HarryMonster

P.S. Now have SpywareBlaster and WOT. Found the likely source of my infection -- went to sites to find song lyrics. There are a lot of bad ones! Now I know and will stay away from those. - = M = -

Thanks again, Screen317 I do have the Pro version of MBAM -- not sure how something got past it, but it ended up that I couldn't get it into Protection Mode. It's there now and I will always doublecheck to see the protection is on and working before I surf anywhere in the future. I also got the Secunia Personal Software Inspector -- what a great program! Showed me that a couple of my apps were not up to date. I'll definitely check out SpywareBlaster and WOT. Best regards, - = M = -

I think things are running great now. As you requested, I ran TFC... it took about 10 seconds, removed 18MB of stuff, then rebooted my computer. No troubles. I did the online ESET which took longer, nearly half an hour. It didn't find any problems. The text file is below. Finally, I did your security check. I think I have a clean bill of health, except it noted I had UAC turned off while I ran these tests. Thanks again! ESET text: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=7ddab9427b5d414c94bd918d07a4d623 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-10 12:36:59 # local_time=2012-07-09 08:36:59 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 101073 93422566 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=121723 # found=0 # cleaned=0 # scan_time=1503 Security Check text: Results of screen317's Security Check version 0.99.42 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (3.0.0.2004) Malwarebytes Anti-Malware version 1.61.0.1400 JavaFX 2.1.1 Java 7 Update 5 Adobe Reader X (10.1.3) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe WinPatrol winpatrol.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe BillP Studios WinPatrol WinPatrol.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` The End

Dear Screen317 I do thank you for all your time and trouble. Please consider this topic closed out as I have now managed to get everything working again. After getting rid of all the viruses, I ended up completely uninstalling MBAM, deleting the user folder with MBAM info in it, then reinstalling it from a CNET link I found elsewhere in these forums. For some reason, installing it from the disk I bought was causing problems... MBAM evidently had trouble updating itself to a newer version (1.6) from what was on the disk. Once I downloaded the version from CNET, MBAM updated smoothly, the scheduler came back on, and Protection Mode is now working without errors. I'm very relieved. I also have resolved the other problems my PC was having and can now use the Windows Update, etc. These forums are a terrific resource and your efforts to help people struggling with computer problems are sincerely appreciated! Sincerely yours with gratitude, - = M = -

Signing off for tonight. Hope to hear back tomorrow. Thanks again for your help. - = M = -

Per instructions, Disabled RealTime Protection on Microsoft Security Essentials and turned off Windows Firewall. Text from Combofix and DDS are below ComboFix 12-07-08.01 - Monster 07/08/2012 18:46:27.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16301.14037 [GMT -4:00] Running from: c:\users\Monster\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-06-08 to 2012-07-08 ))))))))))))))))))))))))))))))) . . 2012-07-08 22:48 . 2012-07-08 22:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-07-08 22:48 . 2012-07-08 22:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-08 14:12 . 2012-07-08 14:12 399264 ----a-w- c:\windows\unhide.exe 2012-07-08 06:23 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A6299D83-BF4D-4C7C-91E3-A652088CC8B2}\mpengine.dll 2012-07-08 04:20 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-08 04:11 . 2012-07-08 04:11 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-08 04:10 . 2012-07-08 04:10 116016 ----a-w- c:\windows\system32\drivers\89452384.sys 2012-07-08 03:33 . 2012-07-08 03:33 -------- d-----w- c:\program files (x86)\Oracle 2012-07-08 03:33 . 2012-05-04 23:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-07-08 03:32 . 2012-07-08 03:32 -------- d-----w- c:\programdata\McAfee 2012-07-08 01:21 . 2012-07-08 01:21 -------- d-----w- c:\programdata\Kaspersky Lab 2012-07-07 23:18 . 2012-07-07 23:19 -------- d-----w- c:\windows\msdownld.tmp 2012-07-07 20:54 . 2012-07-07 20:54 -------- d-----w- c:\users\Monster\AppData\Roaming\Malwarebytes 2012-07-07 20:54 . 2012-07-07 20:54 -------- d-----w- c:\programdata\Malwarebytes 2012-07-07 20:54 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2012-07-07 20:54 . 2012-07-07 20:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-06 03:31 . 2012-07-06 03:31 -------- d-----w- c:\users\Monster\AppData\Local\Apple Computer 2012-07-06 03:30 . 2012-07-07 03:39 -------- d-----w- c:\users\Monster\AppData\Roaming\Apple Computer 2012-07-06 03:29 . 2012-07-06 03:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-07-06 03:29 . 2012-07-06 03:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-07-06 03:29 . 2012-07-06 03:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-07-06 03:29 . 2012-07-06 03:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-07-06 03:29 . 2012-07-06 03:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-07-06 03:29 . 2012-07-06 03:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-07-06 03:29 . 2012-07-06 03:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-07-06 03:29 . 2012-07-07 20:07 -------- d-----w- c:\programdata\Apple Computer 2012-07-06 03:29 . 2012-07-07 20:07 -------- d-----w- c:\program files (x86)\QuickTime 2012-07-06 03:28 . 2012-07-07 20:00 -------- d-----w- c:\program files (x86)\Common Files\Apple 2012-07-06 03:28 . 2012-07-06 03:28 -------- d-----w- c:\users\Monster\AppData\Local\Apple 2012-07-06 03:28 . 2012-07-07 20:07 -------- d-----w- c:\programdata\Apple 2012-07-06 03:28 . 2012-07-07 20:07 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-07-03 22:17 . 2012-02-10 07:05 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9E06D002-0A74-4578-88D3-B1C494A35956}\gapaengine.dll 2012-06-27 05:57 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-27 05:57 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-27 05:57 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-27 05:57 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-27 05:57 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-27 05:57 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-27 05:57 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-27 05:56 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-27 05:56 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-13 13:10 . 2012-07-07 20:03 -------- d-----w- c:\programdata\Battle.net 2012-06-13 05:35 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-06-13 05:35 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-06-13 05:23 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-12 00:51 . 2012-06-12 00:51 428392 ----a-w- c:\windows\SysWow64\nvStreaming.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-08 22:49 . 2011-09-09 22:52 25640 ----a-w- c:\windows\gdrv.sys 2012-06-12 06:26 . 2012-05-23 11:40 15282024 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-06-12 06:26 . 2012-03-24 02:22 60776 ----a-w- c:\windows\system32\OpenCL.dll 2012-06-12 06:26 . 2012-03-24 02:22 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-06-12 06:26 . 2012-02-08 06:07 968552 ----a-w- c:\windows\system32\nvumdshimx.dll 2012-06-12 06:26 . 2012-02-08 06:07 247144 ----a-w- c:\windows\system32\nvinitx.dll 2012-06-12 06:26 . 2012-02-08 06:07 202600 ----a-w- c:\windows\SysWow64\nvinit.dll 2012-06-12 06:26 . 2011-11-03 23:19 1758056 ----a-w- c:\windows\system32\nvdispco64.dll 2012-06-12 06:26 . 2011-09-07 20:22 2719592 ----a-w- c:\windows\system32\nvapi64.dll 2012-06-12 06:26 . 2011-05-21 10:01 2418024 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-06-12 06:26 . 2011-05-21 10:01 14744424 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-06-12 02:30 . 2012-02-08 06:08 2653573 ----a-w- c:\windows\system32\nvcoproc.bin 2012-06-12 02:29 . 2011-01-08 00:49 3264360 ----a-w- c:\windows\system32\nvsvc64.dll 2012-06-12 02:29 . 2011-01-08 00:50 6189928 ----a-w- c:\windows\system32\nvcpl.dll 2012-06-12 02:28 . 2011-01-08 00:49 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-06-12 02:28 . 