shmimtown

June 25, 2012

ok I did some research thru the MS forums and was able to fix windows defender and the firewall. It appears that everything is working ok. Is there anything else you would like to look at?

Shmim

June 24, 2012

Just tried uninstalling and reinstalling microsoft sec essentials. It is now saying that it is on and up to date, however windows firewall and windows defender services are still off. here is another log file from Farbar:

Farbar Service Scanner Version: 24-06-2012

Ran by Shmim (administrator) on 24-06-2012 at 16:48:30

Running from "C:\Users\Public"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is OK.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

June 24, 2012

not finding that either, tried to manually start windows firewall and it start/stopped. started windows defender but still getting a red ms security essentials saying that the service is stopped

June 24, 2012

I think this is referring to windows firewall is that correct? if so I tried setting the startup type to automatic and manual and each time it errors out while trying to start the service. I tried this in windows defender as well. I must be missing something

June 24, 2012

sorry Maniac, but what is mpsdrv? I am not finding it in the services "names" column.

June 24, 2012

Farbar Service Scanner Version: 24-06-2012

Ran by Shmim (administrator) on 24-06-2012 at 15:35:22

Running from "C:\Users\Public"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

June 24, 2012

Btw, still unable to start security services manually, still generating an error that this service is not installed

June 24, 2012

ComboFix 12-06-24.03 - Shmim 06/24/2012 15:06:39.1.4 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.3450 [GMT -5:00]

Running from: c:\users\Shmim\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

ADS - Windows: deleted 192 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\install.exe

c:\users\Public\OTL.exe

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\security\Database\tmp.edb

c:\windows\SysWow64\muzapp.exe

.

Infected copy of c:\windows\system32\Services.exe was found and disinfected

Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

.

((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))

.

2012-06-24 20:15 . 2012-06-24 20:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-24 19:06 . 2012-06-24 19:06 -------- d-----w- C:\_OTL

2012-06-24 15:18 . 2012-06-24 15:18 -------- d-----w- c:\users\Shmim\AppData\Local\{1F232BD4-BD96-11E1-8270-B8AC6F996F26}

2012-06-24 00:56 . 2012-06-24 00:56 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-06-23 22:23 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FCF80D41-B5D3-4B36-8112-8E133AC8B650}\mpengine.dll

2012-06-23 00:53 . 2012-06-23 00:52 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-06-22 22:26 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-16 20:55 . 2012-05-18 01:55 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-16 20:54 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-16 20:54 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-16 20:54 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-16 20:54 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-16 20:54 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-16 20:54 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-16 20:54 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-16 20:54 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-16 20:54 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-16 20:54 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-16 20:54 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-13 01:01 . 2012-02-10 12:15 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2237F3F5-7ECC-4681-893B-3C5E76082389}\gapaengine.dll

2012-06-10 19:22 . 2012-06-10 19:23 -------- d-----w- c:\users\Shmim\Home recordings

2012-06-10 02:31 . 2012-06-10 02:31 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-06-10 02:28 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-06-10 02:28 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-06-10 02:28 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-06-10 02:28 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-06-10 02:28 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-06-10 02:28 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-06-10 02:27 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-06-10 02:27 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-06-10 02:27 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-06-08 22:05 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-08 22:05 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-08 22:05 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-08 22:05 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-08 22:05 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-08 22:05 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-08 22:05 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-08 22:04 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-08 22:04 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-24 15:17 . 2011-10-26 21:29 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-06-24 15:17 . 2010-10-10 05:36 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-06-24 03:58 . 2010-10-02 06:34 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-06-23 00:52 . 2011-03-20 00:32 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-04-04 20:56 . 2011-07-29 02:36 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-30 17:55 . 2012-03-30 17:56 16409960 ----a-w- c:\users\Public\spybotsd162.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

.

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-10 361984]

R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-06 136176]

R2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-11-02 68896]

R3 ALSysIO;ALSysIO;c:\users\Shmim\AppData\Local\Temp\ALSysIO64.sys [x]

R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [x]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-06 136176]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [x]

S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [x]

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-17 17:11]

.

