I think I really goofed up and I am so sorry...

[HarryMonster]

My computer (Win7, 64-bit) reported a viral infection to me early today via Microsoft Security Essentials. It had been quarantined in the history file and I told MSE to delete it. I then ran full scans with MSE and MBAM, and neither found anything else on my machine.

But something was definitely wrong. I couldn't put MBAM (I have the Pro version) into Protection Mode. When I try, I get an error. It says, "PROGRAM_ERROR_PROTECTION_MODULE (1068, 0, ProtectionEnable) The dependency service or group failed to start."

I thought something happened to MBAM, so I uninstalled it, then reinstalled it from the disk, updated it online, and tried again to get it to go into Protection Mode. It wouldn't go -- same error.

I then tried to go to Windows Updates to see if there was any new Malicious Software Removal Tool. Windows Updates gave me an error (Code 80070005) and couldn't check for updates.

I started reading on the forums to see if anyone else had a similar problem, then I did a very bad thing. A poster named Big_Shifty wrote about his issue, and I chimed in with a couple of "Me too!" posts. After that, I read the sticky called "Groups authorized to help with HJT logs" and I felt just awful. I never should have posted on Big_Shifty's issue and I am so sorry. I hope he can get the help he needs. His topic is called, "I believe I still have an infection." Please help him before you help me!

Still blundering along, I continued reading other chains and tried some tools listed. The Kaspersky free tool found and removed two things from my system:

MEM: Rootkit.Win64.Sst.b and

Rootkit.Boot.SST.a

I don't know why the MBAM or MSE scans didn't find those, but I thought, "Great, now it's going to be fixed!"

Only it's not. Still can't get the Windows Update to work, and MBAM won't go into Protected Mode. In fact, I can't change my Windows wallpaper either, which is disturbing too.

I hope I didn't mess things up so bad they can't be fixed without completely reloading Windows again. I would absolutely hate that, and I'm praying you can help me. I feel like a total fool here.

So now that I read the stickies and know what to do, here, below, are the DDS.txt and Attach.txt files. Please forgive me for charging in and perhaps making a bad situation worse. I wouldn't blame you if you didn't want to help me at this point, but thank you in advance if you're willing to try.

Sincerely,

- = M = -

DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Monster at 0:17:10 on 2012-07-08

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16301.13876 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe

C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe

C:\Users\Monster\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://affiliate.zap2it.com/tvlistings/ZCGrid.do?loginRedirectReq=true

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart

mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRunOnce: [GBTUpd] C:\Program Files (x86)\GIGABYTE\UpdManager\PreRun.exe

mRunOnce: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe state

mRunOnce: [GrpConv] grpconv -o

StartupFolder: C:\Users\Monster\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Monster\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVGAPR~1.LNK - C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB

DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/BINGAME/POPCAPLOADER_V10.CAB

TCP: DhcpNameServer = 192.168.10.1

TCP: Interfaces\{0205CAC2-58CB-4D3B-9DBB-01B62C589397} : DhcpNameServer = 192.168.10.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

mRun-x64: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart

mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRunOnce-x64: [GBTUpd] C:\Program Files (x86)\GIGABYTE\UpdManager\PreRun.exe

mRunOnce-x64: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe state

mRunOnce-x64: [GrpConv] grpconv -o

AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-1-24 21880]

R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-9-7 68136]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-4 1258856]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-6-11 382312]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]

R3 hxctlflt;hxctlflt;C:\Windows\system32\DRIVERS\hxctlflt.sys --> C:\Windows\system32\DRIVERS\hxctlflt.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2012-6-29 15176]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

RUnknown 48503750;48503750; [x]

RUnknown 5860294drv;5860294drv; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-7 654408]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]

S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-9-9 25640]

S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-9-7 30528]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-08 04:11:57 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-08 04:10:54 116016 ----a-w- C:\Windows\System32\drivers\89452384.sys

2012-07-08 03:33:41 -------- d-----w- C:\Program Files (x86)\Oracle

2012-07-08 03:33:21 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-07-08 03:24:59 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9938CC0A-D0C1-4993-B548-7306BAC6177A}\mpengine.dll

2012-07-08 03:19:40 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-08 03:15:18 98816 ----a-w- C:\Windows\sed.exe

2012-07-08 03:15:18 518144 ----a-w- C:\Windows\SWREG.exe

2012-07-08 03:15:18 256000 ----a-w- C:\Windows\PEV.exe

2012-07-08 03:15:18 208896 ----a-w- C:\Windows\MBR.exe

2012-07-08 03:15:17 -------- d-----w- C:\ComboFix

2012-07-08 01:21:43 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-07-07 23:18:59 -------- d--h--w- C:\Windows\msdownld.tmp

2012-07-07 23:03:38 -------- d-----w- C:\Users\Monster\AppData\Local\{A3E16D22-F576-469B-9156-E0494EC2AC5F}

2012-07-07 23:03:16 -------- d-----w- C:\Users\Monster\AppData\Local\{C3E81BCB-F2D9-4FF3-815A-6AC52484943E}

2012-07-07 22:41:21 -------- d-----w- C:\Users\Monster\AppData\Local\{84C76A8C-DC35-4EF8-8E94-C47EAA90A010}

2012-07-07 22:15:33 -------- d-----w- C:\Users\Monster\AppData\Local\{21A84CF0-F659-4D71-89EC-23EFDA801698}

2012-07-07 20:54:57 -------- d-----w- C:\Users\Monster\AppData\Roaming\Malwarebytes

2012-07-07 20:54:48 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2012-07-07 20:54:48 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-07 20:54:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-07 20:08:45 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-07 19:42:46 -------- d-----w- C:\Users\Monster\AppData\Local\{8452858B-ACF0-4496-9A4A-D0D390A88840}

2012-07-07 19:42:25 -------- d-----w- C:\Users\Monster\AppData\Local\{4C15BE42-0BEA-4268-B8AC-670DA4569960}

2012-07-07 18:17:34 -------- d-----w- C:\Users\Monster\AppData\Local\{DAB9186B-DFAD-4524-B924-065AF0D8FA52}

2012-07-07 03:25:07 -------- d--h--w- C:\Users\Monster\AppData\Local\{4BDBE2AD-3146-4DB0-993B-703723560C63}

2012-07-07 03:24:45 -------- d--h--w- C:\Users\Monster\AppData\Local\{D98B742A-50D1-4416-94E8-2B4183850D8C}

2012-07-06 15:18:21 -------- d--h--w- C:\Users\Monster\AppData\Local\{29E63BF6-0C75-40E2-AF96-34F13CD5D017}

2012-07-06 15:17:59 -------- d--h--w- C:\Users\Monster\AppData\Local\{FD00A1B2-CA9A-4236-BFF7-FFE517F12672}

2012-07-06 03:31:18 -------- d--h--w- C:\Users\Monster\AppData\Local\Apple Computer

2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-07-06 03:28:34 -------- d--h--w- C:\Users\Monster\AppData\Local\Apple

2012-07-06 03:02:04 -------- d--h--w- C:\Users\Monster\AppData\Local\{99E0CB75-8492-411D-948A-2A0304709A9A}

2012-07-06 03:01:42 -------- d--h--w- C:\Users\Monster\AppData\Local\{771EE766-C26A-4F64-AEF2-97B7CE83F290}

2012-07-05 15:01:17 -------- d--h--w- C:\Users\Monster\AppData\Local\{C580793E-6487-4161-9622-6C86AC984ABC}

2012-07-05 15:00:55 -------- d--h--w- C:\Users\Monster\AppData\Local\{D14AE534-F078-4ED8-BC11-8D0515696A79}

2012-07-05 02:39:03 -------- d--h--w- C:\Users\Monster\AppData\Local\{0AA1976B-1291-4197-9E53-70938642C8A6}

2012-07-05 02:38:41 -------- d--h--w- C:\Users\Monster\AppData\Local\{F07FC934-09F0-44D1-BE98-8B185E2E3006}

2012-07-04 13:22:40 -------- d--h--w- C:\Users\Monster\AppData\Local\{D205320D-0CDC-427C-908A-8ABCF9A4F3CD}

2012-07-04 13:22:18 -------- d--h--w- C:\Users\Monster\AppData\Local\{8A7D36A2-8B53-44B2-AA0B-5F1B468CF3F1}

2012-07-04 02:21:10 -------- d--h--w- C:\Users\Monster\AppData\Local\{1E153537-D550-4C85-A39F-511783315B84}

2012-07-03 22:17:02 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9E06D002-0A74-4578-88D3-B1C494A35956}\gapaengine.dll

2012-07-03 12:54:27 -------- d--h--w- C:\Users\Monster\AppData\Local\{428BB0E7-5914-4BB6-98DF-EDED855C544C}

2012-07-03 12:54:04 -------- d--h--w- C:\Users\Monster\AppData\Local\{12501126-51D9-44D6-8283-A4771FD79AA3}

2012-07-03 00:23:34 -------- d--h--w- C:\Users\Monster\AppData\Local\{F34EB0E2-4C21-4451-ACE5-D11549D91164}

2012-07-03 00:23:12 -------- d--h--w- C:\Users\Monster\AppData\Local\{50448357-028D-495E-BB39-C40C93E39702}

2012-07-02 12:22:47 -------- d--h--w- C:\Users\Monster\AppData\Local\{0980B5B5-BDB3-4916-AB7A-2B6FEE9BD664}