2011-01-08 00:49 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-06-12 02:28 . 2011-01-08 00:49 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-06-11 12:22 . 2012-03-31 13:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-11 12:22 . 2011-09-08 04:23 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-21 07:34 . 2011-12-04 18:30 1468264 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2012-05-15 10:48 . 2012-05-23 11:40 364352 ----a-w- c:\windows\system32\nvdecodemft.dll 2012-05-15 10:48 . 2012-05-23 11:40 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll 2012-05-15 10:48 . 2011-11-03 23:19 1468224 ----a-w- c:\windows\system32\nvgenco64.dll 2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts . . ((((((((((((((((((((((((((((( SnapShot@2012-07-08_03.19.10 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-07-08 03:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-07-08 22:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-07-08 03:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-07-08 22:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-07-08 22:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-07-08 03:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-11-21 03:09 . 2012-07-08 05:35 38872 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-07-08 14:18 38152 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2011-09-07 19:50 . 2012-07-08 02:41 7300 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1370678217-2648053772-1350857106-1000_UserData.bin + 2011-09-07 19:50 . 2012-07-08 14:18 7300 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1370678217-2648053772-1350857106-1000_UserData.bin + 2012-07-08 22:49 . 2012-07-08 22:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-08 03:18 . 2012-07-08 03:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-01-11 20:32 . 2012-07-08 03:33 227824 c:\windows\SysWOW64\javaws.exe + 2012-01-11 20:32 . 2012-07-08 03:33 174064 c:\windows\SysWOW64\javaw.exe + 2012-01-11 20:32 . 2012-07-08 03:33 174064 c:\windows\SysWOW64\java.exe - 2009-07-14 05:01 . 2012-07-07 14:23 279128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-08 22:48 279128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-07-08 03:33 . 2012-07-08 03:33 461312 c:\windows\Installer\d419b.msi + 2011-09-08 05:01 . 2012-07-08 22:48 63073092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1370678217-2648053772-1350857106-1000-12288.dat + 2012-07-08 03:32 . 2012-07-08 03:32 17379328 c:\windows\Installer\d4197.msi + 2012-06-04 14:48 . 2012-06-04 14:48 15888384 c:\windows\Installer\1eaaf.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Monster\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Monster\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Monster\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 94208 ----a-w- c:\users\Monster\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-06-01 506712] "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "GBTUpd"="c:\program files (x86)\GIGABYTE\UpdManager\PreRun.exe" [2008-04-03 297480] "DES2"="c:\program files (x86)\GIGABYTE\EnergySaver2\des2.exe" [2011-03-08 359024] . c:\users\Monster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Monster\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736] EVGA Precision X.lnk - c:\program files (x86)\EVGA Precision X\EVGAPrecision.exe [2012-6-29 553800] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-06-12 1258856] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272] R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248] R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864] R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-12-19 25640] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-10-27 30528] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-08 1255736] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880] S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136] S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-06-12 382312] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-03-07 40832] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-03-07 65280] S3 hxctlflt;hxctlflt;c:\windows\system32\DRIVERS\hxctlflt.sys [2009-02-09 111104] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-05-21 188776] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision X\RTCore64.sys [2012-06-29 15176] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\Monster\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\Monster\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\Monster\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-12-05 19:17 97792 ----a-w- c:\users\Monster\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984] "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-09 2275944] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://affiliate.zap2it.com/tvlistings/ZCGrid.do?loginRedirectReq=true mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.10.1 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1370678217-2648053772-1350857106-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1370678217-2648053772-1350857106-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\APC\PowerChute Personal Edition\mainserv.exe c:\program files (x86)\APC\PowerChute Personal Edition\apcsystray.exe . ************************************************************************** . Completion time: 2012-07-08 18:51:47 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-08 22:51 ComboFix2.txt 2012-07-08 03:21 . Pre-Run: 145,917,034,496 bytes free Post-Run: 145,751,699,456 bytes free . - - End Of File - - 87EFD49C54D4C5966D68B34FD7063B5E DDS text: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by Monster at 18:53:14 on 2012-07-08 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16301.14233 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe C:\Users\Monster\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://affiliate.zap2it.com/tvlistings/ZCGrid.do?loginRedirectReq=true BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRunOnce: [GBTUpd] C:\Program Files (x86)\GIGABYTE\UpdManager\PreRun.exe mRunOnce: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe state StartupFolder: C:\Users\Monster\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Monster\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVGAPR~1.LNK - C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/BINGAME/POPCAPLOADER_V10.CAB TCP: DhcpNameServer = 192.168.10.1 TCP: Interfaces\{0205CAC2-58CB-4D3B-9DBB-01B62C589397} : DhcpNameServer = 192.168.10.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll mRun-x64: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRunOnce-x64: [GBTUpd] C:\Program Files (x86)\GIGABYTE\UpdManager\PreRun.exe mRunOnce-x64: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe state AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-1-24 21880] R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-9-7 68136] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-4 1258856] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-6-11 382312] R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?] R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?] R3 hxctlflt;hxctlflt;C:\Windows\system32\DRIVERS\hxctlflt.sys --> C:\Windows\system32\DRIVERS\hxctlflt.