2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-17 17:11]

.

2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2522420040-2883569271-1727095018-1000Core.job

- c:\users\Shmim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-06 17:11]

.

2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2522420040-2883569271-1727095018-1000UA.job

- c:\users\Shmim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-06 17:11]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]

"SKDaemon.exe"="c:\program files\Lenovo\Productivity Keyboard\SKDaemon.exe" [2006-12-05 373248]

"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2011-11-10 310272]

"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2011-11-10 158208]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyServer = 127.0.0.1:8118

uInternet Settings,ProxyOverride = <local>

IE: Append Link Target to Existing PDF

IE: Append to Existing PDF

IE: Convert Link Target to Adobe PDF

IE: Convert to Adobe PDF

IE: Download all by YouTube Robot

IE: Download by YouTube Robot

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki...

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-MsMpSvc

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2522420040-2883569271-1727095018-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:11,1c,c2,a7,f4,89,c6,db,3c,43,86,ca,05,c0,db,a1,01,fc,2d,c8,96,1a,4b,

7e,09,28,e9,82,e4,14,e2,2c,69,8f,8c,4d,6e,b5,f8,7d,2e,46,8f,b0,91,2e,52,54,\

"??"=hex:a9,7d,a8,61,f9,9c,62,32,ca,9c,48,0d,d6,de,89,72

.

[HKEY_USERS\S-1-5-21-2522420040-2883569271-1727095018-1000\Software\SecuROM\License information*]

"datasecu"=hex:b9,07,1d,cd,30,9b,65,be,ce,14,55,1c,03,20,e8,b6,95,34,17,e3,2d,

e2,24,ec,70,5b,c6,49,64,a7,ae,1b,a0,89,b9,03,94,f2,fb,8d,f5,11,c8,ff,d5,1a,\

"rkeysecu"=hex:ea,d6,ad,05,56,82,13,d0,3c,3e,d5,ec,ff,f0,0a,a5

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-06-24 15:23:15 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-24 20:23

.

Pre-Run: 398,917,062,656 bytes free

Post-Run: 400,818,319,360 bytes free

.

- - End Of File - - 5C2212E613B3B498D4DDD0BC2433A005

June 24, 2012

safemode with networking, combofix has detecte the realtime scaner antispyware: MS security essentials to be on

if i bring up the console for ms sec essentials, it shows off and generates an error when I try to turn it on.

combofix is asking me to turn these off before clicking ok, hoewever it seems that it will continue "at my own risk" if I go thru with it

any advice here?

June 24, 2012

one thing to note: Combofix detects MS security essentials as running, however If I view it, its marked as off and one problem I have had is that I cannot turn it on. Is there a way to manually ensure that this process is off?

June 24, 2012

utorrent is uninstalled

Fix log:

All processes killed

========== OTL ==========

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mscpt deleted successfully.

C:\Users\Shmim\AppData\Roaming\mscpt.dll moved successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pdilg deleted successfully.

C:\Users\Shmim\AppData\Roaming\pdilg.dll moved successfully.

File C:\Users\Shmim\AppData\Roaming\mscpt.dll not found.

File C:\Users\Shmim\AppData\Roaming\pdilg.dll not found.

C:\Windows\Installer\{ee317be7-c884-b986-bea0-b89b021879dc}\U\00000008.@ moved successfully.

C:\Windows\Installer\{ee317be7-c884-b986-bea0-b89b021879dc}\U\80000032.@ moved successfully.

C:\Windows\Installer\{ee317be7-c884-b986-bea0-b89b021879dc}\U\80000064.@ moved successfully.

C:\Windows\Installer\{ee317be7-c884-b986-bea0-b89b021879dc}\U\000000cb.@ moved successfully.

C:\Windows\Installer\{ee317be7-c884-b986-bea0-b89b021879dc}\L\00000004.@ moved successfully.

