))))
.
.
2011-12-26 01:05 . 2011-12-26 01:05 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DDC4972-1170-45A8-BF9A-88B6B669C117}\offreg.dll
2011-12-26 01:05 . 2011-12-26 01:05 -------- d-----w- c:\users\Mrs. Boneman\AppData\Local\temp
2011-12-26 01:05 . 2011-12-26 01:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-26 00:41 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DDC4972-1170-45A8-BF9A-88B6B669C117}\mpengine.dll
2011-12-21 18:21 . 2011-12-21 18:21 -------- d-----w- c:\users\Mrs. Boneman\vw
2011-12-21 18:20 . 2011-12-21 18:20 -------- d-----w- c:\users\Mrs. Boneman\MyConnection PC
2011-12-21 18:19 . 2011-12-21 18:19 -------- d-----w- c:\users\Mrs. Boneman\AppData\Roaming\SUPERAntiSpyware.com
2011-12-21 05:30 . 2011-12-21 05:30 -------- d-----w- c:\users\Boneman\vw
2011-12-21 05:30 . 2011-12-21 05:30 -------- d-----w- c:\users\Boneman\MyConnection PC
2011-12-21 05:30 . 2011-12-21 05:30 -------- d-----w- c:\program files (x86)\MyConnection PC
2011-12-21 05:29 . 2004-12-07 03:31 49265 ----a-w- c:\windows\SysWow64\jpicpl32.cpl
2011-12-21 05:28 . 2011-12-21 05:28 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-21 04:13 . 2011-12-21 04:13 -------- d-----w- c:\users\Boneman\AppData\Roaming\SUPERAntiSpyware. com
2011-12-21 04:11 . 2011-12-21 04:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-21 04:11 . 2011-12-21 04:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-19 23:36 . 2011-12-20 00:24 -------- d-----w- C:\sh4ldr
2011-12-19 22:55 . 2011-12-19 23:03 -------- d-----w- c:\users\Mrs. Boneman\AppData\Local\IM
2011-12-19 22:54 . 2011-12-20 04:45 -------- d-----w- c:\users\Boneman\AppData\Local\IM
2011-12-19 22:54 . 2011-12-19 22:56 -------- d-----w- c:\programdata\IM
2011-12-19 22:54 . 2011-12-19 22:54 -------- d-----w- c:\programdata\IncrediMail
2011-12-19 14:37 . 2009-05-18 19:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-19 14:37 . 2008-04-17 18:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-12-17 12:41 . 2011-12-19 10:25 -------- d-----w- c:\program files\iPod
2011-12-17 12:41 . 2011-12-19 10:25 -------- d-----w- c:\programdata\Apple Computer
2011-12-17 12:41 . 2011-12-17 12:41 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-12-17 12:40 . 2011-12-17 12:40 -------- d-----w- c:\users\Boneman\AppData\Local\Apple
2011-12-17 12:40 . 2011-12-17 12:40 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-12-17 12:40 . 2011-12-17 12:40 -------- d-----w- c:\program files\Common Files\Apple
2011-12-17 12:40 . 2011-12-17 12:40 -------- d-----w- c:\program files\Bonjour
2011-12-17 12:40 . 2011-12-17 12:40 -------- d-----w- c:\program files (x86)\Bonjour
2011-12-17 12:40 . 2011-12-17 12:40 -------- d-----w- c:\programdata\Apple
2011-12-17 12:40 . 2011-12-17 12:40 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-12-17 08:22 . 2011-12-25 21:59 -------- d-----w- c:\users\UpdatusUser
2011-12-17 07:00 . 2011-12-17 07:00 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-14 03:08 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 03:08 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 03:08 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-14 03:08 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 02:54 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 02:54 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 00:19 . 2011-12-14 00:19 4448256 ----a-w- c:\windows\SysWow64\GPhotos.scr
2011-12-12 02:15 . 2011-12-12 02:15 -------- d-----w- c:\users\Boneman\AppData\Roaming\SanDisk
2011-12-09 16:26 . 2011-12-09 16:26 -------- d-----w- c:\users\Mrs. Boneman\AppData\Roaming\Malwarebytes
2011-12-09 06:32 . 2011-12-09 06:32 53248 ----a-r- c:\users\Boneman\AppData\Roaming\Microsoft\Install er\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-12-09 06:04 . 2011-12-09 06:04 -------- d-----w- c:\users\Boneman\AppData\Roaming\Malwarebytes
2011-12-09 06:04 . 2011-12-09 06:04 -------- d-----w- c:\programdata\Malwarebytes
2011-12-09 06:03 . 2011-12-09 06:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-09 06:03 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 05:57 . 2011-12-09 05:57 -------- d-----w- c:\users\Boneman\AppData\Roaming\CBS Interactive