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2012-6-29 15176] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-7 654408] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248] S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864] S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-9-9 25640] S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-9-7 30528] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-07-08 22:50:34 -------- d-sh--w- C:\$RECYCLE.BIN 2012-07-08 14:12:00 399264 ----a-w- C:\Windows\unhide.exe 2012-07-08 13:14:47 -------- d-----w- C:\Users\Monster\AppData\Local\{B9F8192F-BE8D-40A9-B28B-E7CF562F3F25} 2012-07-08 13:14:25 -------- d-----w- C:\Users\Monster\AppData\Local\{77955E54-126A-4F37-8B36-5E8300A23515} 2012-07-08 06:23:31 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6299D83-BF4D-4C7C-91E3-A652088CC8B2}\mpengine.dll 2012-07-08 04:20:28 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-08 04:11:57 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-08 04:10:54 116016 ----a-w- C:\Windows\System32\drivers\89452384.sys 2012-07-08 03:33:41 -------- d-----w- C:\Program Files (x86)\Oracle 2012-07-08 03:33:21 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-07-08 03:15:18 98816 ----a-w- C:\Windows\sed.exe 2012-07-08 03:15:18 518144 ----a-w- C:\Windows\SWREG.exe 2012-07-08 03:15:18 256000 ----a-w- C:\Windows\PEV.exe 2012-07-08 03:15:18 208896 ----a-w- C:\Windows\MBR.exe 2012-07-08 01:21:43 -------- d-----w- C:\ProgramData\Kaspersky Lab 2012-07-07 23:18:59 -------- d-----w- C:\Windows\msdownld.tmp 2012-07-07 23:03:38 -------- d-----w- C:\Users\Monster\AppData\Local\{A3E16D22-F576-469B-9156-E0494EC2AC5F} 2012-07-07 23:03:16 -------- d-----w- C:\Users\Monster\AppData\Local\{C3E81BCB-F2D9-4FF3-815A-6AC52484943E} 2012-07-07 22:41:21 -------- d-----w- C:\Users\Monster\AppData\Local\{84C76A8C-DC35-4EF8-8E94-C47EAA90A010} 2012-07-07 22:15:33 -------- d-----w- C:\Users\Monster\AppData\Local\{21A84CF0-F659-4D71-89EC-23EFDA801698} 2012-07-07 20:54:57 -------- d-----w- C:\Users\Monster\AppData\Roaming\Malwarebytes 2012-07-07 20:54:48 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2012-07-07 20:54:48 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-07 20:54:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-07 19:42:46 -------- d-----w- C:\Users\Monster\AppData\Local\{8452858B-ACF0-4496-9A4A-D0D390A88840} 2012-07-07 19:42:25 -------- d-----w- C:\Users\Monster\AppData\Local\{4C15BE42-0BEA-4268-B8AC-670DA4569960} 2012-07-07 18:17:34 -------- d-----w- C:\Users\Monster\AppData\Local\{DAB9186B-DFAD-4524-B924-065AF0D8FA52} 2012-07-07 03:25:07 -------- d-----w- C:\Users\Monster\AppData\Local\{4BDBE2AD-3146-4DB0-993B-703723560C63} 2012-07-07 03:24:45 -------- d-----w- C:\Users\Monster\AppData\Local\{D98B742A-50D1-4416-94E8-2B4183850D8C} 2012-07-06 15:18:21 -------- d-----w- C:\Users\Monster\AppData\Local\{29E63BF6-0C75-40E2-AF96-34F13CD5D017} 2012-07-06 15:17:59 -------- d-----w- C:\Users\Monster\AppData\Local\{FD00A1B2-CA9A-4236-BFF7-FFE517F12672} 2012-07-06 03:31:18 -------- d-----w- C:\Users\Monster\AppData\Local\Apple Computer 2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-07-06 03:28:34 -------- d-----w- C:\Users\Monster\AppData\Local\Apple 2012-07-06 03:02:04 -------- d-----w- C:\Users\Monster\AppData\Local\{99E0CB75-8492-411D-948A-2A0304709A9A} 2012-07-06 03:01:42 -------- d-----w- C:\Users\Monster\AppData\Local\{771EE766-C26A-4F64-AEF2-97B7CE83F290} 2012-07-05 15:01:17 -------- d-----w- C:\Users\Monster\AppData\Local\{C580793E-6487-4161-9622-6C86AC984ABC} 2012-07-05 15:00:55 -------- d-----w- C:\Users\Monster\AppData\Local\{D14AE534-F078-4ED8-BC11-8D0515696A79} 2012-07-05 02:39:03 -------- d-----w- C:\Users\Monster\AppData\Local\{0AA1976B-1291-4197-9E53-70938642C8A6} 2012-07-05 02:38:41 -------- d-----w- C:\Users\Monster\AppData\Local\{F07FC934-09F0-44D1-BE98-8B185E2E3006} 2012-07-04 13:22:40 -------- d-----w- C:\Users\Monster\AppData\Local\{D205320D-0CDC-427C-908A-8ABCF9A4F3CD} 2012-07-04 13:22:18 -------- d-----w- C:\Users\Monster\AppData\Local\{8A7D36A2-8B53-44B2-AA0B-5F1B468CF3F1} 2012-07-04 02:21:10 -------- d-----w- C:\Users\Monster\AppData\Local\{1E153537-D550-4C85-A39F-511783315B84} 2012-07-03 22:17:02 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9E06D002-0A74-4578-88D3-B1C494A35956}\gapaengine.dll 2012-07-03 12:54:27 -------- d-----w- C:\Users\Monster\AppData\Local\{428BB0E7-5914-4BB6-98DF-EDED855C544C} 2012-07-03 12:54:04 -------- d-----w- C:\Users\Monster\AppData\Local\{12501126-51D9-44D6-8283-A4771FD79AA3} 2012-07-03 00:23:34 -------- d-----w- C:\Users\Monster\AppData\Local\{F34EB0E2-4C21-4451-ACE5-D11549D91164} 2012-07-03 00:23:12 -------- d-----w- C:\Users\Monster\AppData\Local\{50448357-028D-495E-BB39-C40C93E39702} 2012-07-02 12:22:47 -------- d-----w- C:\Users\Monster\AppData\Local\{0980B5B5-BDB3-4916-AB7A-2B6FEE9BD664} 2012-07-02 12:22:25 -------- d-----w- C:\Users\Monster\AppData\Local\{B054D9E8-2255-44B0-BC5E-A9E3D668B21A} 2012-07-01 21:03:30 -------- d-----w- C:\Users\Monster\AppData\Local\{18AC2C45-BB29-4232-8AF8-364BBD020545} 2012-07-01 21:03:08 -------- d-----w- C:\Users\Monster\AppData\Local\{8ABB9521-8ED4-4E28-B576-5C4640EEB988} 2012-07-01 16:01:37 -------- d-----w- C:\Users\Monster\AppData\Local\{8C0CBB0D-8FC6-430C-AC9B-B077130206DE} 2012-07-01 16:01:15 -------- d-----w- C:\Users\Monster\AppData\Local\{D1C6AECD-E652-4121-819C-714031512535} 2012-07-01 01:47:37 -------- d-----w- C:\Users\Monster\AppData\Local\{40E7ED80-FC09-4A97-B4C8-3EEFF5A19B91} 2012-07-01 01:47:15 -------- d-----w- C:\Users\Monster\AppData\Local\{C73D78F8-36A4-4C88-B972-B46B5F2263E9} 2012-06-30 13:02:11 -------- d-----w- C:\Users\Monster\AppData\Local\{69D02A7D-08B7-41D4-90A1-A7116643E317} 2012-06-30 13:01:49 -------- d-----w- C:\Users\Monster\AppData\Local\{963DA3A9-1348-41D9-813D-C4D053031066} 2012-06-30 04:27:19 -------- d-----w- C:\Users\Monster\AppData\Local\{7D01B93F-3C46-45A8-8A87-78E7485AF79B} 2012-06-30 04:26:57 -------- d-----w- C:\Users\Monster\AppData\Local\{E67238A1-05D0-4D80-90E3-B526915902F6} 2012-06-29 12:22:47 -------- d-----w- C:\Users\Monster\AppData\Local\{CDA64F1A-BA88-4D5B-BBF8-CDBD2E14C239} 2012-06-29 12:22:25 -------- d-----w- C:\Users\Monster\AppData\Local\{83DF09D8-E964-45ED-B078-EA3BF9937D73} 2012-06-29 00:22:01 -------- d-----w- C:\Users\Monster\AppData\Local\{881D59FB-B54F-46C2-AD95-6D37DAD1F193} 2012-06-29 00:21:38 -------- d-----w- C:\Users\Monster\AppData\Local\{23896204-0A7D-476C-9444-038816CA6DF7} 2012-06-28 12:21:14 -------- d-----w- C:\Users\Monster\AppData\Local\{F984CF34-63AD-4397-92DD-C05D2DF2C624} 2012-06-28 12:20:52 -------- d-----w- C:\Users\Monster\AppData\Local\{35224A91-EFD2-4029-AE3B-59CE2E486907} 2012-06-27 16:58:18 -------- d-----w- C:\Users\Monster\AppData\Local\{2B36657F-71F3-4488-97A8-5DC398A34D98} 2012-06-27 16:57:56 -------- d-----w- C:\Users\Monster\AppData\Local\{FCAFCAD8-F3FC-4BFC-9BC3-96BA6AFCD2E4} 2012-06-27 16:54:12 -------- d-----w- C:\Users\Monster\AppData\Local\{5475B883-056F-44C7-9A95-0F58BDBCD550} 2012-06-27 05:57:08 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-27 05:57:04 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-27 05:56:57 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-27 05:56:57 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-27 04:31:04 -------- d-----w- C:\Users\Monster\AppData\Local\{A39BF54A-074A-4635-B043-5C67012A3407} 2012-06-27 04:30:42 -------- d-----w- C:\Users\Monster\AppData\Local\{2973D902-1CCD-4F71-957F-5C6E1065F8AE} 2012-06-26 15:22:59 -------- d-----w- C:\Users\Monster\AppData\Local\{C0D5A744-196B-4488-89D4-A453FD2F13CC} 2012-06-26 15:22:37 -------- d-----w- C:\Users\Monster\AppData\Local\{511F77EA-51CD-480A-805F-70F4A2A08717} 2012-06-26 01:48:13 -------- d-----w- C:\Users\Monster\AppData\Local\{A36DB817-E690-4FCF-9505-F08E2922D875} 2012-06-26 01:47:51 -------- d-----w- C:\Users\Monster\AppData\Local\{733798E2-F27A-429B-AA00-1FA7E799F6F1} 2012-06-25 12:28:27 -------- d-----w- C:\Users\Monster\AppData\Local\{EBED92FC-8AD4-422B-9746-60E56B2379C1} 2012-06-25 12:28:04 -------- d-----w- C:\Users\Monster\AppData\Local\{67EA5D40-9ED6-4C0B-8242-162BE794D01A} 2012-06-25 03:15:44 -------- d-----w- C:\Users\Monster\AppData\Local\{4E767056-79EB-4D02-8645-526A828D1119} 2012-06-24 12:21:41 -------- d-----w- C:\Users\Monster\AppData\Local\{0E3C63B1-B037-4C2C-AE2A-83323F0CA63B} 2012-06-24 12:21:19 -------- d-----w- C:\Users\Monster\AppData\Local\{F363C67F-5588-44EE-B0E7-3AF9572975A3} 2012-06-23 20:10:46 -------- d-----w- C:\Users\Monster\AppData\Local\{2E7D129E-6EA0-4D88-AB9C-94DD970F16D6} 2012-06-23 20:10:24 -------- d-----w- C:\Users\Monster\AppData\Local\{566BE370-565D-494E-AFEE-8DF6C09554CC} 2012-06-22 21:03:34 -------- d-----w- C:\Users\Monster\AppData\Local\{F1F2A841-7477-4353-9319-50F6C04D8B94} 2012-06-22 21:03:12 -------- d-----w- C:\Users\Monster\AppData\Local\{6BD9CA0F-ED67-4857-9D71-1AD9057AFE5D} 2012-06-22 03:01:27 -------- d-----w- C:\Users\Monster\AppData\Local\{CAE85344-85FB-4502-A12B-472F28C18C25} 2012-06-22 03:01:05 -------- d-----w- C:\Users\Monster\AppData\Local\{4525B361-505D-4E5F-AF7B-0D331E71AD23} 2012-06-21 11:01:42 -------- d-----w- C:\Users\Monster\AppData\Local\{C4D4E913-F830-4796-8395-C0313ACAC445} 2012-06-21 11:01:20 -------- d-----w- C:\Users\Monster\AppData\Local\{D59D66B2-92D3-458F-94E4-DC0AA2A7D941} 2012-06-20 18:08:17 -------- d-----w- C:\Users\Monster\AppData\Local\{6BC3DF1E-8742-4EF7-8AE6-4C60E1BCCA93} 2012-06-20 18:07:55 -------- d-----w- C:\Users\Monster\AppData\Local\{1079313F-DA88-44FD-A453-798ACD5E0106} 2012-06-20 