C:\Windows\Installer\{ee317be7-c884-b986-bea0-b89b021879dc}\U\80000000.@ moved successfully.

C:\Windows\Installer\{ee317be7-c884-b986-bea0-b89b021879dc}\U\00000004.@ moved successfully.

C:\Windows\Installer\{ee317be7-c884-b986-bea0-b89b021879dc}\@ moved successfully.

Folder C:\Users\Shmim\AppData\Roaming\uTorrent\ not found.

========== FILES ==========

C:\Windows\Installer\{ee317be7-c884-b986-bea0-b89b021879dc}\U folder moved successfully.

C:\Windows\Installer\{ee317be7-c884-b986-bea0-b89b021879dc}\L folder moved successfully.

Folder move failed. C:\Windows\Installer\{ee317be7-c884-b986-bea0-b89b021879dc} scheduled to be moved on reboot.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Public\cmd.bat deleted successfully.

C:\Users\Public\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Shmim

->Temp folder emptied: 116729362 bytes

->Temporary Internet Files folder emptied: 1444385339 bytes

->Java cache emptied: 2008511 bytes

->Google Chrome cache emptied: 374239455 bytes

->Flash cache emptied: 7325 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 512000 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 134594 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84793 bytes

RecycleBin emptied: 10195296312 bytes

Total Files Cleaned = 11,571.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.0 log created on 06242012_140610

Files\Folders moved on Reboot...

C:\Windows\Installer\{ee317be7-c884-b986-bea0-b89b021879dc}\U folder moved successfully.

C:\Windows\Installer\{ee317be7-c884-b986-bea0-b89b021879dc} folder moved successfully.

C:\Users\Shmim\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

File C:\Windows\Installer\{ee317be7-c884-b986-bea0-b89b021879dc} not found!

File C:\Users\Shmim\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

MBAM log:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.24.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Shmim :: SHMIM-PC [administrator]

6/24/2012 2:12:59 PM

mbam-log-2012-06-24 (14-12-59).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 208884

Time elapsed: 2 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

June 24, 2012

Sorry for the screw up. I appreciate your patience. Here are the new logs: (note it did not output a "Extra's" log this time

OTL logfile created on: 6/24/2012 1:28:47 PM - Run 2

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Public

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 59.70% Memory free

7.99 Gb Paging File | 6.44 Gb Available in Paging File | 80.63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 346.47 Gb Free Space | 37.20% Space Free | Partition Type: NTFS

Drive G: | 149.01 Gb Total Space | 76.23 Gb Free Space | 51.16% Space Free | Partition Type: FAT32

Drive I: | 298.08 Gb Total Space | 134.58 Gb Free Space | 45.15% Space Free | Partition Type: NTFS

Computer Name: SHMIM-PC | User Name: Shmim | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/24 12:56:57 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Public\OTL.exe

PRC - [2012/02/15 02:07:56 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/11/02 09:24:04 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE

PRC - [2009/10/21 14:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

========== Modules (No Company Name) ==========

MOD - [2010/11/20 07:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL

MOD - [2010/11/20 07:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2011/11/09 23:08:52 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2011/11/09 22:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2012/02/15 02:07:56 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/11/02 09:24:04 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)

SRV - [2011/10/26 18:58:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/09/09 01:57:41 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/11/25 00:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)

DRV:64bit: - [2011/11/10 10:28:22 | 000,052,160 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)

DRV:64bit: - [2011/11/10 10:28:22 | 000,024,640 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)

DRV:64bit: - [2011/11/09 22:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/11/09 21:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/10/17 12:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2011/09/20 10:32:38 | 000,183,104 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0CCB.sys -- (SaiK0CCB)

DRV:64bit: - [2011/09/20 10:32:38 | 000,047,168 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiU0CCB.sys -- (SaiU0CCB)

DRV:64bit: - [2011/06/24 07:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/01/07 16:03:08 | 000,051,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)

DRV:64bit: - [2011/01/07 16:03:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/10/13 23:46:42 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/07/21 17:59:28 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)