2012-07-02 12:22:25 -------- d--h--w- C:\Users\Monster\AppData\Local\{B054D9E8-2255-44B0-BC5E-A9E3D668B21A}

2012-07-01 21:03:30 -------- d--h--w- C:\Users\Monster\AppData\Local\{18AC2C45-BB29-4232-8AF8-364BBD020545}

2012-07-01 21:03:08 -------- d--h--w- C:\Users\Monster\AppData\Local\{8ABB9521-8ED4-4E28-B576-5C4640EEB988}

2012-07-01 16:01:37 -------- d--h--w- C:\Users\Monster\AppData\Local\{8C0CBB0D-8FC6-430C-AC9B-B077130206DE}

2012-07-01 16:01:15 -------- d--h--w- C:\Users\Monster\AppData\Local\{D1C6AECD-E652-4121-819C-714031512535}

2012-07-01 01:47:37 -------- d--h--w- C:\Users\Monster\AppData\Local\{40E7ED80-FC09-4A97-B4C8-3EEFF5A19B91}

2012-07-01 01:47:15 -------- d--h--w- C:\Users\Monster\AppData\Local\{C73D78F8-36A4-4C88-B972-B46B5F2263E9}

2012-06-30 13:02:11 -------- d--h--w- C:\Users\Monster\AppData\Local\{69D02A7D-08B7-41D4-90A1-A7116643E317}

2012-06-30 13:01:49 -------- d--h--w- C:\Users\Monster\AppData\Local\{963DA3A9-1348-41D9-813D-C4D053031066}

2012-06-30 04:27:19 -------- d--h--w- C:\Users\Monster\AppData\Local\{7D01B93F-3C46-45A8-8A87-78E7485AF79B}

2012-06-30 04:26:57 -------- d--h--w- C:\Users\Monster\AppData\Local\{E67238A1-05D0-4D80-90E3-B526915902F6}

2012-06-29 12:22:47 -------- d--h--w- C:\Users\Monster\AppData\Local\{CDA64F1A-BA88-4D5B-BBF8-CDBD2E14C239}

2012-06-29 12:22:25 -------- d--h--w- C:\Users\Monster\AppData\Local\{83DF09D8-E964-45ED-B078-EA3BF9937D73}

2012-06-29 00:22:01 -------- d--h--w- C:\Users\Monster\AppData\Local\{881D59FB-B54F-46C2-AD95-6D37DAD1F193}

2012-06-29 00:21:38 -------- d--h--w- C:\Users\Monster\AppData\Local\{23896204-0A7D-476C-9444-038816CA6DF7}

2012-06-28 12:21:14 -------- d--h--w- C:\Users\Monster\AppData\Local\{F984CF34-63AD-4397-92DD-C05D2DF2C624}

2012-06-28 12:20:52 -------- d--h--w- C:\Users\Monster\AppData\Local\{35224A91-EFD2-4029-AE3B-59CE2E486907}

2012-06-27 16:58:18 -------- d--h--w- C:\Users\Monster\AppData\Local\{2B36657F-71F3-4488-97A8-5DC398A34D98}

2012-06-27 16:57:56 -------- d--h--w- C:\Users\Monster\AppData\Local\{FCAFCAD8-F3FC-4BFC-9BC3-96BA6AFCD2E4}

2012-06-27 16:54:12 -------- d--h--w- C:\Users\Monster\AppData\Local\{5475B883-056F-44C7-9A95-0F58BDBCD550}

2012-06-27 05:57:08 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-27 05:57:04 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-27 05:56:57 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-27 05:56:57 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-27 04:31:04 -------- d--h--w- C:\Users\Monster\AppData\Local\{A39BF54A-074A-4635-B043-5C67012A3407}

2012-06-27 04:30:42 -------- d--h--w- C:\Users\Monster\AppData\Local\{2973D902-1CCD-4F71-957F-5C6E1065F8AE}

2012-06-26 15:22:59 -------- d--h--w- C:\Users\Monster\AppData\Local\{C0D5A744-196B-4488-89D4-A453FD2F13CC}

2012-06-26 15:22:37 -------- d--h--w- C:\Users\Monster\AppData\Local\{511F77EA-51CD-480A-805F-70F4A2A08717}

2012-06-26 01:48:13 -------- d--h--w- C:\Users\Monster\AppData\Local\{A36DB817-E690-4FCF-9505-F08E2922D875}

2012-06-26 01:47:51 -------- d--h--w- C:\Users\Monster\AppData\Local\{733798E2-F27A-429B-AA00-1FA7E799F6F1}

2012-06-25 12:28:27 -------- d--h--w- C:\Users\Monster\AppData\Local\{EBED92FC-8AD4-422B-9746-60E56B2379C1}

2012-06-25 12:28:04 -------- d--h--w- C:\Users\Monster\AppData\Local\{67EA5D40-9ED6-4C0B-8242-162BE794D01A}

2012-06-25 03:15:44 -------- d--h--w- C:\Users\Monster\AppData\Local\{4E767056-79EB-4D02-8645-526A828D1119}

2012-06-24 12:21:41 -------- d--h--w- C:\Users\Monster\AppData\Local\{0E3C63B1-B037-4C2C-AE2A-83323F0CA63B}

2012-06-24 12:21:19 -------- d--h--w- C:\Users\Monster\AppData\Local\{F363C67F-5588-44EE-B0E7-3AF9572975A3}

2012-06-23 20:10:46 -------- d--h--w- C:\Users\Monster\AppData\Local\{2E7D129E-6EA0-4D88-AB9C-94DD970F16D6}

2012-06-23 20:10:24 -------- d--h--w- C:\Users\Monster\AppData\Local\{566BE370-565D-494E-AFEE-8DF6C09554CC}

2012-06-22 21:03:34 -------- d--h--w- C:\Users\Monster\AppData\Local\{F1F2A841-7477-4353-9319-50F6C04D8B94}

2012-06-22 21:03:12 -------- d--h--w- C:\Users\Monster\AppData\Local\{6BD9CA0F-ED67-4857-9D71-1AD9057AFE5D}

2012-06-22 03:01:27 -------- d--h--w- C:\Users\Monster\AppData\Local\{CAE85344-85FB-4502-A12B-472F28C18C25}

2012-06-22 03:01:05 -------- d--h--w- C:\Users\Monster\AppData\Local\{4525B361-505D-4E5F-AF7B-0D331E71AD23}

2012-06-21 11:01:42 -------- d--h--w- C:\Users\Monster\AppData\Local\{C4D4E913-F830-4796-8395-C0313ACAC445}

2012-06-21 11:01:20 -------- d--h--w- C:\Users\Monster\AppData\Local\{D59D66B2-92D3-458F-94E4-DC0AA2A7D941}

2012-06-20 18:08:17 -------- d--h--w- C:\Users\Monster\AppData\Local\{6BC3DF1E-8742-4EF7-8AE6-4C60E1BCCA93}

2012-06-20 18:07:55 -------- d--h--w- C:\Users\Monster\AppData\Local\{1079313F-DA88-44FD-A453-798ACD5E0106}

2012-06-20 01:44:00 -------- d--h--w- C:\Users\Monster\AppData\Local\{96AE8B23-8674-4E3E-9A9A-6D18DC4CE283}

2012-06-20 01:43:38 -------- d--h--w- C:\Users\Monster\AppData\Local\{DAFFCBFE-7E60-4A8D-BC1E-1B2AEBE3A44A}

2012-06-19 04:10:52 -------- d--h--w- C:\Users\Monster\AppData\Local\{2BCAFC05-4A35-40D5-B6A4-4A4B47ABAB17}

2012-06-19 04:10:30 -------- d--h--w- C:\Users\Monster\AppData\Local\{FF08AAC1-B051-4167-90D5-3E6EE87A0DD2}

2012-06-18 12:57:55 -------- d--h--w- C:\Users\Monster\AppData\Local\{DADE819D-B2EC-45FB-9F1D-1E5EA61EC952}

2012-06-17 22:20:02 -------- d--h--w- C:\Users\Monster\AppData\Local\{AB587CF5-0C82-47C6-B7A8-E075E4D4275A}

2012-06-17 11:05:43 -------- d--h--w- C:\Users\Monster\AppData\Local\{03495D20-872D-47C3-93AD-6A9F0B06D867}

2012-06-16 20:55:50 -------- d--h--w- C:\Users\Monster\AppData\Local\{0F7F3DA5-1B52-47CE-82C6-A5DB4E2E7FA6}

2012-06-16 13:13:58 -------- d--h--w- C:\Users\Monster\AppData\Local\{7020333B-81B6-4883-A5F3-9BC4C4921622}

2012-06-15 20:39:13 -------- d--h--w- C:\Users\Monster\AppData\Local\{5887454E-1B49-4464-B7A8-A49601ABEBEA}

2012-06-15 16:30:33 -------- d--h--w- C:\Users\Monster\AppData\Local\{BB3F59B2-6AB4-4EE6-80E3-5EA870C1912B}

2012-06-15 04:19:12 -------- d--h--w- C:\Users\Monster\AppData\Local\{09C4D844-EB59-49C4-9176-0CE1AE1A36A9}

2012-06-14 14:05:09 -------- d--h--w- C:\Users\Monster\AppData\Local\{AF9A8AF8-6167-42C1-A50E-76E9CD2E0DCF}

2012-06-14 14:04:47 -------- d--h--w- C:\Users\Monster\AppData\Local\{A89DFE16-C42B-4938-97F6-71CDF9F79F10}