01:44:00 -------- d-----w- C:\Users\Monster\AppData\Local\{96AE8B23-8674-4E3E-9A9A-6D18DC4CE283} 2012-06-20 01:43:38 -------- d-----w- C:\Users\Monster\AppData\Local\{DAFFCBFE-7E60-4A8D-BC1E-1B2AEBE3A44A} 2012-06-19 04:10:52 -------- d-----w- C:\Users\Monster\AppData\Local\{2BCAFC05-4A35-40D5-B6A4-4A4B47ABAB17} 2012-06-19 04:10:30 -------- d-----w- C:\Users\Monster\AppData\Local\{FF08AAC1-B051-4167-90D5-3E6EE87A0DD2} 2012-06-18 12:57:55 -------- d-----w- C:\Users\Monster\AppData\Local\{DADE819D-B2EC-45FB-9F1D-1E5EA61EC952} 2012-06-17 22:20:02 -------- d-----w- C:\Users\Monster\AppData\Local\{AB587CF5-0C82-47C6-B7A8-E075E4D4275A} 2012-06-17 11:05:43 -------- d-----w- C:\Users\Monster\AppData\Local\{03495D20-872D-47C3-93AD-6A9F0B06D867} 2012-06-16 20:55:50 -------- d-----w- C:\Users\Monster\AppData\Local\{0F7F3DA5-1B52-47CE-82C6-A5DB4E2E7FA6} 2012-06-16 13:13:58 -------- d-----w- C:\Users\Monster\AppData\Local\{7020333B-81B6-4883-A5F3-9BC4C4921622} 2012-06-15 20:39:13 -------- d-----w- C:\Users\Monster\AppData\Local\{5887454E-1B49-4464-B7A8-A49601ABEBEA} 2012-06-15 16:30:33 -------- d-----w- C:\Users\Monster\AppData\Local\{BB3F59B2-6AB4-4EE6-80E3-5EA870C1912B} 2012-06-15 04:19:12 -------- d-----w- C:\Users\Monster\AppData\Local\{09C4D844-EB59-49C4-9176-0CE1AE1A36A9} 2012-06-14 14:05:09 -------- d-----w- C:\Users\Monster\AppData\Local\{AF9A8AF8-6167-42C1-A50E-76E9CD2E0DCF} 2012-06-14 14:04:47 -------- d-----w- C:\Users\Monster\AppData\Local\{A89DFE16-C42B-4938-97F6-71CDF9F79F10} 2012-06-14 09:01:05 -------- d-----w- C:\Users\Monster\AppData\Local\{112B8723-C34B-4810-AC95-D0CA00D271B4} 2012-06-13 13:10:11 -------- d-----w- C:\ProgramData\Battle.net 2012-06-13 13:00:48 -------- d-----w- C:\Users\Monster\AppData\Local\{EC3DA9E3-C873-465F-A7E8-308AA10B8E26} 2012-06-13 13:00:26 -------- d-----w- C:\Users\Monster\AppData\Local\{8A4B39E5-3107-4BC9-9E96-D1CCC66B0B68} 2012-06-13 05:35:10 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-06-13 05:35:10 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-06-13 05:23:22 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-12 23:49:53 -------- d-----w- C:\Users\Monster\AppData\Local\{1E6F485C-C856-4711-AA5C-814107B8007F} 2012-06-12 23:49:31 -------- d-----w- C:\Users\Monster\AppData\Local\{4D97A91B-0CA8-4941-9986-04FC90ED51DE} 2012-06-12 11:01:44 -------- d-----w- C:\Users\Monster\AppData\Local\{A5126C23-A6A4-473F-99D6-3A0EC0175E08} 2012-06-12 11:01:22 -------- d-----w- C:\Users\Monster\AppData\Local\{845131F4-9B1F-430D-A275-5360ED31999C} 2012-06-12 00:51:04 428392 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2012-06-11 15:57:51 -------- d-----w- C:\Users\Monster\AppData\Local\{87024ACA-2EC2-4624-A00B-77ADDA2A5DC7} 2012-06-11 15:57:29 -------- d-----w- C:\Users\Monster\AppData\Local\{D9C7F8AD-E6DE-42DA-9B4B-4B32C5FC449F} 2012-06-11 03:02:21 -------- d-----w- C:\Users\Monster\AppData\Local\{2440A8F9-84B3-44FB-96B8-DF773007A3B3} 2012-06-11 03:01:58 -------- d-----w- C:\Users\Monster\AppData\Local\{6A4247B2-172A-4AF0-B797-E12AE8FF2B1C} 2012-06-10 12:31:10 -------- d-----w- C:\Users\Monster\AppData\Local\{B2E11062-B0EB-4FB7-A037-90EDF4F2279D} 2012-06-10 12:30:48 -------- d-----w- C:\Users\Monster\AppData\Local\{18E16E3E-ADD8-4D41-822E-422181EBB6F5} 2012-06-09 20:19:48 -------- d-----w- C:\Users\Monster\AppData\Local\{659F3DDC-3539-463C-A670-ED434F1CA539} 2012-06-09 20:19:26 -------- d-----w- C:\Users\Monster\AppData\Local\{26CFF707-4E0E-45DE-BB03-D1AF1F16B725} 2012-06-09 05:00:37 -------- d-----w- C:\Users\Monster\AppData\Local\{3C6BDBAB-7069-4682-8652-0251A5440657} 2012-06-09 05:00:15 -------- d-----w- C:\Users\Monster\AppData\Local\{C5CCB3B5-A47E-4E00-B2D6-365B9A497888} 2012-06-09 02:30:37 -------- d-----w- C:\Users\Monster\AppData\Local\{A881F694-2986-4179-9978-D739EA99FCA7} 2012-06-08 23:43:25 -------- d-----w- C:\Users\Monster\AppData\Local\{3A2C788D-9DB8-4A8B-96EE-DCF821DD07F6} . ==================== Find3M ==================== . 2012-07-08 22:50:20 25640 ----a-w- C:\Windows\gdrv.sys 2012-06-12 02:30:01 2653573 ----a-w- C:\Windows\System32\nvcoproc.bin 2012-06-12 02:29:20 3264360 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-06-12 02:29:19 6189928 ----a-w- C:\Windows\System32\nvcpl.dll 2012-06-12 02:28:59 891240 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-06-12 02:28:59 63336 ----a-w- C:\Windows\System32\nvshext.dll 2012-06-12 02:28:59 118120 ----a-w- C:\Windows\System32\nvmctray.dll 2012-06-11 12:22:38 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-11 12:22:38 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-21 13:10:56 31080 ----a-w- C:\Windows\System32\nvhdap64.dll 2012-05-21 13:10:51 188776 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys 2012-05-21 07:34:41 1468264 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-15 10:48:00 364352 ----a-w- C:\Windows\System32\nvdecodemft.dll 2012-05-15 10:48:00 301376 ----a-w- C:\Windows\SysWow64\nvdecodemft.dll 2012-05-15 10:48:00 1468224 ----a-w- C:\Windows\System32\nvgenco64.dll 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts . ============= FINISH: 18:53:23.34 ===============

Results as follows, and thank you in advance. mbam-check result log version: 1.10.0.1000 Malwarebytes Version: REG_SZ 1.61.0.1400 Date Log Created: 07/08/12 Time Log Created: 18:22:33 64 bit Operating System Product Name: REG_SZ Windows 7 Home Premium Current Build Number: 7601 Current Version Number: 6.1 Current CSDVersion: Service Pack 1 Proxy Status: No proxy is Set LAN Settings: ============= only 'Automatically detect settings' is selected SystemPartition: ================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\ SystemPartition REG_SZ \Device\HarddiskVolume1 Balloon Tips Status: ==================== Enabled Time Format Settings: ===================== Should be: h:mm:ss tt AM PM : Currently: REG_SZ h:mm:ss tt REG_SZ AM REG_SZ PM REG_SZ : Language and Regional Settings: =============================== ACP: Language is English (United States) MACCP: Language is English (United States) OEMCP: Language is English (United States) Startup Folders for Error_Expanding_Variables Check: ==================================================== All Users Startup Folder Exists. Current User's Startup Folder Exists. Terminal Services Status for (null) entries in PM logs and GetUserToken errors: =============================================================================== TERMService: ============== Type : 32 State : 1 (The service is not running.) (State is stopped) WIN32_EXIT_CODE : 1077 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 TermService Start is set to: 3 (Manual Startup) Compatibility Flag Settings (Any MBAM file listings should be removed): ======================================================================= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers C:\Users\Monster\Desktop\evgaprecisionx\EVGA_PrecisionX_Setup_301.exeREG_SZ VISTARTM C:\Program Files (x86)\EVGA Precision\uninstall.exeREG_SZ VISTARTM HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers C:\Program Files (x86)\HRBlock2011\pdf995\autosetup.exeREG_SZ WINXPSP2 MBAM Startup Entries: ===================== Service and Driver Status: ========================== MBAMProtector: ============== Type : 2 State : 1 (The service is not running.) (State is stopped) WIN32_EXIT_CODE : 2 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 MBAMService: ============== Type : 16 State : 1 (The service is not running.) (State is stopped) WIN32_EXIT_CODE : 1068 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 MBAMProtector Registry Values: ============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector Type REG_DWORD 2 Start REG_DWORD 3 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ \??\C:\Windows\system32\drivers\mbam.sys Group REG_SZ FSFilter Anti-Virus DependOnService REG_MULTI_SZ FltMgr WOW64 REG_DWORD 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances DefaultInstance REG_SZ MBAMProtector Instance HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance Altitude REG_SZ 328800 Flags REG_DWORD 0 MBAMService Registry Values: ============================ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService Type REG_DWORD 16 Start REG_DWORD 2 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" DependOnService REG_MULTI_SZ MBAMProtector WOW64 REG_DWORD 1 ObjectName REG_SZ LocalSystem Description REG_SZ Malwarebytes Anti-Malware service DelayedAutostart REG_DWORD 1 MBAM DLL's and Runtime Files: ============================= HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid (Default): REG_SZ vbAccelerator Grid Control HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid (Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67} HKEY_CLASSES_ROOT\SSubTimer6.GSubclass (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid (Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.CTimer (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid (Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.ISubclass (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid (Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A} HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1 (Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS (Default): REG_SZ 2 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A} HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1 (Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS (Default): REG_SZ 2 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0 (Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix) HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0 (Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix) HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ _ISubclass HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ ISubclass HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ __CTimer HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ CTimer HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB} (Default): REG_SZ __vbalGrid HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib (Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A} Version REG_SZ 1.1 HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB} (Default): REG_SZ vbalGrid HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib (Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A} Version REG_SZ 1.1 MBAM Registry Settings and License Info: ======================================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware InstallPath REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware dbdate REG_SZ Sun, 08 Jul 2012 16:10:18 GMT dbversion REG_SZ v2012.07.08.06 programversion REG_SZ 1.61.0.1400 advancedheuristics REG_DWORD 1 downloadprogram REG_DWORD 1 hidereg REG_DWORD 0 detectp2p REG_DWORD 0 detectpum REG_DWORD 1 detectpup REG_DWORD 2 updatewarn REG_DWORD 1 updatewarndays REG_DWORD 7 useproxy REG_DWORD 0 useauthentication REG_DWORD 0 startipdisabled REG_DWORD 0 notifyinstallprogram REG_DWORD 0 scanreboot REG_DWORD 1 ID XXXXX-XXXXX This is hidden data. Key XXXX-XXXX-XXXX-XXXX This is hidden data. SchedulerQueue REG_MULTI_SZ 1085444, 30207389, 4147449856, 1, 23 | 30235387, 1450336655 20979716, 30207491, 1060785664, 1, 23 | 30235285, 2739760640 20987912, 30207491, 4060785664, 1, 23 | 30234280, 2181893120 1085444, 30207490, 2355752960, 1, 23 | 30235285, 4158872168 20979716, 30207390, 2852482560, 1, 23 | 30235386, 948063744 Affiliate REG_SZ https://store.malwarebytes.org/342/?scope=checkout&cart=29945 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware\UUID There is data here but it is hidden. HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware language REG_SZ english.lng alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 0 openlog REG_DWORD 0 contextmenu REG_DWORD 1 defaultscan REG_DWORD 0 reportthreats REG_DWORD 0 terminateie REG_DWORD 0 startwithwindows REG_DWORD 1 startfsdisabled REG_DWORD 0 silentipmode REG_DWORD 0 trialpromptshown REG_DWORD 1 selectedrives REG_SZ C:\|E:\|F:\| HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 1 openlog REG_DWORD 1 contextmenu REG_DWORD 1 defaultscan REG_DWORD 0 reportthreats REG_DWORD 1 terminateie REG_DWORD 0 startwithwindows REG_DWORD 1 startfsdisabled REG_DWORD 0 silentipmode REG_DWORD 0 trialpromptshown REG_DWORD 0 HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 1 openlog REG_DWORD 1 contextmenu REG_DWORD 1 defaultscan REG_DWORD 0 reportthreats REG_DWORD 1 terminateie REG_DWORD 0 startwithwindows REG_DWORD 1 startfsdisabled REG_DWORD 0 silentipmode REG_DWORD 0 trialpromptshown REG_DWORD 0 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1 Inno Setup: Setup Version REG_SZ 5.4.3 (a) Inno Setup: App Path REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware InstallLocation REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware Inno Setup: User REG_SZ Monster Inno Setup: Selected Tasks REG_SZ desktopicon Inno Setup: Deselected Tasks REG_SZ quicklaunchicon Inno Setup: Language REG_SZ English DisplayName REG_SZ Malwarebytes Anti-Malware version 1.61.0.1400 DisplayIcon REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe UninstallString REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" QuietUninstallString REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" /SILENT DisplayVersion REG_SZ 1.61.0.1400 Publisher REG_SZ Malwarebytes Corporation URLInfoAbout REG_SZ http://www.malwarebytes.org NoModify REG_DWORD 1 NoRepair REG_DWORD 1 InstallDate REG_SZ 20120707 MajorVersion REG_DWORD 1 MinorVersion REG_DWORD 61 EstimatedSize REG_DWORD 18479 Scheduler Queue: ================ Scheduled Item: Update Schedule Options: Flash Scan | Daily | Silent Start Time: 2012-02-17 18:00 Repeating Every: 1 Recover if missed by: 23 Scheduled Item: Scan Schedule Options: Quick Scan | Daily | Scan Remove | Scan Reboot Start Time: 2012-02-18 06:05 Repeating Every: 1 Recover if missed by: 23 Scheduled Item: Scan Schedule Options: Full Scan | Weekly | Scan Remove | Scan Reboot Start Time: 2012-02-18 06:10 Repeating Every: 1 Recover if missed by: 23 Scheduled Item: Update Schedule Options: Flash Scan | Daily | Silent Start Time: 2012-02-18 06:00 Repeating Every: 1 Recover if missed by: 23 Scheduled Item: Scan Schedule Options: Quick Scan | Daily | Scan Remove | Scan Reboot Start Time: 2012-02-17 18:05 Repeating Every: 1 Recover if missed by: 23 Context Menu Entries: ===================== HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1 (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE} (Default): REG_SZ IMBAMShlExt HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID (Default): REG_SZ MBAMExt.MBAMShlExt HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware MBAM Drivers: ============= C:\Windows\SysWOW64\drivers\mbamswissarmy.sys File Size: 38224 BYTES FileVersion: 1.50.1.0 Required Dependencies: ====================== fltmgr: ============== Type : 2 State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr AttachWhenLoaded REG_DWORD 1 DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001 Group REG_SZ FSFilter Infrastructure ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000 ErrorControl REG_DWORD 3 Start REG_DWORD 0 Tag REG_DWORD 1 Type REG_DWORD 2 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum 0 REG_SZ Root\LEGACY_FLTMGR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 C:\Windows\system32\drivers\fltmgr.sys File Size: 289664 BYTES FileVersion: 6.1.7601.17514 C:\Windows\SysWOW64\olepro32.dll File Size: 90112 BYTES FileVersion: 6.1.7601.17514 List of MBAM Related Directories: ================================= C:\Program Files (x86)\Malwarebytes' Anti-Malware changes.rtf File Size: 785 BYTES license.txt File Size: 11141 BYTES mbam.chm File Size: 410054 BYTES mbam.dll File Size: 476232 BYTES FileVersion: 1.61.0.0 mbam.exe File Size: 981680 BYTES FileVersion: 1.60.0.80 mbamcore.dll File Size: 1082440 BYTES FileVersion: 1.61.0.0 mbamext.dll File Size: 95304 BYTES FileVersion: 1.61.0.0 mbamgui.exe File Size: 462408 BYTES FileVersion: 1.61.0.0 mbamnet.dll File Size: 2165320 BYTES FileVersion: 1.61.0.0 mbampt.exe File Size: 40008 BYTES FileVersion: 1.61.0.0 mbamservice.exe File Size: 654408 BYTES FileVersion: 1.61.0.0 ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3 unins000.dat File Size: 21705 BYTES unins000.exe File Size: 711240 BYTES FileVersion: 51.52.0.0 unins000.msg File Size: 10498 BYTES vbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40 C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon chameleon.chm File Size: 186068 BYTES firefox.com File Size: 199240 BYTES firefox.exe File Size: 199240 BYTES firefox.pif File Size: 199240 BYTES firefox.scr File Size: 199240 BYTES iexplore.exe File Size: 199240 BYTES mbam-chameleon.com File Size: 199240 BYTES mbam-chameleon.exe File Size: 199240 BYTES mbam-chameleon.pif File Size: 199240 BYTES mbam-chameleon.scr File Size: 199240 BYTES mbam-killer.exe File Size: 984648 BYTES FileVersion: 1.60.0.47 rundll32.exe File Size: 199240 BYTES svchost.exe File Size: 199240 BYTES winlogon.exe File Size: 199240 BYTES C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages arabic.lng File Size: 20716 BYTES bosnian.lng File Size: 25860 BYTES bulgarian.lng File Size: 26296 BYTES catalan.lng File Size: 26822 BYTES chineseSI.lng File Size: 10480 BYTES chineseTR.lng File Size: 11384 BYTES croatian.lng File Size: 25546 BYTES czech.lng File Size: 23540 BYTES danish.lng File Size: 25384 BYTES dutch.lng File Size: 26940 BYTES english.lng File Size: 23390 BYTES estonian.lng File Size: 24112 BYTES finnish.lng File Size: 24580 BYTES french.lng File Size: 28342 BYTES german.lng File Size: 28506 BYTES greek.lng File Size: 27864 BYTES hebrew.lng File Size: 18372 BYTES hungarian.lng File Size: 27124 BYTES italian.lng File Size: 26812 BYTES latvian.lng File Size: 25804 BYTES lithuanian.lng File Size: 26666 BYTES macedonian.lng File Size: 27830 BYTES norwegian.lng File Size: 23864 BYTES polish.lng File Size: 25304 BYTES portugueseBR.lng File Size: 27330 BYTES portuguesePT.lng File Size: 27628 BYTES romanian.lng File Size: 26914 BYTES russian.lng File Size: 25952 BYTES serbian.lng File Size: 25606 BYTES slovak.lng File Size: 24392 BYTES slovenian.lng File Size: 23622 BYTES spanish.lng File Size: 28542 BYTES swedish.lng File Size: 24782 BYTES thai.lng File Size: 24952 BYTES turkish.lng File Size: 24640 BYTES vietnamese.lng File Size: 28118 BYTES C:\Users\Monster\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware C:\Users\Monster\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs C:\Users\Monster\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware exclusions.dat File Size: 2 BYTES link.txt File Size: 115 BYTES mbam-setup.exe File Size: 10063000 BYTES FileVersion: 1.61.0.1400 news.txt File Size: 78 BYTES rules.ref File Size: 7420757 BYTES C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration build.conf File Size: 140 BYTES config.conf File Size: 3276 BYTES custom.conf File Size: 20 BYTES database.conf File Size: 432 BYTES local.conf File Size: 762 BYTES manifest.conf File Size: 563 BYTES news.conf File Size: 379 BYTES C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine =============================================================== END OF FILE

My computer (Win7, 64-bit) reported a viral infection to me early today via Microsoft Security Essentials. It had been quarantined in the history file and I told MSE to delete it. I then ran full scans with MSE and MBAM, and neither found anything else on my machine. But something was definitely wrong. I couldn't put MBAM (I have the Pro version) into Protection Mode. When I try, I get an error. It says, "PROGRAM_ERROR_PROTECTION_MODULE (1068, 0, ProtectionEnable) The dependency service or group failed to start." I thought something happened to MBAM, so I uninstalled it, then reinstalled it from the disk, updated it online, and tried again to get it to go into Protection Mode. It wouldn't go -- same error. I then tried to go to Windows Updates to see if there was any new Malicious Software Removal Tool. Windows Updates gave me an error (Code 80070005) and couldn't check for updates. I started reading on the forums to see if anyone else had a similar problem, then I did a very bad thing. A poster named Big_Shifty wrote about his issue, and I chimed in with a couple of "Me too!" posts. After that, I read the sticky called "Groups authorized to help with HJT logs" and I felt just awful. I never should have posted on Big_Shifty's issue and I am so sorry. I hope he can get the help he needs. His topic is called, "I believe I still have an infection." Please help him before you help me! Still blundering along, I continued reading other chains and tried some tools listed. The Kaspersky free tool found and removed two things from my system: MEM: Rootkit.Win64.Sst.b and Rootkit.Boot.SST.a I don't know why the MBAM or MSE scans didn't find those, but I thought, "Great, now it's going to be fixed!" Only it's not. Still can't get the Windows Update to work, and MBAM won't go into Protected Mode. In fact, I can't change my Windows wallpaper either, which is disturbing too. I hope I didn't mess things up so bad they can't be fixed without completely reloading Windows again. I would absolutely hate that, and I'm praying you can help me. I feel like a total fool here. So now that I read the stickies and know what to do, here, below, are the DDS.txt and Attach.txt files. Please forgive me for charging in and perhaps making a bad situation worse. I wouldn't blame you if you didn't want to help me at this point, but thank you in advance if you're willing to try. Sincerely, - = M = - DDS.txt: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by Monster at 0:17:10 on 2012-07-08 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16301.13876 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe C:\Users\Monster\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://affiliate.zap2it.com/tvlistings/ZCGrid.do?loginRedirectReq=true BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRunOnce: [GBTUpd] C:\Program Files (x86)\GIGABYTE\UpdManager\PreRun.exe mRunOnce: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe state mRunOnce: [GrpConv] grpconv -o StartupFolder: C:\Users\Monster\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Monster\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVGAPR~1.LNK - C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/BINGAME/POPCAPLOADER_V10.CAB TCP: DhcpNameServer = 192.168.10.1 TCP: Interfaces\{0205CAC2-58CB-4D3B-9DBB-01B62C589397} : DhcpNameServer = 192.168.10.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll mRun-x64: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRunOnce-x64: [GBTUpd] C:\Program Files (x86)\GIGABYTE\UpdManager\PreRun.exe mRunOnce-x64: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe state mRunOnce-x64: [GrpConv] grpconv -o AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-1-24 21880] R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-9-7 68136] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-4 1258856] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-6-11 382312] R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?] R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?] R3 hxctlflt;hxctlflt;C:\Windows\system32\DRIVERS\hxctlflt.sys --> C:\Windows\system32\DRIVERS\hxctlflt.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2012-6-29 15176] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] RUnknown 48503750;48503750; [x] RUnknown 5860294drv;5860294drv; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-7 654408] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248] S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864] S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-9-9 25640] S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-9-7 30528] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-07-08 04:11:57 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-08 04:10:54 116016 ----a-w- C:\Windows\System32\drivers\89452384.sys 2012-07-08 03:33:41 -------- d-----w- C:\Program Files (x86)\Oracle 2012-07-08 03:33:21 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-07-08 03:24:59 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9938CC0A-D0C1-4993-B548-7306BAC6177A}\mpengine.dll 2012-07-08 03:19:40 -------- d-sh--w- C:\$RECYCLE.BIN 2012-07-08 03:15:18 98816 ----a-w- C:\Windows\sed.exe 2012-07-08 03:15:18 518144 ----a-w- C:\Windows\SWREG.exe 2012-07-08 03:15:18 256000 ----a-w- C:\Windows\PEV.exe 2012-07-08 03:15:18 208896 ----a-w- C:\Windows\MBR.exe 2012-07-08 03:15:17 -------- d-----w- C:\ComboFix 2012-07-08 01:21:43 -------- d-----w- C:\ProgramData\Kaspersky Lab 2012-07-07 23:18:59 -------- d--h--w- C:\Windows\msdownld.tmp 2012-07-07 23:03:38 -------- d-----w- C:\Users\Monster\AppData\Local\{A3E16D22-F576-469B-9156-E0494EC2AC5F} 2012-07-07 23:03:16 -------- d-----w- C:\Users\Monster\AppData\Local\{C3E81BCB-F2D9-4FF3-815A-6AC52484943E} 2012-07-07 22:41:21 -------- d-----w- C:\Users\Monster\AppData\Local\{84C76A8C-DC35-4EF8-8E94-C47EAA90A010} 2012-07-07 22:15:33 -------- d-----w- C:\Users\Monster\AppData\Local\{21A84CF0-F659-4D71-89EC-23EFDA801698} 2012-07-07 20:54:57 -------- d-----w- C:\Users\Monster\AppData\Roaming\Malwarebytes 2012-07-07 20:54:48 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2012-07-07 20:54:48 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-07 20:54:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-07 20:08:45 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-07 19:42:46 -------- d-----w- C:\Users\Monster\AppData\Local\{8452858B-ACF0-4496-9A4A-D0D390A88840} 2012-07-07 19:42:25 -------- d-----w- C:\Users\Monster\AppData\Local\{4C15BE42-0BEA-4268-B8AC-670DA4569960} 2012-07-07 18:17:34 -------- d-----w- C:\Users\Monster\AppData\Local\{DAB9186B-DFAD-4524-B924-065AF0D8FA52} 2012-07-07 03:25:07 -------- d--h--w- C:\Users\Monster\AppData\Local\{4BDBE2AD-3146-4DB0-993B-703723560C63} 2012-07-07 03:24:45 -------- d--h--w- C:\Users\Monster\AppData\Local\{D98B742A-50D1-4416-94E8-2B4183850D8C} 2012-07-06 15:18:21 -------- d--h--w- C:\Users\Monster\AppData\Local\{29E63BF6-0C75-40E2-AF96-34F13CD5D017} 2012-07-06 15:17:59 -------- d--h--w- C:\Users\Monster\AppData\Local\{FD00A1B2-CA9A-4236-BFF7-FFE517F12672} 2012-07-06 03:31:18 -------- d--h--w- C:\Users\Monster\AppData\Local\Apple Computer 2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-07-06 03:28:34 -------- d--h--w- C:\Users\Monster\AppData\Local\Apple 2012-07-06 03:02:04 -------- d--h--w- C:\Users\Monster\AppData\Local\{99E0CB75-8492-411D-948A-2A0304709A9A} 2012-07-06 03:01:42 -------- d--h--w- C:\Users\Monster\AppData\Local\{771EE766-C26A-4F64-AEF2-97B7CE83F290} 2012-07-05 15:01:17 -------- d--h--w- C:\Users\Monster\AppData\Local\{C580793E-6487-4161-9622-6C86AC984ABC} 2012-07-05 15:00:55 -------- d--h--w- C:\Users\Monster\AppData\Local\{D14AE534-F078-4ED8-BC11-8D0515696A79} 2012-07-05 02:39:03 -------- d--h--w- C:\Users\Monster\AppData\Local\{0AA1976B-1291-4197-9E53-70938642C8A6} 2012-07-05 02:38:41 -------- d--h--w- C:\Users\Monster\AppData\Local\{F07FC934-09F0-44D1-BE98-8B185E2E3006} 2012-07-04 13:22:40 -------- d--h--w- C:\Users\Monster\AppData\Local\{D205320D-0CDC-427C-908A-8ABCF9A4F3CD} 2012-07-04 13:22:18 -------- d--h--w- C:\Users\Monster\AppData\Local\{8A7D36A2-8B53-44B2-AA0B-5F1B468CF3F1} 2012-07-04 02:21:10 -------- d--h--w- C:\Users\Monster\AppData\Local\{1E153537-D550-4C85-A39F-511783315B84} 2012-07-03 22:17:02 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9E06D002-0A74-4578-88D3-B1C494A35956}\gapaengine.dll 2012-07-03 12:54:27 -------- d--h--w- C:\Users\Monster\AppData\Local\{428BB0E7-5914-4BB6-98DF-EDED855C544C} 2012-07-03 12:54:04 -------- d--h--w- C:\Users\Monster\AppData\Local\{12501126-51D9-44D6-8283-A4771FD79AA3} 2012-07-03 00:23:34 -------- d--h--w- C:\Users\Monster\AppData\Local\{F34EB0E2-4C21-4451-ACE5-D11549D91164} 2012-07-03 00:23:12 -------- d--h--w- C:\Users\Monster\AppData\Local\{50448357-028D-495E-BB39-C40C93E39702} 2012-07-02 12:22:47 -------- d--h--w- C:\Users\Monster\AppData\Local\{0980B5B5-BDB3-4916-AB7A-2B6FEE9BD664} 2012-07-02 12:22:25 -------- d--h--w- C:\Users\Monster\AppData\Local\{B054D9E8-2255-44B0-BC5E-A9E3D668B21A} 2012-07-01 21:03:30 -------- d--h--w- C:\Users\Monster\AppData\Local\{18AC2C45-BB29-4232-8AF8-364BBD020545} 2012-07-01 21:03:08 -------- d--h--w- C:\Users\Monster\AppData\Local\{8ABB9521-8ED4-4E28-B576-5C4640EEB988} 2012-07-01 16:01:37 -------- d--h--w- C:\Users\Monster\AppData\Local\{8C0CBB0D-8FC6-430C-AC9B-B077130206DE} 2012-07-01 16:01:15 -------- d--h--w- C:\Users\Monster\AppData\Local\{D1C6AECD-E652-4121-819C-714031512535} 2012-07-01 01:47:37 -------- d--h--w- C:\Users\Monster\AppData\Local\{40E7ED80-FC09-4A97-B4C8-3EEFF5A19B91} 2012-07-01 01:47:15 -------- d--h--w- C:\Users\Monster\AppData\Local\{C73D78F8-36A4-4C88-B972-B46B5F2263E9} 2012-06-30 13:02:11 -------- d--h--w- C:\Users\Monster\AppData\Local\{69D02A7D-08B7-41D4-90A1-A7116643E317} 2012-06-30 13:01:49 -------- d--h--w- C:\Users\Monster\AppData\Local\{963DA3A9-1348-41D9-813D-C4D053031066} 2012-06-30 04:27:19 -------- d--h--w- C:\Users\Monster\AppData\Local\{7D01B93F-3C46-45A8-8A87-78E7485AF79B} 2012-06-30 04:26:57 -------- d--h--w- C:\Users\Monster\AppData\Local\{E67238A1-05D0-4D80-90E3-B526915902F6} 2012-06-29 12:22:47 -------- d--h--w- C:\Users\Monster\AppData\Local\{CDA64F1A-BA88-4D5B-BBF8-CDBD2E14C239} 2012-06-29 12:22:25 -------- d--h--w- C:\Users\Monster\AppData\Local\{83DF09D8-E964-45ED-B078-EA3BF9937D73} 2012-06-29 00:22:01 -------- d--h--w- C:\Users\Monster\AppData\Local\{881D59FB-B54F-46C2-AD95-6D37DAD1F193} 2012-06-29 00:21:38 -------- d--h--w- C:\Users\Monster\AppData\Local\{23896204-0A7D-476C-9444-038816CA6DF7} 2012-06-28 12:21:14 -------- d--h--w- C:\Users\Monster\AppData\Local\{F984CF34-63AD-4397-92DD-C05D2DF2C624} 2012-06-28 12:20:52 -------- d--h--w- C:\Users\Monster\AppData\Local\{35224A91-EFD2-4029-AE3B-59CE2E486907} 2012-06-27 16:58:18 -------- d--h--w- C:\Users\Monster\AppData\Local\{2B36657F-71F3-4488-97A8-5DC398A34D98} 2012-06-27 16:57:56 -------- d--h--w- C:\Users\Monster\AppData\Local\{FCAFCAD8-F3FC-4BFC-9BC3-96BA6AFCD2E4} 2012-06-27 16:54:12 -------- d--h--w- C:\Users\Monster\AppData\Local\{5475B883-056F-44C7-9A95-0F58BDBCD550} 2012-06-27 05:57:08 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-27 05:57:04 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-27 05:56:57 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-27 05:56:57 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-27 04:31:04 -------- d--h--w- C:\Users\Monster\AppData\Local\{A39BF54A-074A-4635-B043-5C67012A3407} 2012-06-27 04:30:42 -------- d--h--w- C:\Users\Monster\AppData\Local\{2973D902-1CCD-4F71-957F-5C6E1065F8AE} 2012-06-26 15:22:59 -------- d--h--w- C:\Users\Monster\AppData\Local\{C0D5A744-196B-4488-89D4-A453FD2F13CC} 2012-06-26 15:22:37 -------- d--h--w- C:\Users\Monster\AppData\Local\{511F77EA-51CD-480A-805F-70F4A2A08717} 2012-06-26 01:48:13 -------- d--h--w- C:\Users\Monster\AppData\Local\{A36DB817-E690-4FCF-9505-F08E2922D875} 2012-06-26 01:47:51 -------- d--h--w- C:\Users\Monster\AppData\Local\{733798E2-F27A-429B-AA00-1FA7E799F6F1} 2012-06-25 12:28:27 -------- d--h--w- C:\Users\Monster\AppData\Local\{EBED92FC-8AD4-422B-9746-60E56B2379C1} 2012-06-25 12:28:04 -------- d--h--w- C:\Users\Monster\AppData\Local\{67EA5D40-9ED6-4C0B-8242-162BE794D01A} 2012-06-25 03:15:44 -------- d--h--w- C:\Users\Monster\AppData\Local\{4E767056-79EB-4D02-8645-526A828D1119} 2012-06-24 12:21:41 -------- d--h--w- C:\Users\Monster\AppData\Local\{0E3C63B1-B037-4C2C-AE2A-83323F0CA63B} 2012-06-24 12:21:19 -------- d--h--w- C:\Users\Monster\AppData\Local\{F363C67F-5588-44EE-B0E7-3AF9572975A3} 2012-06-23 20:10:46 -------- d--h--w- C:\Users\Monster\AppData\Local\{2E7D129E-6EA0-4D88-AB9C-94DD970F16D6} 2012-06-23 20:10:24 -------- d--h--w- C:\Users\Monster\AppData\Local\{566BE370-565D-494E-AFEE-8DF6C09554CC} 2012-06-22 21:03:34 -------- d--h--w- C:\Users\Monster\AppData\Local\{F1F2A841-7477-4353-9319-50F6C04D8B94} 2012-06-22 21:03:12 -------- d--h--w- C:\Users\Monster\AppData\Local\{6BD9CA0F-ED67-4857-9D71-1AD9057AFE5D} 2012-06-22 03:01:27 -------- d--h--w- C:\Users\Monster\AppData\Local\{CAE85344-85FB-4502-A12B-472F28C18C25} 2012-06-22 03:01:05 -------- d--h--w- C:\Users\Monster\AppData\Local\{4525B361-505D-4E5F-AF7B-0D331E71AD23} 2012-06-21 11:01:42 -------- d--h--w- C:\Users\Monster\AppData\Local\{C4D4E913-F830-4796-8395-C0313ACAC445} 2012-06-21 11:01:20 -------- d--h--w- C:\Users\Monster\AppData\Local\{D59D66B2-92D3-458F-94E4-DC0AA2A7D941} 2012-06-20 18:08:17 -------- d--h--w- C:\Users\Monster\AppData\Local\{6BC3DF1E-8742-4EF7-8AE6-4C60E1BCCA93} 2012-06-20 18:07:55 -------- d--h--w- C:\Users\Monster\AppData\Local\{1079313F-DA88-44FD-A453-798ACD5E0106} 2012-06-20 01:44:00 -------- d--h--w- C:\Users\Monster\AppData\Local\{96AE8B23-8674-4E3E-9A9A-6D18DC4CE283} 2012-06-20 01:43:38 -------- d--h--w- C:\Users\Monster\AppData\Local\{DAFFCBFE-7E60-4A8D-BC1E-1B2AEBE3A44A} 2012-06-19 04:10:52 -------- d--h--w- C:\Users\Monster\AppData\Local\{2BCAFC05-4A35-40D5-B6A4-4A4B47ABAB17} 2012-06-19 04:10:30 -------- d--h--w- C:\Users\Monster\AppData\Local\{FF08AAC1-B051-4167-90D5-3E6EE87A0DD2} 2012-06-18 12:57:55 -------- d--h--w- C:\Users\Monster\AppData\Local\{DADE819D-B2EC-45FB-9F1D-1E5EA61EC952} 2012-06-17 22:20:02 -------- d--h--w- C:\Users\Monster\AppData\Local\{AB587CF5-0C82-47C6-B7A8-E075E4D4275A} 2012-06-17 11:05:43 -------- d--h--w- C:\Users\Monster\AppData\Local\{03495D20-872D-47C3-93AD-6A9F0B06D867} 2012-06-16 20:55:50 -------- d--h--w- C:\Users\Monster\AppData\Local\{0F7F3DA5-1B52-47CE-82C6-A5DB4E2E7FA6} 2012-06-16 13:13:58 -------- d--h--w- C:\Users\Monster\AppData\Local\{7020333B-81B6-4883-A5F3-9BC4C4921622} 2012-06-15 