2011-12-07 00:18 . 2011-12-07 00:18 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2011-12-07 00:18 . 2011-12-07 00:18 -------- d-----w- c:\programdata\W3i
2011-12-07 00:18 . 2011-12-07 00:18 -------- d-----w- c:\program files (x86)\W3i
2011-12-05 15:17 . 2011-12-05 15:17 -------- d-----w- c:\users\Boneman\AppData\Roaming\Expert PDF 7
2011-12-05 11:19 . 2011-12-05 11:19 -------- d-----w- c:\programdata\Movielink
2011-12-05 11:19 . 2011-12-05 15:38 -------- d-----w- c:\program files (x86)\Blockbuster
2011-12-05 09:10 . 2011-12-05 09:10 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-12-05 09:06 . 2011-12-12 02:32 417952 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2011-12-05 09:04 . 2011-12-16 09:50 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-05 09:04 . 2011-12-10 01:40 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-05 09:04 . 2011-12-10 01:40 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-05 09:04 . 2011-12-10 01:40 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-05 05:25 . 2011-12-17 06:31 -------- d-----w- c:\users\Boneman\AppData\Roaming\GetRightToGo
2011-12-05 05:20 . 2011-12-05 05:20 -------- d-----w- c:\program files (x86)\FileHippo.com
2011-12-04 19:19 . 2011-12-05 09:47 -------- d-----w- c:\users\Boneman\AppData\Roaming\DivX
2011-12-04 19:19 . 2011-12-06 04:45 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-12-04 19:09 . 2011-12-06 04:45 -------- d-----w- c:\program files (x86)\DivX
2011-12-04 19:02 . 2011-12-04 19:02 -------- d-----w- c:\users\Boneman\AppData\Local\Ilivid Player
2011-12-04 18:45 . 2011-12-04 18:45 -------- d-----w- c:\users\Boneman\AppData\Local\PackageAware
2011-12-04 18:44 . 2011-12-04 18:44 -------- d-----w- c:\program files (x86)\Avanquest
2011-12-04 18:29 . 2011-12-04 18:29 -------- d-----w- c:\users\Boneman\.bitrock
2011-12-04 18:10 . 2011-12-04 18:10 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2011-12-04 18:09 . 2011-12-04 18:09 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-12-04 18:09 . 2011-12-04 18:09 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-12-03 06:22 . 2011-12-05 16:27 -------- d-----w- c:\users\Boneman\AppData\Local\Oberon Media
2011-11-30 05:17 . 2011-11-30 05:17 -------- d-----w- c:\users\Mrs. Boneman\AppData\Local\Oberon Media
2011-11-30 05:16 . 2011-11-30 05:17 -------- d-----w- c:\program files (x86)\Common Files\Oberon Media
2011-11-30 04:39 . 2011-11-30 17:16 -------- d-----w- c:\users\Boneman\AppData\Roaming\Oberon Media
2011-11-30 04:03 . 2011-11-30 05:21 -------- d-----w- c:\programdata\Oberon Media
2011-11-30 04:03 . 2011-12-06 04:01 -------- d-----w- c:\program files (x86)\Oberon Media
2011-11-30 03:44 . 2011-11-30 05:19 -------- d-----w- c:\users\Mrs. Boneman\AppData\Roaming\Oberon Media
2011-11-26 19:54 . 2011-11-24 02:38 2562368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-11-26 19:51 . 2011-11-24 04:59 14854464 ----a-w- c:\windows\SysWow64\nvd3dum.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-12-17 07:00 . 2011-11-20 09:46 660368 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-12 02:32 . 2011-07-04 09:11 69792 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:59 . 2011-11-05 07:10 7677248 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-11-24 04:59 . 2011-11-05 07:10 1726272 ----a-w- c:\windows\system32\nvdispco64.dll
2011-11-24 04:59 . 2011-11-05 07:10 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2011-11-24 04:59 . 2011-08-02 06:24 9622848 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-11-24 04:59 . 2011-08-02 06:24 2403136 ----a-w- c:\windows\system32\nvapi64.dll
2011-11-24 04:59 . 2011-08-02 06:24 2095424 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-11-24 02:47 . 2011-08-02 06:25 6004544 ----a-w- c:\windows\system32\nvcpl.dll
2011-11-24 02:41 . 2011-08-02 06:25 3028800 ----a-w- c:\windows\system32\nvsvc64.dll
2011-11-24 02:38 . 2011-08-02 06:25 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2011-11-24 02:38 . 2011-08-02 06:25 63296 ----a-w- c:\windows\system32\nvshext.dll
2011-11-24 02:38 . 2011-08-02 06:25 118080 ----a-w- c:\windows\system32\nvmctray.dll