DRV:64bit: - [2010/06/24 13:46:14 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliandMP)

DRV:64bit: - [2010/06/24 13:46:14 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliand)

DRV:64bit: - [2010/04/27 17:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)

DRV:64bit: - [2010/04/27 17:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)

DRV:64bit: - [2010/04/27 15:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)

DRV:64bit: - [2010/04/27 15:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)

DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2009/10/27 01:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2009/10/27 01:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)

DRV:64bit: - [2007/08/06 19:21:32 | 000,057,776 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2522420040-2883569271-1727095018-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2522420040-2883569271-1727095018-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\S-1-5-21-2522420040-2883569271-1727095018-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 85 B2 82 BB 49 CD 01 [binary data]

IE - HKU\S-1-5-21-2522420040-2883569271-1727095018-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-2522420040-2883569271-1727095018-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2522420040-2883569271-1727095018-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GZAZ_en

IE - HKU\S-1-5-21-2522420040-2883569271-1727095018-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2522420040-2883569271-1727095018-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-2522420040-2883569271-1727095018-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8118

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Shmim\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Shmim\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Shmim\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Shmim\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Shmim\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Shmim\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Shmim\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Shmim\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Shmim\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Shmim\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll

CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - Extension: Porn Videos, Sex, XXX, Free Porn Tube - YouPorn = C:\Users\Shmim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejdlkeffkelgajofggbooeihbefcopk\2012.4.30.9651_0\

CHR - Extension: YouTube = C:\Users\Shmim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\Shmim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.9_0\

CHR - Extension: Google Search = C:\Users\Shmim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: AdBlock = C:\Users\Shmim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.37_0\

CHR - Extension: Gmail = C:\Users\Shmim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.

O2:64bit: - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.

O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-2522420040-2883569271-1727095018-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-2522420040-2883569271-1727095018-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-2522420040-2883569271-1727095018-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [mscpt] C:\Users\Shmim\AppData\Roaming\mscpt.dll (Analog Devices, Inc.)

O4:64bit: - HKLM..\Run: [pdilg] C:\Users\Shmim\AppData\Roaming\pdilg.dll (Duplex Secure Ltd.)

O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [saiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Saitek)

O4:64bit: - HKLM..\Run: [sKDaemon.exe] C:\Program Files\Lenovo\Productivity Keyboard\Skdaemon.exe (LITE-ON TECHNOLOGY CORP.)

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2522420040-2883569271-1727095018-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-2522420040-2883569271-1727095018-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - Reg Error: Value error. File not found

O8:64bit: - Extra context menu item: Append to Existing PDF - Reg Error: Value error. File not found

O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - Reg Error: Value error. File not found

O8:64bit: - Extra context menu item: Convert to Adobe PDF - Reg Error: Value error. File not found

O8:64bit: - Extra context menu item: Download all by YouTube Robot - Reg Error: Value error. File not found

O8:64bit: - Extra context menu item: Download by YouTube Robot - Reg Error: Value error. File not found

O8:64bit: - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found

O8 - Extra context menu item: Append Link Target to Existing PDF - Reg Error: Value error. File not found

O8 - Extra context menu item: Append to Existing PDF - Reg Error: Value error. File not found

O8 - Extra context menu item: Convert Link Target to Adobe PDF - Reg Error: Value error. File not found

O8 - Extra context menu item: Convert to Adobe PDF - Reg Error: Value error. File not found

O8 - Extra context menu item: Download all by YouTube Robot - Reg Error: Value error. File not found

O8 - Extra context menu item: Download by YouTube Robot - Reg Error: Value error. File not found

O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A18237B-A19D-48F3-88BB-AD2B18FB9311}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\gopher - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\SysNative\WPDShServiceObj.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/24 12:29:05 | 000,000,000 | ---D | C] -- C:\Users\Shmim\Desktop\RK_Quarantine

[2012/06/24 12:28:33 | 004,567,064 | ---- | C] (Swearware) -- C:\Users\Shmim\Desktop\ComboFix.exe