2012-06-14 09:01:05 -------- d--h--w- C:\Users\Monster\AppData\Local\{112B8723-C34B-4810-AC95-D0CA00D271B4}

2012-06-13 13:10:11 -------- d-----w- C:\ProgramData\Battle.net

2012-06-13 13:00:48 -------- d--h--w- C:\Users\Monster\AppData\Local\{EC3DA9E3-C873-465F-A7E8-308AA10B8E26}

2012-06-13 13:00:26 -------- d--h--w- C:\Users\Monster\AppData\Local\{8A4B39E5-3107-4BC9-9E96-D1CCC66B0B68}

2012-06-13 05:35:10 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-06-13 05:35:10 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-06-13 05:23:22 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-12 23:49:53 -------- d--h--w- C:\Users\Monster\AppData\Local\{1E6F485C-C856-4711-AA5C-814107B8007F}

2012-06-12 23:49:31 -------- d--h--w- C:\Users\Monster\AppData\Local\{4D97A91B-0CA8-4941-9986-04FC90ED51DE}

2012-06-12 11:01:44 -------- d--h--w- C:\Users\Monster\AppData\Local\{A5126C23-A6A4-473F-99D6-3A0EC0175E08}

2012-06-12 11:01:22 -------- d--h--w- C:\Users\Monster\AppData\Local\{845131F4-9B1F-430D-A275-5360ED31999C}

2012-06-12 00:51:04 428392 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-06-11 15:57:51 -------- d--h--w- C:\Users\Monster\AppData\Local\{87024ACA-2EC2-4624-A00B-77ADDA2A5DC7}

2012-06-11 15:57:29 -------- d--h--w- C:\Users\Monster\AppData\Local\{D9C7F8AD-E6DE-42DA-9B4B-4B32C5FC449F}

2012-06-11 03:02:21 -------- d--h--w- C:\Users\Monster\AppData\Local\{2440A8F9-84B3-44FB-96B8-DF773007A3B3}

2012-06-11 03:01:58 -------- d--h--w- C:\Users\Monster\AppData\Local\{6A4247B2-172A-4AF0-B797-E12AE8FF2B1C}

2012-06-10 12:31:10 -------- d--h--w- C:\Users\Monster\AppData\Local\{B2E11062-B0EB-4FB7-A037-90EDF4F2279D}

2012-06-10 12:30:48 -------- d--h--w- C:\Users\Monster\AppData\Local\{18E16E3E-ADD8-4D41-822E-422181EBB6F5}

2012-06-09 20:19:48 -------- d--h--w- C:\Users\Monster\AppData\Local\{659F3DDC-3539-463C-A670-ED434F1CA539}

2012-06-09 20:19:26 -------- d--h--w- C:\Users\Monster\AppData\Local\{26CFF707-4E0E-45DE-BB03-D1AF1F16B725}

2012-06-09 05:00:37 -------- d--h--w- C:\Users\Monster\AppData\Local\{3C6BDBAB-7069-4682-8652-0251A5440657}

2012-06-09 05:00:15 -------- d--h--w- C:\Users\Monster\AppData\Local\{C5CCB3B5-A47E-4E00-B2D6-365B9A497888}

2012-06-09 02:30:37 -------- d--h--w- C:\Users\Monster\AppData\Local\{A881F694-2986-4179-9978-D739EA99FCA7}

2012-06-08 23:43:25 -------- d--h--w- C:\Users\Monster\AppData\Local\{3A2C788D-9DB8-4A8B-96EE-DCF821DD07F6}

.

==================== Find3M ====================

.

2012-07-08 03:19:39 25640 ----a-w- C:\Windows\gdrv.sys

2012-06-12 02:30:01 2653573 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-06-12 02:29:20 3264360 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-06-12 02:29:19 6189928 ----a-w- C:\Windows\System32\nvcpl.dll

2012-06-12 02:28:59 891240 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-06-12 02:28:59 63336 ----a-w- C:\Windows\System32\nvshext.dll

2012-06-12 02:28:59 118120 ----a-w- C:\Windows\System32\nvmctray.dll

2012-06-11 12:22:38 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-11 12:22:38 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-21 13:10:56 31080 ----a-w- C:\Windows\System32\nvhdap64.dll

2012-05-21 13:10:51 188776 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2012-05-21 07:34:41 1468264 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 10:48:00 364352 ----a-w- C:\Windows\System32\nvdecodemft.dll

2012-05-15 10:48:00 301376 ----a-w- C:\Windows\SysWow64\nvdecodemft.dll

2012-05-15 10:48:00 1468224 ----a-w- C:\Windows\System32\nvgenco64.dll

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2012-04-09 21:14:17 47616 ----a-w- C:\Windows\SysWow64\pdf995mon64.dll

.

============= FINISH: 0:17:21.09 ===============

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 9/5/2011 3:54:51 PM

System Uptime: 7/7/2012 11:18:43 PM (1 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | Z68XP-UD3P

Processor: Intel® Core i7-2600K CPU @ 3.40GHz | Socket 1155 | 3701/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 200 GiB total, 135.804 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 65 GiB total, 21.32 GiB free.

F: is FIXED (NTFS) - 200 GiB total, 148.894 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP205: 6/26/2012 2:18:01 AM - Windows Update

RP206: 6/27/2012 1:56:47 AM - Windows Update

RP207: 6/29/2012 4:00:27 AM - Windows Backup

RP208: 6/29/2012 6:59:34 PM - Windows Update

RP209: 7/3/2012 12:06:18 AM - Windows Update

RP210: 7/5/2012 11:28:44 PM - Installed QuickTime

RP211: 7/6/2012 12:47:31 AM - Windows Update

RP212: 7/6/2012 4:00:16 AM - Windows Backup

RP213: 7/7/2012 8:55:06 AM - Windows Backup

RP215: 7/7/2012 10:07:19 AM - Microsoft Antimalware Checkpoint

RP216: 7/7/2012 10:29:17 AM - Restore Operation

RP217: 7/7/2012 4:19:00 PM - Windows Backup

RP218: 7/7/2012 5:01:48 PM - Windows Update

RP219: 7/7/2012 11:33:03 PM - Installed Java 7 Update 5

RP220: 7/7/2012 11:33:25 PM - Installed JavaFX 2.1.1

RP221: 7/7/2012 11:34:44 PM - Removed Java 6 Update 30

.

==== Installed Programs ======================

.

@BIOS

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11.6

Apple Application Support

Apple Software Update

D3DX10

DES 2.0

DMIView B8.0717.01

Dolby Home Theater v4

Dropbox

Etron USB3.0 Host Controller

EVGA OC Scanner 1.7.3

EVGA Precision X 3.0.3

Garmin Lifetime Updater

H&R Block Deluxe + Efile + State 2011

Half-Life 2: Lost Coast

Hercules Classic Silver

Hercules Webcam Station Evolution SE

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Java Auto Updater

Java 7 Update 5

JavaFX 2.1.1

Junk Mail filter update

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSVCRT

MSVCRT_amd64

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

ON_OFF Charge B11.0110.1

OpenAL

OpenOffice.org 3.3

Pdf995 (installed by H&R Block)

PdfEdit995 (installed by H&R Block)

Portal

PowerChute Personal Edition 3.0.2

QuickTime

Reality Fusion VarietyPack

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Simple Sudoku 4.2

Skype Click to Call

Skype™ 5.10

swMSM

System Requirements Lab

System Requirements Lab for Intel

TouchBIOS B11.0512.1

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update Manager B10.0728.1

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Wing Commander Privateer

.

==== Event Viewer Messages From Past Week ========

.

7/7/2012 9:01:51 AM, Error: volsnap [35] - The shadow copies of volume G: were aborted because the shadow copy storage failed to grow.

7/7/2012 7:50:23 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

7/7/2012 7:48:25 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

7/7/2012 7:48:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/7/2012 7:48:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/7/2012 7:48:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/7/2012 7:48:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/7/2012 7:48:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AppleCharger discache MpFilter spldr Wanarpv6

7/7/2012 7:12:05 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

7/7/2012 4:58:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

7/7/2012 4:58:19 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/7/2012 4:57:48 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

7/7/2012 4:57:48 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

7/7/2012 4:08:45 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.129.1016.0;1.129.1016.0 Engine version: 1.1.8502.0

7/7/2012 11:26:25 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.

7/7/2012 11:26:25 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.

7/7/2012 11:20:16 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.

7/7/2012 11:19:05 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

7/7/2012 11:18:06 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

7/7/2012 11:17:49 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

7/7/2012 11:15:11 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

[screen317]

Hi and welcome to Malwarebytes.

Run this please and attach the results for me:

http://downloads.malwarebytes.org/file/mbam_check

[HarryMonster]

Results as follows, and thank you in advance.

mbam-check result log version: 1.10.0.1000

Malwarebytes Version: REG_SZ 1.61.0.1400

Date Log Created: 07/08/12

Time Log Created: 18:22:33

64 bit Operating System

Product Name: REG_SZ Windows 7 Home Premium

Current Build Number: 7601

Current Version Number: 6.1

Current CSDVersion: Service Pack 1

Proxy Status: No proxy is Set

LAN Settings:

=============

only 'Automatically detect settings' is selected

SystemPartition:

================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\

SystemPartition REG_SZ \Device\HarddiskVolume1

Balloon Tips Status:

====================

Enabled

Time Format Settings:

=====================

Should be:

h:mm:ss tt

AM

PM

:

Currently:

REG_SZ h:mm:ss tt

REG_SZ AM

REG_SZ PM

REG_SZ :

Language and Regional Settings:

===============================

ACP: Language is English (United States)

MACCP: Language is English (United States)

OEMCP: Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:

====================================================

All Users Startup Folder Exists.