2011-11-24 01:29 . 2011-11-24 01:29 406336 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-11-21 11:40 . 2011-07-04 15:09 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-09 05:16 . 2011-11-09 05:16 13812256 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2011-11-05 10:02 . 2011-07-04 07:29 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-10-20 05:10 . 2011-11-20 04:00 22872 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-10-19 00:53 . 2011-11-05 11:54 2957544 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2011-10-18 23:10 . 2011-11-05 11:54 99432 ----a-w- c:\windows\system32\RCoInst64.dll
2011-10-18 18:55 . 2011-11-05 11:54 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2011-10-18 18:47 . 2011-11-05 11:54 1914472 ----a-w- c:\windows\system32\RtkApi64.dll
2011-10-18 16:05 . 2011-11-05 11:54 2528872 ----a-w- c:\windows\system32\RtPgEx64.dll
2011-10-17 22:30 . 2011-11-05 11:54 3213928 ----a-w- c:\windows\system32\RtkAPO64.dll
2011-10-04 22:22 . 2011-10-15 22:58 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{986866F6-04DA-47F4-94A0-851A2A3DA9D2}\gapaengine.dll
2011-09-29 16:29 . 2011-11-09 05:17 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-20_05.54.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-21 05:29 . 2004-12-07 02:04 49250 c:\windows\SysWOW64\javaw.exe
+ 2011-12-21 05:29 . 2004-12-07 02:04 49248 c:\windows\SysWOW64\java.exe
+ 2011-07-04 04:20 . 2011-12-25 21:50 45434 c:\windows\system32\wdi\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-25 21:50 33164 c:\windows\system32\wdi\BootPerformanceDiagnostics _SystemData.bin
- 2011-07-04 05:55 . 2011-12-05 18:52 16384 c:\windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-04 05:55 . 2011-12-23 00:24 16384 c:\windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-23 00:24 . 2011-12-23 00:24 32768 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-04 05:55 . 2011-12-05 18:52 32768 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-05 18:52 16384 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-07-14 04:54 . 2011-12-23 00:24 16384 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2011-07-11 21:37 . 2011-12-22 00:27 3280 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-07-11 21:37 . 2011-11-27 19:01 3280 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-11-07 05:38 . 2011-12-25 13:46 5176 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-954268748-191027934-3546955144-1006_UserData.bin
+ 2011-07-04 04:17 . 2011-12-25 21:50 8794 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-954268748-191027934-3546955144-1000_UserData.bin
- 2011-12-20 05:53 . 2011-12-20 05:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2011-12-26 01:05 . 2011-12-26 01:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2011-12-26 01:05 . 2011-12-26 01:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2011-12-20 05:53 . 2011-12-20 05:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2011-12-21 05:29 . 2004-12-07 03:31 127078 c:\windows\SysWOW64\javaws.exe
+ 2011-07-06 01:22 . 2011-12-25 21:16 314578 c:\windows\system32\wdi\SuspendPerformanceDiagnost ics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2011-12-22 03:48 659832 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-19 20:23 659832 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-19 20:23 120522 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-12-22 03:48 120522 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2011-12-26 01:05 317292 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat
- 2009-07-14 05:01 . 2011-12-20 05:52 317292 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat
+ 2011-12-21 05:27 . 2011-12-21 05:27 180224 c:\windows\Installer\118622.msi
+ 2011-10-12 02:22 . 2011-12-22 20:23 9250483 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-954268748-191027934-3546955144-1006-8192.dat
+ 2011-07-04 08:02 . 2011-12-26 01:05 21640536 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-954268748-191027934-3546955144-1000-8192.dat
+ 2011-07-04 08:53 . 2011-12-21 05:08 15460580 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-954268748-191027934-3546955144-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-17 619352]