[2012/06/24 12:28:33 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Shmim\Desktop\tdsskiller.exe

[2012/06/24 10:18:51 | 000,000,000 | ---D | C] -- C:\Users\Shmim\AppData\Local\{1F232BD4-BD96-11E1-8270-B8AC6F996F26}

[2012/06/23 19:56:40 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/06/23 19:46:56 | 000,353,792 | ---- | C] (Analog Devices, Inc.) -- C:\Users\Shmim\AppData\Roaming\mscpt.dll

[2012/06/23 19:46:07 | 000,118,272 | ---- | C] (Duplex Secure Ltd.) -- C:\Users\Shmim\AppData\Roaming\pdilg.dll

[2012/06/21 17:56:32 | 000,000,000 | ---D | C] -- C:\Users\Shmim\AppData\Roaming\Mozilla

[2012/06/10 19:37:16 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012/06/10 14:22:30 | 000,000,000 | ---D | C] -- C:\Users\Shmim\Home recordings

[2012/06/09 21:31:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/24 13:16:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/06/24 13:06:32 | 000,747,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/06/24 13:06:32 | 000,637,962 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/06/24 13:06:32 | 000,112,436 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/06/24 12:52:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2522420040-2883569271-1727095018-1000UA.job

[2012/06/24 12:22:36 | 004,567,064 | ---- | M] (Swearware) -- C:\Users\Shmim\Desktop\ComboFix.exe

[2012/06/24 12:21:12 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Shmim\Desktop\tdsskiller.exe

[2012/06/24 12:20:14 | 001,521,152 | ---- | M] () -- C:\Users\Shmim\Desktop\RogueKiller.exe

[2012/06/24 11:40:47 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/24 11:40:47 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/24 11:33:42 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/06/24 11:33:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/24 11:33:37 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/24 11:23:48 | 000,003,240 | ---- | M] () -- C:\bootsqm.dat

[2012/06/24 10:22:31 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2522420040-2883569271-1727095018-1000Core.job

[2012/06/24 10:17:58 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012/06/24 10:17:58 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/06/23 22:58:26 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2012/06/22 00:48:48 | 000,118,272 | ---- | M] (Duplex Secure Ltd.) -- C:\Users\Shmim\AppData\Roaming\pdilg.dll

[2012/06/16 16:30:54 | 000,413,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/06/09 21:31:23 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/06/09 21:31:17 | 000,761,208 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/06/09 20:37:18 | 000,007,632 | ---- | M] () -- C:\Users\Shmim\AppData\Local\Resmon.ResmonCfg

[2012/06/09 20:27:32 | 288,287,040 | ---- | M] () -- C:\Users\Shmim\Documents\BackupRegistry(20120609).reg

[2012/05/26 12:24:07 | 000,465,692 | ---- | M] () -- C:\Users\Shmim\Documents\CCW_NSP1710_Application.pdf

[2012/05/26 12:11:39 | 000,257,503 | ---- | M] () -- C:\Users\Shmim\Documents\Pac parts order.xps

[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/24 12:42:17 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{ee317be7-c884-b986-bea0-b89b021879dc}\U\00000008.@

[2012/06/24 12:28:33 | 001,521,152 | ---- | C] () -- C:\Users\Shmim\Desktop\RogueKiller.exe

[2012/06/24 11:23:48 | 000,003,240 | ---- | C] () -- C:\bootsqm.dat

[2012/06/23 19:46:29 | 000,088,064 | ---- | C] () -- C:\Windows\Installer\{ee317be7-c884-b986-bea0-b89b021879dc}\U\80000032.@

[2012/06/23 19:46:29 | 000,081,408 | ---- | C] () -- C:\Windows\Installer\{ee317be7-c884-b986-bea0-b89b021879dc}\U\80000064.@

[2012/06/23 19:46:29 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{ee317be7-c884-b986-bea0-b89b021879dc}\U\000000cb.@

[2012/06/23 19:46:29 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{ee317be7-c884-b986-bea0-b89b021879dc}\L\00000004.@