20:39:13 -------- d--h--w- C:\Users\Monster\AppData\Local\{5887454E-1B49-4464-B7A8-A49601ABEBEA} 2012-06-15 16:30:33 -------- d--h--w- C:\Users\Monster\AppData\Local\{BB3F59B2-6AB4-4EE6-80E3-5EA870C1912B} 2012-06-15 04:19:12 -------- d--h--w- C:\Users\Monster\AppData\Local\{09C4D844-EB59-49C4-9176-0CE1AE1A36A9} 2012-06-14 14:05:09 -------- d--h--w- C:\Users\Monster\AppData\Local\{AF9A8AF8-6167-42C1-A50E-76E9CD2E0DCF} 2012-06-14 14:04:47 -------- d--h--w- C:\Users\Monster\AppData\Local\{A89DFE16-C42B-4938-97F6-71CDF9F79F10} 2012-06-14 09:01:05 -------- d--h--w- C:\Users\Monster\AppData\Local\{112B8723-C34B-4810-AC95-D0CA00D271B4} 2012-06-13 13:10:11 -------- d-----w- C:\ProgramData\Battle.net 2012-06-13 13:00:48 -------- d--h--w- C:\Users\Monster\AppData\Local\{EC3DA9E3-C873-465F-A7E8-308AA10B8E26} 2012-06-13 13:00:26 -------- d--h--w- C:\Users\Monster\AppData\Local\{8A4B39E5-3107-4BC9-9E96-D1CCC66B0B68} 2012-06-13 05:35:10 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-06-13 05:35:10 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-06-13 05:23:22 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-12 23:49:53 -------- d--h--w- C:\Users\Monster\AppData\Local\{1E6F485C-C856-4711-AA5C-814107B8007F} 2012-06-12 23:49:31 -------- d--h--w- C:\Users\Monster\AppData\Local\{4D97A91B-0CA8-4941-9986-04FC90ED51DE} 2012-06-12 11:01:44 -------- d--h--w- C:\Users\Monster\AppData\Local\{A5126C23-A6A4-473F-99D6-3A0EC0175E08} 2012-06-12 11:01:22 -------- d--h--w- C:\Users\Monster\AppData\Local\{845131F4-9B1F-430D-A275-5360ED31999C} 2012-06-12 00:51:04 428392 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2012-06-11 15:57:51 -------- d--h--w- C:\Users\Monster\AppData\Local\{87024ACA-2EC2-4624-A00B-77ADDA2A5DC7} 2012-06-11 15:57:29 -------- d--h--w- C:\Users\Monster\AppData\Local\{D9C7F8AD-E6DE-42DA-9B4B-4B32C5FC449F} 2012-06-11 03:02:21 -------- d--h--w- C:\Users\Monster\AppData\Local\{2440A8F9-84B3-44FB-96B8-DF773007A3B3} 2012-06-11 03:01:58 -------- d--h--w- C:\Users\Monster\AppData\Local\{6A4247B2-172A-4AF0-B797-E12AE8FF2B1C} 2012-06-10 12:31:10 -------- d--h--w- C:\Users\Monster\AppData\Local\{B2E11062-B0EB-4FB7-A037-90EDF4F2279D} 2012-06-10 12:30:48 -------- d--h--w- C:\Users\Monster\AppData\Local\{18E16E3E-ADD8-4D41-822E-422181EBB6F5} 2012-06-09 20:19:48 -------- d--h--w- C:\Users\Monster\AppData\Local\{659F3DDC-3539-463C-A670-ED434F1CA539} 2012-06-09 20:19:26 -------- d--h--w- C:\Users\Monster\AppData\Local\{26CFF707-4E0E-45DE-BB03-D1AF1F16B725} 2012-06-09 05:00:37 -------- d--h--w- C:\Users\Monster\AppData\Local\{3C6BDBAB-7069-4682-8652-0251A5440657} 2012-06-09 05:00:15 -------- d--h--w- C:\Users\Monster\AppData\Local\{C5CCB3B5-A47E-4E00-B2D6-365B9A497888} 2012-06-09 02:30:37 -------- d--h--w- C:\Users\Monster\AppData\Local\{A881F694-2986-4179-9978-D739EA99FCA7} 2012-06-08 23:43:25 -------- d--h--w- C:\Users\Monster\AppData\Local\{3A2C788D-9DB8-4A8B-96EE-DCF821DD07F6} . ==================== Find3M ==================== . 2012-07-08 03:19:39 25640 ----a-w- C:\Windows\gdrv.sys 2012-06-12 02:30:01 2653573 ----a-w- C:\Windows\System32\nvcoproc.bin 2012-06-12 02:29:20 3264360 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-06-12 02:29:19 6189928 ----a-w- C:\Windows\System32\nvcpl.dll 2012-06-12 02:28:59 891240 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-06-12 02:28:59 63336 ----a-w- C:\Windows\System32\nvshext.dll 2012-06-12 02:28:59 118120 ----a-w- C:\Windows\System32\nvmctray.dll 2012-06-11 12:22:38 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-11 12:22:38 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-21 13:10:56 31080 ----a-w- C:\Windows\System32\nvhdap64.dll 2012-05-21 13:10:51 188776 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys 2012-05-21 07:34:41 1468264 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-15 10:48:00 364352 ----a-w- C:\Windows\System32\nvdecodemft.dll 2012-05-15 10:48:00 301376 ----a-w- C:\Windows\SysWow64\nvdecodemft.dll 2012-05-15 10:48:00 1468224 ----a-w- C:\Windows\System32\nvgenco64.dll 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2012-04-09 21:14:17 47616 ----a-w- C:\Windows\SysWow64\pdf995mon64.dll . ============= FINISH: 0:17:21.09 =============== Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 9/5/2011 3:54:51 PM System Uptime: 7/7/2012 11:18:43 PM (1 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | Z68XP-UD3P Processor: Intel® Core i7-2600K CPU @ 3.40GHz | Socket 1155 | 3701/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 200 GiB total, 135.804 GiB free. D: is CDROM () E: is FIXED (NTFS) - 65 GiB total, 21.32 GiB free. F: is FIXED (NTFS) - 200 GiB total, 148.894 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP205: 6/26/2012 2:18:01 AM - Windows Update RP206: 6/27/2012 1:56:47 AM - Windows Update RP207: 6/29/2012 4:00:27 AM - Windows Backup RP208: 6/29/2012 6:59:34 PM - Windows Update RP209: 7/3/2012 12:06:18 AM - Windows Update RP210: 7/5/2012 11:28:44 PM - Installed QuickTime RP211: 7/6/2012 12:47:31 AM - Windows Update RP212: 7/6/2012 4:00:16 AM - Windows Backup RP213: 7/7/2012 8:55:06 AM - Windows Backup RP215: 7/7/2012 10:07:19 AM - Microsoft Antimalware Checkpoint RP216: 7/7/2012 10:29:17 AM - Restore Operation RP217: 7/7/2012 4:19:00 PM - Windows Backup RP218: 7/7/2012 5:01:48 PM - Windows Update RP219: 7/7/2012 11:33:03 PM - Installed Java 7 Update 5 RP220: 7/7/2012 11:33:25 PM - Installed JavaFX 2.1.1 RP221: 7/7/2012 11:34:44 PM - Removed Java 6 Update 30 . ==== Installed Programs ====================== . @BIOS Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.3) Adobe Shockwave Player 11.6 Apple Application Support Apple Software Update D3DX10 DES 2.0 DMIView B8.0717.01 Dolby Home Theater v4 Dropbox Etron USB3.0 Host Controller EVGA OC Scanner 1.7.3 EVGA Precision X 3.0.3 Garmin Lifetime Updater H&R Block Deluxe + Efile + State 2011 Half-Life 2: Lost Coast Hercules Classic Silver Hercules Webcam Station Evolution SE Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Java Auto Updater Java 7 Update 5 JavaFX 2.1.1 Junk Mail filter update Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT MSVCRT_amd64 NVIDIA PhysX NVIDIA Stereoscopic 3D Driver ON_OFF Charge B11.0110.1 OpenAL OpenOffice.org 3.3 Pdf995 (installed by H&R Block) PdfEdit995 (installed by H&R Block) Portal PowerChute Personal Edition 3.0.2 QuickTime Reality Fusion VarietyPack Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Simple Sudoku 4.2 Skype Click to Call Skype™ 5.10 swMSM System Requirements Lab System Requirements Lab for Intel TouchBIOS B11.0512.1 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update Manager B10.0728.1 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Wing Commander Privateer . ==== Event Viewer Messages From Past Week ======== . 7/7/2012 9:01:51 AM, Error: volsnap [35] - The shadow copies of volume G: were aborted because the shadow copy storage failed to grow. 7/7/2012 7:50:23 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 7/7/2012 7:48:25 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 7/7/2012 7:48:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 7/7/2012 7:48:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 7/7/2012 7:48:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/7/2012 7:48:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 7/7/2012 7:48:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AppleCharger discache MpFilter spldr Wanarpv6 7/7/2012 7:12:05 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 7/7/2012 4:58:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 7/7/2012 4:58:19 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/7/2012 4:57:48 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 7/7/2012 4:57:48 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 7/7/2012 4:08:45 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.129.1016.0;1.129.1016.0 Engine version: 1.1.8502.0 7/7/2012 11:26:25 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified. 7/7/2012 11:26:25 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified. 7/7/2012 11:20:16 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. 7/7/2012 11:19:05 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found. 7/7/2012 11:18:06 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 7/7/2012 11:17:49 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 7/7/2012 11:15:11 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File ===========================