"SansaDispatch"="c:\users\Boneman\AppData\Roaming\ SanDisk\Sansa Updater\SansaDispatch.exe" [2011-12-12 79872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"Lycosa"="c:\program files (x86)\Razer\Razer Lycosa\razerhid.exe" [2011-03-22 233984]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2011-10-08 4441944]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-12-04 296056]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\users\Boneman\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPl ayerUpdateService.exe [2011-12-12 252064]
R3 atillk64;atillk64; [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-01-10 4925184]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-09-20 33184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-09-20 21872]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-10-08 20336]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\Sys tem32\Drivers\SmartDefragDriver.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-17 494424]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-10-08 820568]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-11-24 2348864]
S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]
S2 RtDashPt;Realtek DASH Protocol Driver;c:\windows\system32\DRIVERS\RtDashPt.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-24 381248]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [x]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sy s [x]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sy s [x]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.s ys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2011-12-05 02:32]
.
2011-12-26 c:\windows\Tasks\RtlDashSrvStart.job
- c:\program files (x86)\Realtek\RtkDashClientInstaller\RtkDashClient .exe [2011-09-22 21:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Boneman\AppData\Roaming\Mozilla\Firefox\P rofiles\r6rbl1ew.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,BestVideoDownloader,BestVid eoDownloader,
FF - user.js: extentions.y2layers.installId - 0129782b-dc9f-42a3-8d8e-eaf5570bb570
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: security.csp.enable - false
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-954268748-191027934-3546955144-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-954268748-191027934-3546955144-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_11_2_202_95_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_11_2_202_95_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_2_202_95.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_2_202_95.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_2_202_95.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_2_202_95.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\ Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\ Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\ Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
.
************************************************** ************************
.
Completion time: 2011-12-25 19:11:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-26 01:11
ComboFix2.txt 2011-12-20 05:58
.
Pre-Run: 929,106,931,712 bytes free
Post-Run: 928,660,074,496 bytes free
.
- - End Of File - - F56BA6362EC8F8939A3CABD810F48145
Reply With Quote
  #10  
Old Dec. 26th, 2011, 01:29
Superdave's Avatar
Superdave Superdave is offline
Malware Fighter
 
Join Date: 07 Mar 2010
Posts: 808
Default

Please download Rooter and Save it to your desktop.
  • Double click it to start the tool.Vista and Windows7 run as administrator.
  • Click Scan.
  • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Get FREE Online Help



Free Download IObit Products




Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
IObit Malware Fighter latest OFFLINE DATABASE enoskype NEWS & OFFERS 292 Jul. 18th, 2014 11:10
IMF IObit Malware Fighter βeta 2.0 available! enoskype NEWS & OFFERS 1 Apr. 9th, 2011 12:12
IMF IObit Malware Fighter 1.1 βeta available! enoskype NEWS & OFFERS 0 Jan. 30th, 2011 13:02
IObit Malware Fighter 1.0 Beta zer0ne IMF IObit Malware Fighter v1 57 Jan. 28th, 2011 07:26
IMF IObit Malware Fighter 1.0 Beta available! enoskype NEWS & OFFERS 2 Dec. 28th, 2010 14:43


All times are GMT +0. The time now is 09:51.


Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.