[2012/06/23 19:46:28 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{ee317be7-c884-b986-bea0-b89b021879dc}\U\80000000.@

[2012/06/23 19:46:28 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{ee317be7-c884-b986-bea0-b89b021879dc}\U\00000004.@

[2012/06/09 20:27:14 | 288,287,040 | ---- | C] () -- C:\Users\Shmim\Documents\BackupRegistry(20120609).reg

[2012/06/07 18:55:31 | 3219,300,352 | -HS- | C] () -- C:\hiberfil.sys

[2012/05/26 12:24:17 | 000,465,692 | ---- | C] () -- C:\Users\Shmim\Documents\CCW_NSP1710_Application.pdf

[2012/05/26 12:11:35 | 000,257,503 | ---- | C] () -- C:\Users\Shmim\Documents\Pac parts order.xps

[2012/01/29 18:15:53 | 000,896,661 | ---- | C] () -- C:\Users\Shmim\AppData\Local\census.cache

[2012/01/29 18:15:15 | 000,127,465 | ---- | C] () -- C:\Users\Shmim\AppData\Local\ars.cache

[2012/01/29 18:06:26 | 000,000,036 | ---- | C] () -- C:\Users\Shmim\AppData\Local\housecall.guid.cache

[2012/01/11 12:28:11 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{ee317be7-c884-b986-bea0-b89b021879dc}\@

[2011/11/30 06:01:05 | 000,000,487 | ---- | C] () -- C:\Users\Shmim\AppData\Roaming\GPU Monitor_Settings.ini

[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll

[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2011/11/09 21:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2011/11/09 21:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2011/10/26 16:29:41 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll

[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/08/03 20:59:28 | 000,000,412 | ---- | C] () -- C:\Users\Shmim\AppData\Roaming\All CPU Meter_Settings.ini

[2011/07/18 16:25:24 | 000,004,096 | -H-- | C] () -- C:\Users\Shmim\AppData\Local\keyfile3.drm

[2011/05/07 12:13:12 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011/03/23 21:04:02 | 000,000,520 | ---- | C] () -- C:\Windows\netdet.ini

[2011/03/12 21:38:44 | 000,829,781 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011/03/05 15:49:59 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat

[2011/03/05 15:49:59 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat

[2011/03/05 15:49:59 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat

[2011/03/05 15:49:59 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat

[2011/03/05 15:49:59 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat

[2011/03/05 15:49:59 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat

[2011/03/05 15:49:59 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat

[2011/03/05 15:49:59 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat

[2011/03/05 15:49:59 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat

[2011/03/05 15:49:59 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat

[2011/03/05 15:49:59 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat

[2011/03/05 15:49:59 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat

[2011/03/05 15:49:59 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat

[2011/03/05 15:49:59 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat

[2011/03/05 15:49:59 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat

[2011/03/05 15:49:59 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2011/01/23 20:26:07 | 000,000,192 | ---- | C] () -- C:\Windows\winamp.ini

[2011/01/22 02:37:48 | 000,761,208 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/11/27 21:44:57 | 000,152,064 | ---- | C] () -- C:\Users\Shmim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/11 16:16:26 | 000,033,576 | ---- | C] () -- C:\Windows\SysWow64\BCGPOleAcc.dll

[2010/10/16 01:56:43 | 000,007,632 | ---- | C] () -- C:\Users\Shmim\AppData\Local\Resmon.ResmonCfg

[2010/10/11 17:32:44 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe

[2010/10/02 01:34:33 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2010/09/28 11:40:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2011/04/26 15:44:29 | 000,000,000 | ---D | M] -- C:\Users\Shmim\AppData\Roaming\Amazon

[2011/04/26 17:41:00 | 000,000,000 | ---D | M] -- C:\Users\Shmim\AppData\Roaming\Audacity

[2010/10/28 18:02:34 | 000,000,000 | ---D | M] -- C:\Users\Shmim\AppData\Roaming\Cakewalk