Current User's Startup Folder Exists.

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:

===============================================================================

TERMService:

==============

Type : 32

State : 1 (The service is not running.) (State is stopped)

WIN32_EXIT_CODE : 1077

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

TermService Start is set to: 3 (Manual Startup)

Compatibility Flag Settings (Any MBAM file listings should be removed):

=======================================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

C:\Users\Monster\Desktop\evgaprecisionx\EVGA_PrecisionX_Setup_301.exeREG_SZ VISTARTM

C:\Program Files (x86)\EVGA Precision\uninstall.exeREG_SZ VISTARTM

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

C:\Program Files (x86)\HRBlock2011\pdf995\autosetup.exeREG_SZ WINXPSP2

MBAM Startup Entries:

=====================

Service and Driver Status:

==========================

MBAMProtector:

==============

Type : 2

State : 1 (The service is not running.) (State is stopped)

WIN32_EXIT_CODE : 2

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

MBAMService:

==============

Type : 16

State : 1 (The service is not running.) (State is stopped)

WIN32_EXIT_CODE : 1068

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

MBAMProtector Registry Values:

==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector

Type REG_DWORD 2

Start REG_DWORD 3

ErrorControl REG_DWORD 1

ImagePath REG_EXPAND_SZ \??\C:\Windows\system32\drivers\mbam.sys

Group REG_SZ FSFilter Anti-Virus

DependOnService REG_MULTI_SZ FltMgr

WOW64 REG_DWORD 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances

DefaultInstance REG_SZ MBAMProtector Instance

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance

Altitude REG_SZ 328800

Flags REG_DWORD 0

MBAMService Registry Values:

============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService

Type REG_DWORD 16

Start REG_DWORD 2

ErrorControl REG_DWORD 1

ImagePath REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"

DependOnService REG_MULTI_SZ MBAMProtector

WOW64 REG_DWORD 1

ObjectName REG_SZ LocalSystem

Description REG_SZ Malwarebytes Anti-Malware service

DelayedAutostart REG_DWORD 1

MBAM DLL's and Runtime Files:

=============================

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid

(Default): REG_SZ vbAccelerator Grid Control

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid

(Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid

(Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.CTimer

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid

(Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid

(Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1

(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS

(Default): REG_SZ 2

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1

(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS

(Default): REG_SZ 2

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0

(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0

(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ _ISubclass

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ ISubclass

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ __CTimer

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ CTimer

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}

(Default): REG_SZ __vbalGrid

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib

(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}

Version REG_SZ 1.1

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}

(Default): REG_SZ vbalGrid

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib

(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}

Version REG_SZ 1.1

MBAM Registry Settings and License Info:

========================================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware

InstallPath REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

dbdate REG_SZ Sun, 08 Jul 2012 16:10:18 GMT

dbversion REG_SZ v2012.07.08.06

programversion REG_SZ 1.61.0.1400

advancedheuristics REG_DWORD 1

downloadprogram REG_DWORD 1

hidereg REG_DWORD 0

detectp2p REG_DWORD 0

detectpum REG_DWORD 1

detectpup REG_DWORD 2

updatewarn REG_DWORD 1

updatewarndays REG_DWORD 7

useproxy REG_DWORD 0

useauthentication REG_DWORD 0

startipdisabled REG_DWORD 0

notifyinstallprogram REG_DWORD 0

scanreboot REG_DWORD 1

ID XXXXX-XXXXX This is hidden data.

Key XXXX-XXXX-XXXX-XXXX This is hidden data.

SchedulerQueue REG_MULTI_SZ 1085444, 30207389, 4147449856, 1, 23 | 30235387, 1450336655

20979716, 30207491, 1060785664, 1, 23 | 30235285, 2739760640

20987912, 30207491, 4060785664, 1, 23 | 30234280, 2181893120

1085444, 30207490, 2355752960, 1, 23 | 30235285, 4158872168

20979716, 30207390, 2852482560, 1, 23 | 30235386, 948063744

Affiliate REG_SZ https://store.malwarebytes.org/342/?scope=checkout&cart=29945

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware\UUID

There is data here but it is hidden.

HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware

language REG_SZ english.lng

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 0

openlog REG_DWORD 0

contextmenu REG_DWORD 1

defaultscan REG_DWORD 0

reportthreats REG_DWORD 0

terminateie REG_DWORD 0

startwithwindows REG_DWORD 1

startfsdisabled REG_DWORD 0

silentipmode REG_DWORD 0

trialpromptshown REG_DWORD 1

selectedrives REG_SZ C:\|E:\|F:\|

HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

contextmenu REG_DWORD 1

defaultscan REG_DWORD 0

reportthreats REG_DWORD 1

terminateie REG_DWORD 0

startwithwindows REG_DWORD 1

startfsdisabled REG_DWORD 0

silentipmode REG_DWORD 0

trialpromptshown REG_DWORD 0

HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

contextmenu REG_DWORD 1

defaultscan REG_DWORD 0

reportthreats REG_DWORD 1

terminateie REG_DWORD 0

startwithwindows REG_DWORD 1

startfsdisabled REG_DWORD 0

silentipmode REG_DWORD 0

trialpromptshown REG_DWORD 0

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

Inno Setup: Setup Version REG_SZ 5.4.3 (a)

Inno Setup: App Path REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

InstallLocation REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\

Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware

Inno Setup: User REG_SZ Monster

Inno Setup: Selected Tasks REG_SZ desktopicon

Inno Setup: Deselected Tasks REG_SZ quicklaunchicon

Inno Setup: Language REG_SZ English

DisplayName REG_SZ Malwarebytes Anti-Malware version 1.61.0.1400

DisplayIcon REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

UninstallString REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

QuietUninstallString REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" /SILENT

DisplayVersion REG_SZ 1.61.0.1400

Publisher REG_SZ Malwarebytes Corporation

URLInfoAbout REG_SZ http://www.malwarebytes.org

NoModify REG_DWORD 1

NoRepair REG_DWORD 1

InstallDate REG_SZ 20120707

MajorVersion REG_DWORD 1

MinorVersion REG_DWORD 61

EstimatedSize REG_DWORD 18479

Scheduler Queue:

================

Scheduled Item: Update Schedule Options: Flash Scan | Daily | Silent

Start Time: 2012-02-17 18:00 Repeating Every: 1 Recover if missed by: 23

Scheduled Item: Scan Schedule Options: Quick Scan | Daily | Scan Remove | Scan Reboot

Start Time: 2012-02-18 06:05 Repeating Every: 1 Recover if missed by: 23

Scheduled Item: Scan Schedule Options: Full Scan | Weekly | Scan Remove | Scan Reboot

Start Time: 2012-02-18 06:10 Repeating Every: 1 Recover if missed by: 23

Scheduled Item: Update Schedule Options: Flash Scan | Daily | Silent

Start Time: 2012-02-18 06:00 Repeating Every: 1 Recover if missed by: 23

Scheduled Item: Scan Schedule Options: Quick Scan | Daily | Scan Remove | Scan Reboot

Start Time: 2012-02-17 18:05 Repeating Every: 1 Recover if missed by: 23

Context Menu Entries:

=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}

(Default): REG_SZ IMBAMShlExt

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID

(Default): REG_SZ MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0

(Default): REG_SZ MBAMExt 1.0 Type Library

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0

(Default): REG_SZ MBAMExt 1.0 Type Library

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

MBAM Drivers:

=============

C:\Windows\SysWOW64\drivers\mbamswissarmy.sys File Size: 38224 BYTES FileVersion: 1.50.1.0

Required Dependencies:

======================

fltmgr:

==============

Type : 2

State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr

AttachWhenLoaded REG_DWORD 1

DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001

Group REG_SZ FSFilter Infrastructure

ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys

Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000

ErrorControl REG_DWORD 3

Start REG_DWORD 0

Tag REG_DWORD 1

Type REG_DWORD 2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum

0 REG_SZ Root\LEGACY_FLTMGR\0000

Count REG_DWORD 1

NextInstance REG_DWORD 1

C:\Windows\system32\drivers\fltmgr.sys File Size: 289664 BYTES FileVersion: 6.1.7601.17514

C:\Windows\SysWOW64\olepro32.dll File Size: 90112 BYTES FileVersion: 6.1.7601.17514

List of MBAM Related Directories:

=================================

C:\Program Files (x86)\Malwarebytes' Anti-Malware

changes.rtf File Size: 785 BYTES

license.txt File Size: 11141 BYTES

mbam.chm File Size: 410054 BYTES

mbam.dll File Size: 476232 BYTES FileVersion: 1.61.0.0

mbam.exe File Size: 981680 BYTES FileVersion: 1.60.0.80

mbamcore.dll File Size: 1082440 BYTES FileVersion: 1.61.0.0

mbamext.dll File Size: 95304 BYTES FileVersion: 1.61.0.0

mbamgui.exe File Size: 462408 BYTES FileVersion: 1.61.0.0

mbamnet.dll File Size: 2165320 BYTES FileVersion: 1.61.0.0

mbampt.exe File Size: 40008 BYTES FileVersion: 1.61.0.0

mbamservice.exe File Size: 654408 BYTES FileVersion: 1.61.0.0

ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3

unins000.dat File Size: 21705 BYTES

unins000.exe File Size: 711240 BYTES FileVersion: 51.52.0.0

unins000.msg File Size: 10498 BYTES

vbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon

chameleon.chm File Size: 186068 BYTES

firefox.com File Size: 199240 BYTES

firefox.exe File Size: 199240 BYTES

firefox.pif File Size: 199240 BYTES

firefox.scr File Size: 199240 BYTES

iexplore.exe File Size: 199240 BYTES

mbam-chameleon.com File Size: 199240 BYTES

mbam-chameleon.exe File Size: 199240 BYTES

mbam-chameleon.pif File Size: 199240 BYTES

mbam-chameleon.scr File Size: 199240 BYTES

mbam-killer.exe File Size: 984648 BYTES FileVersion: 1.60.0.47

rundll32.exe File Size: 199240 BYTES

svchost.exe File Size: 199240 BYTES

winlogon.exe File Size: 199240 BYTES

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages

arabic.lng File Size: 20716 BYTES

bosnian.lng File Size: 25860 BYTES

bulgarian.lng File Size: 26296 BYTES

catalan.lng File Size: 26822 BYTES

chineseSI.lng File Size: 10480 BYTES

chineseTR.lng File Size: 11384 BYTES

croatian.lng File Size: 25546 BYTES

czech.lng File Size: 23540 BYTES

danish.lng File Size: 25384 BYTES

dutch.lng File Size: 26940 BYTES

english.lng File Size: 23390 BYTES

estonian.lng File Size: 24112 BYTES

finnish.lng File Size: 24580 BYTES

french.lng File Size: 28342 BYTES

german.lng File Size: 28506 BYTES

greek.lng File Size: 27864 BYTES

hebrew.lng File Size: 18372 BYTES

hungarian.lng File Size: 27124 BYTES

italian.lng File Size: 26812 BYTES

latvian.lng File Size: 25804 BYTES

lithuanian.lng File Size: 26666 BYTES

macedonian.lng File Size: 27830 BYTES

norwegian.lng File Size: 23864 BYTES

polish.lng File Size: 25304 BYTES

portugueseBR.lng File Size: 27330 BYTES

portuguesePT.lng File Size: 27628 BYTES

romanian.lng File Size: 26914 BYTES

russian.lng File Size: 25952 BYTES

serbian.lng File Size: 25606 BYTES

slovak.lng File Size: 24392 BYTES

slovenian.lng File Size: 23622 BYTES

spanish.lng File Size: 28542 BYTES

swedish.lng File Size: 24782 BYTES

thai.lng File Size: 24952 BYTES

turkish.lng File Size: 24640 BYTES

vietnamese.lng File Size: 28118 BYTES

C:\Users\Monster\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware

C:\Users\Monster\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

C:\Users\Monster\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware

exclusions.dat File Size: 2 BYTES

link.txt File Size: 115 BYTES

mbam-setup.exe File Size: 10063000 BYTES FileVersion: 1.61.0.1400

news.txt File Size: 78 BYTES

rules.ref File Size: 7420757 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration

build.conf File Size: 140 BYTES

config.conf File Size: 3276 BYTES

custom.conf File Size: 20 BYTES

database.conf File Size: 432 BYTES

local.conf File Size: 762 BYTES

manifest.conf File Size: 563 BYTES

news.conf File Size: 379 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

===============================================================

END OF FILE

[screen317]

Hi,

While we analyze that, please do the following:

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

[HarryMonster]

Per instructions, Disabled RealTime Protection on Microsoft Security Essentials and turned off Windows Firewall.

Text from Combofix and DDS are below

ComboFix 12-07-08.01 - Monster 07/08/2012 18:46:27.2.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16301.14037 [GMT -4:00]

Running from: c:\users\Monster\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-06-08 to 2012-07-08 )))))))))))))))))))))))))))))))

.

.

2012-07-08 22:48 . 2012-07-08 22:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-07-08 22:48 . 2012-07-08 22:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-08 14:12 . 2012-07-08 14:12 399264 ----a-w- c:\windows\unhide.exe

2012-07-08 06:23 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A6299D83-BF4D-4C7C-91E3-A652088CC8B2}\mpengine.dll

2012-07-08 04:20 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-08 04:11 . 2012-07-08 04:11 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-08 04:10 . 2012-07-08 04:10 116016 ----a-w- c:\windows\system32\drivers\89452384.sys

2012-07-08 03:33 . 2012-07-08 03:33 -------- d-----w- c:\program files (x86)\Oracle

2012-07-08 03:33 . 2012-05-04 23:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-07-08 03:32 . 2012-07-08 03:32 -------- d-----w- c:\programdata\McAfee

2012-07-08 01:21 . 2012-07-08 01:21 -------- d-----w- c:\programdata\Kaspersky Lab

2012-07-07 23:18 . 2012-07-07 23:19 -------- d-----w- c:\windows\msdownld.tmp

2012-07-07 20:54 . 2012-07-07 20:54 -------- d-----w- c:\users\Monster\AppData\Roaming\Malwarebytes

2012-07-07 20:54 . 2012-07-07 20:54 -------- d-----w- c:\programdata\Malwarebytes

2012-07-07 20:54 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2012-07-07 20:54 . 2012-07-07 20:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-06 03:31 . 2012-07-06 03:31 -------- d-----w- c:\users\Monster\AppData\Local\Apple Computer

2012-07-06 03:30 . 2012-07-07 03:39 -------- d-----w- c:\users\Monster\AppData\Roaming\Apple Computer

2012-07-06 03:29 . 2012-07-06 03:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-07-06 03:29 . 2012-07-06 03:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-07-06 03:29 . 2012-07-06 03:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-07-06 03:29 . 2012-07-06 03:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-07-06 03:29 . 2012-07-06 03:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-07-06 03:29 . 2012-07-06 03:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-07-06 03:29 . 2012-07-06 03:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-07-06 03:29 . 2012-07-07 20:07 -------- d-----w- c:\programdata\Apple Computer

2012-07-06 03:29 . 2012-07-07 20:07 -------- d-----w- c:\program files (x86)\QuickTime

2012-07-06 03:28 . 2012-07-07 20:00 -------- d-----w- c:\program files (x86)\Common Files\Apple

2012-07-06 03:28 . 2012-07-06 03:28 -------- d-----w- c:\users\Monster\AppData\Local\Apple

2012-07-06 03:28 . 2012-07-07 20:07 -------- d-----w- c:\programdata\Apple

2012-07-06 03:28 . 2012-07-07 20:07 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-07-03 22:17 . 2012-02-10 07:05 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9E06D002-0A74-4578-88D3-B1C494A35956}\gapaengine.dll

2012-06-27 05:57 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-27 05:57 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-27 05:57 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-27 05:57 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-27 05:57 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-27 05:57 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-27 05:57 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-27 05:56 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-27 05:56 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-13 13:10 . 2012-07-07 20:03 -------- d-----w- c:\programdata\Battle.net

2012-06-13 05:35 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-06-13 05:35 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-06-13 05:23 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-12 00:51 . 2012-06-12 00:51 428392 ----a-w- c:\windows\SysWow64\nvStreaming.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-08 22:49 . 2011-09-09 22:52 25640 ----a-w- c:\windows\gdrv.sys

2012-06-12 06:26 . 2012-05-23 11:40 15282024 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-06-12 06:26 . 2012-03-24 02:22 60776 ----a-w- c:\windows\system32\OpenCL.dll

2012-06-12 06:26 . 2012-03-24 02:22 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-06-12 06:26 . 2012-02-08 06:07 968552 ----a-w- c:\windows\system32\nvumdshimx.dll

2012-06-12 06:26 . 2012-02-08 06:07 247144 ----a-w- c:\windows\system32\nvinitx.dll

2012-06-12 06:26 . 2012-02-08 06:07 202600 ----a-w- c:\windows\SysWow64\nvinit.dll

2012-06-12 06:26 . 2011-11-03 23:19 1758056 ----a-w- c:\windows\system32\nvdispco64.dll

2012-06-12 06:26 . 2011-09-07 20:22 2719592 ----a-w- c:\windows\system32\nvapi64.dll

2012-06-12 06:26 . 2011-05-21 10:01 2418024 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-06-12 06:26 . 2011-05-21 10:01 14744424 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-06-12 02:30 . 2012-02-08 06:08 2653573 ----a-w- c:\windows\system32\nvcoproc.bin

2012-06-12 02:29 . 2011-01-08 00:49 3264360 ----a-w- c:\windows\system32\nvsvc64.dll

2012-06-12 02:29 . 2011-01-08 00:50 6189928 ----a-w- c:\windows\system32\nvcpl.dll

2012-06-12 02:28 . 2011-01-08 00:49 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-06-12 02:28 . 2011-01-08 00:49 891240 ----a-w- c:\windows\system32\nvvsvc.exe

2012-06-12 02:28 . 2011-01-08 00:49 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-06-11 12:22 . 2012-03-31 13:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-11 12:22 . 2011-09-08 04:23 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-21 07:34 . 2011-12-04 18:30 1468264 ----a-w- c:\windows\system32\nvhdagenco6420103.dll

2012-05-15 10:48 . 2012-05-23 11:40 364352 ----a-w- c:\windows\system32\nvdecodemft.dll

2012-05-15 10:48 . 2012-05-23 11:40 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll

2012-05-15 10:48 . 2011-11-03 23:19 1468224 ----a-w- c:\windows\system32\nvgenco64.dll

2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-08_03.19.10 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-07-08 03:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-07-08 22:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-07-08 03:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-08 22:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-08 22:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-08 03:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-21 03:09 . 2012-07-08 05:35 38872 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-07-08 14:18 38152 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2011-09-07 19:50 . 2012-07-08 02:41 7300 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1370678217-2648053772-1350857106-1000_UserData.bin

+ 2011-09-07 19:50 . 2012-07-08 14:18 7300 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1370678217-2648053772-1350857106-1000_UserData.bin

+ 2012-07-08 22:49 . 2012-07-08 22:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-07-08 03:18 . 2012-07-08 03:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-01-11 20:32 . 2012-07-08 03:33 227824 c:\windows\SysWOW64\javaws.exe

+ 2012-01-11 20:32 . 2012-07-08 03:33 174064 c:\windows\SysWOW64\javaw.exe

+ 2012-01-11 20:32 . 2012-07-08 03:33 174064 c:\windows\SysWOW64\java.exe

- 2009-07-14 05:01 . 2012-07-07 14:23 279128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-07-08 22:48 279128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-07-08 03:33 . 2012-07-08 03:33 461312 c:\windows\Installer\d419b.msi

+ 2011-09-08 05:01 . 2012-07-08 22:48 63073092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1370678217-2648053772-1350857106-1000-12288.dat

+ 2012-07-08 03:32 . 2012-07-08 03:32 17379328 c:\windows\Installer\d4197.msi

+ 2012-06-04 14:48 . 2012-06-04 14:48 15888384 c:\windows\Installer\1eaaf.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Monster\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Monster\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Monster\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Monster\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-06-01 506712]

"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"GBTUpd"="c:\program files (x86)\GIGABYTE\UpdManager\PreRun.exe" [2008-04-03 297480]

"DES2"="c:\program files (x86)\GIGABYTE\EnergySaver2\des2.exe" [2011-03-08 359024]

.

c:\users\Monster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Monster\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]

EVGA Precision X.lnk - c:\program files (x86)\EVGA Precision X\EVGAPrecision.exe [2012-6-29 553800]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-06-12 1258856]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]

R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-12-19 25640]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-10-27 30528]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-08 1255736]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]

S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]

S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-06-12 382312]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-03-07 40832]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-03-07 65280]

S3 hxctlflt;hxctlflt;c:\windows\system32\DRIVERS\hxctlflt.sys [2009-02-09 111104]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-05-21 188776]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision X\RTCore64.sys [2012-06-29 15176]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]

.

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 97792 ----a-w- c:\users\Monster\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 97792 ----a-w- c:\users\Monster\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 97792 ----a-w- c:\users\Monster\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 97792 ----a-w- c:\users\Monster\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984]

"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-09 2275944]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://affiliate.zap2it.com/tvlistings/ZCGrid.do?loginRedirectReq=true

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.10.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1370678217-2648053772-1350857106-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1370678217-2648053772-1350857106-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\APC\PowerChute Personal Edition\mainserv.exe

c:\program files (x86)\APC\PowerChute Personal Edition\apcsystray.exe

.

**************************************************************************

.

Completion time: 2012-07-08 18:51:47 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-08 22:51

ComboFix2.txt 2012-07-08 03:21

.

Pre-Run: 145,917,034,496 bytes free

Post-Run: 145,751,699,456 bytes free

.

- - End Of File - - 87EFD49C54D4C5966D68B34FD7063B5E

DDS text:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Monster at 18:53:14 on 2012-07-08

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16301.14233 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe

C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe

C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe

C:\Users\Monster\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://affiliate.zap2it.com/tvlistings/ZCGrid.do?loginRedirectReq=true

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart

mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRunOnce: [GBTUpd] C:\Program Files (x86)\GIGABYTE\UpdManager\PreRun.exe

mRunOnce: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe state

StartupFolder: C:\Users\Monster\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Monster\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVGAPR~1.LNK - C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB

DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/BINGAME/POPCAPLOADER_V10.CAB

TCP: DhcpNameServer = 192.168.10.1

TCP: Interfaces\{0205CAC2-58CB-4D3B-9DBB-01B62C589397} : DhcpNameServer = 192.168.10.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

mRun-x64: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart

mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRunOnce-x64: [GBTUpd] C:\Program Files (x86)\GIGABYTE\UpdManager\PreRun.exe

mRunOnce-x64: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe state

AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-1-24 21880]

R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-9-7 68136]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-4 1258856]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-6-11 382312]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]

R3 hxctlflt;hxctlflt;C:\Windows\system32\DRIVERS\hxctlflt.sys --> C:\Windows\system32\DRIVERS\hxctlflt.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2012-6-29 15176]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-7 654408]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]

S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-9-9 25640]

S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-9-7 30528]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-08 22:50:34 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-08 14:12:00 399264 ----a-w- C:\Windows\unhide.exe

2012-07-08 13:14:47 -------- d-----w- C:\Users\Monster\AppData\Local\{B9F8192F-BE8D-40A9-B28B-E7CF562F3F25}

2012-07-08 13:14:25 -------- d-----w- C:\Users\Monster\AppData\Local\{77955E54-126A-4F37-8B36-5E8300A23515}

2012-07-08 06:23:31 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6299D83-BF4D-4C7C-91E3-A652088CC8B2}\mpengine.dll

2012-07-08 04:20:28 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-08 04:11:57 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-08 04:10:54 116016 ----a-w- C:\Windows\System32\drivers\89452384.sys

2012-07-08 03:33:41 -------- d-----w- C:\Program Files (x86)\Oracle

2012-07-08 03:33:21 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-07-08 03:15:18 98816 ----a-w- C:\Windows\sed.exe

2012-07-08 03:15:18 518144 ----a-w- C:\Windows\SWREG.exe

2012-07-08 03:15:18 256000 ----a-w- C:\Windows\PEV.exe

2012-07-08 03:15:18 208896 ----a-w- C:\Windows\MBR.exe

2012-07-08 01:21:43 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-07-07 23:18:59 -------- d-----w- C:\Windows\msdownld.tmp

2012-07-07 23:03:38 -------- d-----w- C:\Users\Monster\AppData\Local\{A3E16D22-F576-469B-9156-E0494EC2AC5F}

2012-07-07 23:03:16 -------- d-----w- C:\Users\Monster\AppData\Local\{C3E81BCB-F2D9-4FF3-815A-6AC52484943E}

2012-07-07 22:41:21 -------- d-----w- C:\Users\Monster\AppData\Local\{84C76A8C-DC35-4EF8-8E94-C47EAA90A010}

2012-07-07 22:15:33 -------- d-----w- C:\Users\Monster\AppData\Local\{21A84CF0-F659-4D71-89EC-23EFDA801698}

2012-07-07 20:54:57 -------- d-----w- C:\Users\Monster\AppData\Roaming\Malwarebytes

2012-07-07 20:54:48 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2012-07-07 20:54:48 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-07 20:54:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-07 19:42:46 -------- d-----w- C:\Users\Monster\AppData\Local\{8452858B-ACF0-4496-9A4A-D0D390A88840}

2012-07-07 19:42:25 -------- d-----w- C:\Users\Monster\AppData\Local\{4C15BE42-0BEA-4268-B8AC-670DA4569960}

2012-07-07 18:17:34 -------- d-----w- C:\Users\Monster\AppData\Local\{DAB9186B-DFAD-4524-B924-065AF0D8FA52}

2012-07-07 03:25:07 -------- d-----w- C:\Users\Monster\AppData\Local\{4BDBE2AD-3146-4DB0-993B-703723560C63}

2012-07-07 03:24:45 -------- d-----w- C:\Users\Monster\AppData\Local\{D98B742A-50D1-4416-94E8-2B4183850D8C}

2012-07-06 15:18:21 -------- d-----w- C:\Users\Monster\AppData\Local\{29E63BF6-0C75-40E2-AF96-34F13CD5D017}

2012-07-06 15:17:59 -------- d-----w- C:\Users\Monster\AppData\Local\{FD00A1B2-CA9A-4236-BFF7-FFE517F12672}

2012-07-06 03:31:18 -------- d-----w- C:\Users\Monster\AppData\Local\Apple Computer

2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-07-06 03:29:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-07-06 03:28:34 -------- d-----w- C:\Users\Monster\AppData\Local\Apple

2012-07-06 03:02:04 -------- d-----w- C:\Users\Monster\AppData\Local\{99E0CB75-8492-411D-948A-2A0304709A9A}

2012-07-06 03:01:42 -------- d-----w- C:\Users\Monster\AppData\Local\{771EE766-C26A-4F64-AEF2-97B7CE83F290}

2012-07-05 15:01:17 -------- d-----w- C:\Users\Monster\AppData\Local\{C580793E-6487-4161-9622-6C86AC984ABC}

2012-07-05 15:00:55 -------- d-----w- C:\Users\Monster\AppData\Local\{D14AE534-F078-4ED8-BC11-8D0515696A79}

2012-07-05 02:39:03 -------- d-----w- C:\Users\Monster\AppData\Local\{0AA1976B-1291-4197-9E53-70938642C8A6}

2012-07-05 02:38:41 -------- d-----w- C:\Users\Monster\AppData\Local\{F07FC934-09F0-44D1-BE98-8B185E2E3006}

2012-07-04 13:22:40 -------- d-----w- C:\Users\Monster\AppData\Local\{D205320D-0CDC-427C-908A-8ABCF9A4F3CD}

2012-07-04 13:22:18 -------- d-----w- C:\Users\Monster\AppData\Local\{8A7D36A2-8B53-44B2-AA0B-5F1B468CF3F1}

2012-07-04 02:21:10 -------- d-----w- C:\Users\Monster\AppData\Local\{1E153537-D550-4C85-A39F-511783315B84}

2012-07-03 22:17:02 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9E06D002-0A74-4578-88D3-B1C494A35956}\gapaengine.dll

2012-07-03 12:54:27 -------- d-----w- C:\Users\Monster\AppData\Local\{428BB0E7-5914-4BB6-98DF-EDED855C544C}

2012-07-03 12:54:04 -------- d-----w- C:\Users\Monster\AppData\Local\{12501126-51D9-44D6-8283-A4771FD79AA3}

2012-07-03 00:23:34 -------- d-----w- C:\Users\Monster\AppData\Local\{F34EB0E2-4C21-4451-ACE5-D11549D91164}

2012-07-03 00:23:12 -------- d-----w- C:\Users\Monster\AppData\Local\{50448357-028D-495E-BB39-C40C93E39702}

2012-07-02 12:22:47 -------- d-----w- C:\Users\Monster\AppData\Local\{0980B5B5-BDB3-4916-AB7A-2B6FEE9BD664}

2012-07-02 12:22:25 -------- d-----w- C:\Users\Monster\AppData\Local\{B054D9E8-2255-44B0-BC5E-A9E3D668B21A}

2012-07-01 21:03:30 -------- d-----w- C:\Users\Monster\AppData\Local\{18AC2C45-BB29-4232-8AF8-364BBD020545}

2012-07-01 21:03:08 -------- d-----w- C:\Users\Monster\AppData\Local\{8ABB9521-8ED4-4E28-B576-5C4640EEB988}

2012-07-01 16:01:37 -------- d-----w- C:\Users\Monster\AppData\Local\{8C0CBB0D-8FC6-430C-AC9B-B077130206DE}

2012-07-01 16:01:15 -------- d-----w- C:\Users\Monster\AppData\Local\{D1C6AECD-E652-4121-819C-714031512535}

2012-07-01 01:47:37 -------- d-----w- C:\Users\Monster\AppData\Local\{40E7ED80-FC09-4A97-B4C8-3EEFF5A19B91}

2012-07-01 01:47:15 -------- d-----w- C:\Users\Monster\AppData\Local\{C73D78F8-36A4-4C88-B972-B46B5F2263E9}

2012-06-30 13:02:11 -------- d-----w- C:\Users\Monster\AppData\Local\{69D02A7D-08B7-41D4-90A1-A7116643E317}

2012-06-30 13:01:49 -------- d-----w- C:\Users\Monster\AppData\Local\{963DA3A9-1348-41D9-813D-C4D053031066}

2012-06-30 04:27:19 -------- d-----w- C:\Users\Monster\AppData\Local\{7D01B93F-3C46-45A8-8A87-78E7485AF79B}

2012-06-30 04:26:57 -------- d-----w- C:\Users\Monster\AppData\Local\{E67238A1-05D0-4D80-90E3-B526915902F6}

2012-06-29 12:22:47 -------- d-----w- C:\Users\Monster\AppData\Local\{CDA64F1A-BA88-4D5B-BBF8-CDBD2E14C239}

2012-06-29 12:22:25 -------- d-----w- C:\Users\Monster\AppData\Local\{83DF09D8-E964-45ED-B078-EA3BF9937D73}

2012-06-29 00:22:01 -------- d-----w- C:\Users\Monster\AppData\Local\{881D59FB-B54F-46C2-AD95-6D37DAD1F193}

2012-06-29 00:21:38 -------- d-----w- C:\Users\Monster\AppData\Local\{23896204-0A7D-476C-9444-038816CA6DF7}

2012-06-28 12:21:14 -------- d-----w- C:\Users\Monster\AppData\Local\{F984CF34-63AD-4397-92DD-C05D2DF2C624}

2012-06-28 12:20:52 -------- d-----w- C:\Users\Monster\AppData\Local\{35224A91-EFD2-4029-AE3B-59CE2E486907}

2012-06-27 16:58:18 -------- d-----w- C:\Users\Monster\AppData\Local\{2B36657F-71F3-4488-97A8-5DC398A34D98}

2012-06-27 16:57:56 -------- d-----w- C:\Users\Monster\AppData\Local\{FCAFCAD8-F3FC-4BFC-9BC3-96BA6AFCD2E4}

2012-06-27 16:54:12 -------- d-----w- C:\Users\Monster\AppData\Local\{5475B883-056F-44C7-9A95-0F58BDBCD550}

2012-06-27 05:57:08 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-27 05:57:04 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-27 05:56:57 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-27 05:56:57 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-27 04:31:04 -------- d-----w- C:\Users\Monster\AppData\Local\{A39BF54A-074A-4635-B043-5C67012A3407}

2012-06-27 04:30:42 -------- d-----w- C:\Users\Monster\AppData\Local\{2973D902-1CCD-4F71-957F-5C6E1065F8AE}

2012-06-26 15:22:59 -------- d-----w- C:\Users\Monster\AppData\Local\{C0D5A744-196B-4488-89D4-A453FD2F13CC}

2012-06-26 15:22:37 -------- d-----w- C:\Users\Monster\AppData\Local\{511F77EA-51CD-480A-805F-70F4A2A08717}

2012-06-26 01:48:13 -------- d-----w- C:\Users\Monster\AppData\Local\{A36DB817-E690-4FCF-9505-F08E2922D875}

2012-06-26 01:47:51 -------- d-----w- C:\Users\Monster\AppData\Local\{733798E2-F27A-429B-AA00-1FA7E799F6F1}

2012-06-25 12:28:27 -------- d-----w- C:\Users\Monster\AppData\Local\{EBED92FC-8AD4-422B-9746-60E56B2379C1}

2012-06-25 12:28:04 -------- d-----w- C:\Users\Monster\AppData\Local\{67EA5D40-9ED6-4C0B-8242-162BE794D01A}

2012-06-25 03:15:44 -------- d-----w- C:\Users\Monster\AppData\Local\{4E767056-79EB-4D02-8645-526A828D1119}

2012-06-24 12:21:41 -------- d-----w- C:\Users\Monster\AppData\Local\{0E3C63B1-B037-4C2C-AE2A-83323F0CA63B}

2012-06-24 12:21:19 -------- d-----w- C:\Users\Monster\AppData\Local\{F363C67F-5588-44EE-B0E7-3AF9572975A3}

2012-06-23 20:10:46 -------- d-----w- C:\Users\Monster\AppData\Local\{2E7D129E-6EA0-4D88-AB9C-94DD970F16D6}

2012-06-23 20:10:24 -------- d-----w- C:\Users\Monster\AppData\Local\{566BE370-565D-494E-AFEE-8DF6C09554CC}

2012-06-22 21:03:34 -------- d-----w- C:\Users\Monster\AppData\Local\{F1F2A841-7477-4353-9319-50F6C04D8B94}

2012-06-22 21:03:12 -------- d-----w- C:\Users\Monster\AppData\Local\{6BD9CA0F-ED67-4857-9D71-1AD9057AFE5D}

2012-06-22 03:01:27 -------- d-----w- C:\Users\Monster\AppData\Local\{CAE85344-85FB-4502-A12B-472F28C18C25}

2012-06-22 03:01:05 -------- d-----w- C:\Users\Monster\AppData\Local\{4525B361-505D-4E5F-AF7B-0D331E71AD23}

2012-06-21 11:01:42 -------- d-----w- C:\Users\Monster\AppData\Local\{C4D4E913-F830-4796-8395-C0313ACAC445}

2012-06-21 11:01:20 -------- d-----w- C:\Users\Monster\AppData\Local\{D59D66B2-92D3-458F-94E4-DC0AA2A7D941}

2012-06-20 18:08:17 -------- d-----w- C:\Users\Monster\AppData\Local\{6BC3DF1E-8742-4EF7-8AE6-4C60E1BCCA93}

2012-06-20 18:07:55 -------- d-----w- C:\Users\Monster\AppData\Local\{1079313F-DA88-44FD-A453-798ACD5E0106}

2012-06-20 01:44:00 -------- d-----w- C:\Users\Monster\AppData\Local\{96AE8B23-8674-4E3E-9A9A-6D18DC4CE283}

2012-06-20 01:43:38 -------- d-----w- C:\Users\Monster\AppData\Local\{DAFFCBFE-7E60-4A8D-BC1E-1B2AEBE3A44A}

2012-06-19 04:10:52 -------- d-----w- C:\Users\Monster\AppData\Local\{2BCAFC05-4A35-40D5-B6A4-4A4B47ABAB17}

2012-06-19 04:10:30 -------- d-----w- C:\Users\Monster\AppData\Local\{FF08AAC1-B051-4167-90D5-3E6EE87A0DD2}

2012-06-18 12:57:55 -------- d-----w- C:\Users\Monster\AppData\Local\{DADE819D-B2EC-45FB-9F1D-1E5EA61EC952}

2012-06-17 22:20:02 -------- d-----w- C:\Users\Monster\AppData\Local\{AB587CF5-0C82-47C6-B7A8-E075E4D4275A}

2012-06-17 11:05:43 -------- d-----w- C:\Users\Monster\AppData\Local\{03495D20-872D-47C3-93AD-6A9F0B06D867}

2012-06-16 20:55:50 -------- d-----w- C:\Users\Monster\AppData\Local\{0F7F3DA5-1B52-47CE-82C6-A5DB4E2E7FA6}

2012-06-16 13:13:58 -------- d-----w- C:\Users\Monster\AppData\Local\{7020333B-81B6-4883-A5F3-9BC4C4921622}

2012-06-15 20:39:13 -------- d-----w- C:\Users\Monster\AppData\Local\{5887454E-1B49-4464-B7A8-A49601ABEBEA}

2012-06-15 16:30:33 -------- d-----w- C:\Users\Monster\AppData\Local\{BB3F59B2-6AB4-4EE6-80E3-5EA870C1912B}

2012-06-15 04:19:12 -------- d-----w- C:\Users\Monster\AppData\Local\{09C4D844-EB59-49C4-9176-0CE1AE1A36A9}

2012-06-14 14:05:09 -------- d-----w- C:\Users\Monster\AppData\Local\{AF9A8AF8-6167-42C1-A50E-76E9CD2E0DCF}

2012-06-14 14:04:47 -------- d-----w- C:\Users\Monster\AppData\Local\{A89DFE16-C42B-4938-97F6-71CDF9F79F10}

2012-06-14 09:01:05 -------- d-----w- C:\Users\Monster\AppData\Local\{112B8723-C34B-4810-AC95-D0CA00D271B4}

2012-06-13 13:10:11 -------- d-----w- C:\ProgramData\Battle.net

2012-06-13 13:00:48 -------- d-----w- C:\Users\Monster\AppData\Local\{EC3DA9E3-C873-465F-A7E8-308AA10B8E26}

2012-06-13 13:00:26 -------- d-----w- C:\Users\Monster\AppData\Local\{8A4B39E5-3107-4BC9-9E96-D1CCC66B0B68}

2012-06-13 05:35:10 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-06-13 05:35:10 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-06-13 05:23:22 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-12 23:49:53 -------- d-----w- C:\Users\Monster\AppData\Local\{1E6F485C-C856-4711-AA5C-814107B8007F}

2012-06-12 23:49:31 -------- d-----w- C:\Users\Monster\AppData\Local\{4D97A91B-0CA8-4941-9986-04FC90ED51DE}

2012-06-12 11:01:44 -------- d-----w- C:\Users\Monster\AppData\Local\{A5126C23-A6A4-473F-99D6-3A0EC0175E08}

2012-06-12 11:01:22 -------- d-----w- C:\Users\Monster\AppData\Local\{845131F4-9B1F-430D-A275-5360ED31999C}

2012-06-12 00:51:04 428392 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-06-11 15:57:51 -------- d-----w- C:\Users\Monster\AppData\Local\{87024ACA-2EC2-4624-A00B-77ADDA2A5DC7}

2012-06-11 15:57:29 -------- d-----w- C:\Users\Monster\AppData\Local\{D9C7F8AD-E6DE-42DA-9B4B-4B32C5FC449F}

2012-06-11 03:02:21 -------- d-----w- C:\Users\Monster\AppData\Local\{2440A8F9-84B3-44FB-96B8-DF773007A3B3}

2012-06-11 03:01:58 -------- d-----w- C:\Users\Monster\AppData\Local\{6A4247B2-172A-4AF0-B797-E12AE8FF2B1C}

2012-06-10 12:31:10 -------- d-----w- C:\Users\Monster\AppData\Local\{B2E11062-B0EB-4FB7-A037-90EDF4F2279D}

2012-06-10 12:30:48 -------- d-----w- C:\Users\Monster\AppData\Local\{18E16E3E-ADD8-4D41-822E-422181EBB6F5}

2012-06-09 20:19:48 -------- d-----w- C:\Users\Monster\AppData\Local\{659F3DDC-3539-463C-A670-ED434F1CA539}

2012-06-09 20:19:26 -------- d-----w- C:\Users\Monster\AppData\Local\{26CFF707-4E0E-45DE-BB03-D1AF1F16B725}

2012-06-09 05:00:37 -------- d-----w- C:\Users\Monster\AppData\Local\{3C6BDBAB-7069-4682-8652-0251A5440657}

2012-06-09 05:00:15 -------- d-----w- C:\Users\Monster\AppData\Local\{C5CCB3B5-A47E-4E00-B2D6-365B9A497888}

2012-06-09 02:30:37 -------- d-----w- C:\Users\Monster\AppData\Local\{A881F694-2986-4179-9978-D739EA99FCA7}

2012-06-08 23:43:25 -------- d-----w- C:\Users\Monster\AppData\Local\{3A2C788D-9DB8-4A8B-96EE-DCF821DD07F6}

.

==================== Find3M ====================

.

2012-07-08 22:50:20 25640 ----a-w- C:\Windows\gdrv.sys

2012-06-12 02:30:01 2653573 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-06-12 02:29:20 3264360 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-06-12 02:29:19 6189928 ----a-w- C:\Windows\System32\nvcpl.dll

2012-06-12 02:28:59 891240 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-06-12 02:28:59 63336 ----a-w- C:\Windows\System32\nvshext.dll

2012-06-12 02:28:59 118120 ----a-w- C:\Windows\System32\nvmctray.dll

2012-06-11 12:22:38 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-11 12:22:38 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-21 13:10:56 31080 ----a-w- C:\Windows\System32\nvhdap64.dll

2012-05-21 13:10:51 188776 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2012-05-21 07:34:41 1468264 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 10:48:00 364352 ----a-w- C:\Windows\System32\nvdecodemft.dll

2012-05-15 10:48:00 301376 ----a-w- C:\Windows\SysWow64\nvdecodemft.dll

2012-05-15 10:48:00 1468224 ----a-w- C:\Windows\System32\nvgenco64.dll

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

.

============= FINISH: 18:53:23.34 ===============

[screen317]

Thank you.

We are analyzing your logs and will be back with you as soon as possible.

[HarryMonster]

Signing off for tonight. Hope to hear back tomorrow. Thanks again for your help.

- = M = -

[HarryMonster]

Dear Screen317

I do thank you for all your time and trouble. Please consider this topic closed out as I have now managed to get everything working again.

After getting rid of all the viruses, I ended up completely uninstalling MBAM, deleting the user folder with MBAM info in it, then reinstalling it from a CNET link I found elsewhere in these forums. For some reason, installing it from the disk I bought was causing problems... MBAM evidently had trouble updating itself to a newer version (1.6) from what was on the disk. Once I downloaded the version from CNET, MBAM updated smoothly, the scheduler came back on, and Protection Mode is now working without errors.

I'm very relieved. I also have resolved the other problems my PC was having and can now use the Windows Update, etc.

These forums are a terrific resource and your efforts to help people struggling with computer problems are sincerely appreciated!

Sincerely yours with gratitude,

- = M = -

[screen317]

Thank you for the update Harry!

We're very glad you resolved your issue.

Let's make sure there are no malware remnants left before we send you home.

Run TFC by OldTimer to clear temporary files:

• Please download TFC from here and save it to your desktop.
  
• Close any open programs and Internet browsers.
  
• Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  
• Please be patient as clearing out temp files may take a while.
  
• Once it completes you may be prompted to restart your computer, please do so.
  
• Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.
  

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

-screen317

[HarryMonster]

I think things are running great now. As you requested, I ran TFC... it took about 10 seconds, removed 18MB of stuff, then rebooted my computer. No troubles.

I did the online ESET which took longer, nearly half an hour. It didn't find any problems. The text file is below.

Finally, I did your security check. I think I have a clean bill of health, except it noted I had UAC turned off while I ran these tests.

Thanks again!

ESET text:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=7ddab9427b5d414c94bd918d07a4d623

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-10 12:36:59

# local_time=2012-07-09 08:36:59 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 101073 93422566 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=121723

# found=0

# cleaned=0

# scan_time=1503

Security Check text:

Results of screen317's Security Check version 0.99.42

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Secunia PSI (3.0.0.2004)

Malwarebytes Anti-Malware version 1.61.0.1400

JavaFX 2.1.1

Java 7 Update 5

Adobe Reader X (10.1.3)

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

WinPatrol winpatrol.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

BillP Studios WinPatrol WinPatrol.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

The End

[screen317]

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

Reboot.

If there are no other issues, then I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Green to go
  
• Yellow for caution
  
• Red to stop
  

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

[HarryMonster]

Thanks again, Screen317

I do have the Pro version of MBAM -- not sure how something got past it, but it ended up that I couldn't get it into Protection Mode. It's there now and I will always doublecheck to see the protection is on and working before I surf anywhere in the future.

I also got the Secunia Personal Software Inspector -- what a great program! Showed me that a couple of my apps were not up to date.

I'll definitely check out SpywareBlaster and WOT.

Best regards,

- = M = -

[HarryMonster]

P.S. Now have SpywareBlaster and WOT. Found the likely source of my infection -- went to sites to find song lyrics. There are a lot of bad ones! Now I know and will stay away from those.

- = M = -

[screen317]

Great news and thanks for the update!

Have a wonderful day.

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!