[2011/09/14 04:40:08 | 000,000,000 | ---D | M] -- C:\Users\Shmim\AppData\Roaming\calibre

[2011/10/12 22:16:53 | 000,000,000 | ---D | M] -- C:\Users\Shmim\AppData\Roaming\ChemTable Software

[2010/12/16 17:16:46 | 000,000,000 | ---D | M] -- C:\Users\Shmim\AppData\Roaming\DAEMON Tools Lite

[2011/06/27 18:18:23 | 000,000,000 | ---D | M] -- C:\Users\Shmim\AppData\Roaming\Day 1 Studios

[2011/08/10 22:53:10 | 000,000,000 | ---D | M] -- C:\Users\Shmim\AppData\Roaming\DisneyInteractiveStudios

[2011/12/16 16:15:00 | 000,000,000 | ---D | M] -- C:\Users\Shmim\AppData\Roaming\Downloaded Installations

[2011/11/12 15:14:18 | 000,000,000 | ---D | M] -- C:\Users\Shmim\AppData\Roaming\Dropbox

[2011/03/05 16:13:27 | 000,000,000 | ---D | M] -- C:\Users\Shmim\AppData\Roaming\EPSON

[2011/03/12 21:38:41 | 000,000,000 | ---D | M] -- C:\Users\Shmim\AppData\Roaming\GetRightToGo

[2011/11/12 06:28:37 | 000,000,000 | ---D | M] -- C:\Users\Shmim\AppData\Roaming\Gmote

[2011/06/14 11:30:18 | 000,000,000 | ---D | M] -- C:\Users\Shmim\AppData\Roaming\Lionhead Studios

[2011/12/19 17:13:44 | 000,000,000 | ---D | M] -- C:\Users\Shmim\AppData\Roaming\Nitro PDF

[2011/10/21 17:38:51 | 000,000,000 | ---D | M] -- C:\Users\Shmim\AppData\Roaming\Origin

[2011/10/16 14:31:35 | 000,000,000 | ---D | M] -- C:\Users\Shmim\AppData\Roaming\PE Explorer

[2011/05/19 03:25:52 | 000,000,000 | ---D | M] -- C:\Users\Shmim\AppData\Roaming\PunkBuster

[2011/03/29 20:58:19 | 000,000,000 | ---D | M] -- C:\Users\Shmim\AppData\Roaming\Replay Media Catcher 4

[2012/04/01 19:12:02 | 000,000,000 | ---D | M] -- C:\Users\Shmim\AppData\Roaming\Rovio

[2011/01/26 09:31:45 | 000,000,000 | ---D | M] -- C:\Users\Shmim\AppData\Roaming\Thinstall

[2011/11/21 21:19:46 | 000,000,000 | ---D | M] -- C:\Users\Shmim\AppData\Roaming\TS3Client

[2011/05/27 01:50:12 | 000,000,000 | ---D | M] -- C:\Users\Shmim\AppData\Roaming\Ubisoft

[2012/06/23 19:33:34 | 000,000,000 | ---D | M] -- C:\Users\Shmim\AppData\Roaming\uTorrent

[2011/11/11 21:19:12 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Users\Shmim\Documents\dmv notice.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >

June 24, 2012

thank you for the fast reply. I am running the scan now however I have recieved a pop up from the task bar a couple of times stating that some part of OTL is corrupt and that I should run a chkdsk. The scan just finished, here are the logs:

OTL logfile created on: 6/24/2012 1:05:04 PM - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Public

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 63.06% Memory free

7.99 Gb Paging File | 6.57 Gb Available in Paging File | 82.24% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 346.50 Gb Free Space | 37.20% Space Free | Partition Type: NTFS

Drive G: | 149.01 Gb Total Space | 82.35 Gb Free Space | 55.26% Space Free | Partition Type: FAT32

Drive I: | 298.08 Gb Total Space | 134.58 Gb Free Space | 45.15% Space Free | Partition Type: NTFS

Computer Name: SHMIM-PC | User Name: Shmim | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans