Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Live Security Platinum - Recovering - but no Windows Update [Solved]

Started by beenbitten , Aug 28 2012 10:48 AM

This topic is locked

#1
beenbitten

Posted 28 August 2012 - 10:48 AM

Member

Member
11 posts

Hello All,

Recently recovering from Live Security Platinum attack - Got firewall back going, but can't get my Windows Update going again.

Here's my OTL text file. Thanks in advance!

OTL logfile created on: 8/28/2012 12:38:10 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\kdelong\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.88 Gb Total Physical Memory | 2.98 Gb Available Physical Memory | 50.63% Memory free
11.77 Gb Paging File | 8.59 Gb Available in Paging File | 73.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.75 Gb Total Space | 110.86 Gb Free Space | 38.66% Space Free | Partition Type: NTFS
Drive O: | 149.04 Gb Total Space | 31.72 Gb Free Space | 21.28% Space Free | Partition Type: NTFS

Computer Name: 1MS03Q1KDELONG | User Name: kdelong | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/08/26 10:05:06 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\kdelong\Desktop\OTL.exe
PRC - [2012/08/17 21:23:44 | 002,207,496 | ---- | M] (AgileBits) -- C:\Program Files (x86)\1Password\Agile1pAgent.exe
PRC - [2012/08/17 21:23:38 | 000,768,776 | ---- | M] (AgileBits) -- C:\Program Files (x86)\1Password\Agile1pService.exe
PRC - [2012/08/15 14:28:47 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/19 16:33:51 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/06/09 02:37:04 | 000,433,816 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012/06/09 02:36:36 | 000,354,456 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012/06/09 00:15:22 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2012/05/31 16:18:00 | 002,458,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/31 12:27:14 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\kdelong\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/03/19 07:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/02/24 03:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2011/11/02 09:24:04 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2011/08/08 19:46:08 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/08/08 19:46:06 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/07/25 11:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2011/07/01 13:52:02 | 000,094,208 | ---- | M] (eWON s.a.) -- C:\Program Files (x86)\eCatcher-Talk2M\Talk2mVpnService\bin\Talk2MVpnService.exe
PRC - [2011/05/12 18:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/02/08 03:41:16 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/11/20 23:25:10 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/01 18:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2010/08/24 10:37:52 | 000,444,976 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
PRC - [2010/08/24 10:25:44 | 000,444,976 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
PRC - [2010/08/13 21:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- c:\Windows\SysWOW64\SDIOAssist.exe
PRC - [2003/04/18 22:06:26 | 000,008,192 | ---- | M] () -- c:\Windows\SysWOW64\srvany.exe
PRC - [1999/09/30 23:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files (x86)\PrintKey2000\Printkey2000.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/15 14:28:47 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2012/08/03 08:03:29 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll
MOD - [2012/08/02 22:02:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/08/02 20:48:17 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/07/19 16:33:46 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/31 12:26:58 | 000,362,856 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012/05/29 08:20:58 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012/05/29 08:18:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/29 08:18:25 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/29 08:18:22 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/29 08:18:19 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/29 08:18:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/29 08:18:14 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/03/31 16:36:22 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\1Password\js3215R.dll
MOD - [2012/03/16 15:28:37 | 000,008,704 | ---- | M] () -- C:\Users\kdelong\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.9.gadget\GetCoreTempInfoNET.dll
MOD - [2012/03/16 15:28:37 | 000,007,680 | ---- | M] () -- C:\Users\kdelong\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.9.gadget\SystemInfo.dll
MOD - [2012/03/16 15:28:37 | 000,006,144 | ---- | M] () -- C:\Users\kdelong\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.9.gadget\CoreTempReader.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/25 11:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2011/06/05 11:22:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/05/16 15:33:08 | 000,216,072 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe -- (NitroDriverReadSpool2)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/02/15 15:05:08 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2012/01/04 17:16:08 | 002,646,864 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011/07/01 15:52:32 | 001,600,000 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service)
SRV:64bit: - [2011/06/29 12:51:26 | 000,171,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2011/05/27 19:46:56 | 003,792,240 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV:64bit: - [2011/05/24 17:42:08 | 002,154,888 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV:64bit: - [2011/05/13 12:10:44 | 001,043,872 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2011/05/13 12:10:44 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV:64bit: - [2011/02/08 03:41:16 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/01/25 05:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/01/20 13:33:20 | 000,517,488 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/10 21:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2010/01/13 10:11:48 | 000,331,752 | ---- | M] (XIMETA, Inc.) [Auto | Running] -- C:\Program Files\NDAS\System\ndassvc.exe -- (ndassvc)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/08/17 21:23:38 | 000,768,776 | ---- | M] (AgileBits) [Auto | Running] -- C:\Program Files (x86)\1Password\Agile1pService.exe -- (Agile1Password)
SRV - [2012/08/15 14:28:48 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/19 16:33:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/09 02:37:04 | 000,433,816 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012/06/09 02:36:36 | 000,354,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/06/09 00:15:22 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/05/31 16:18:00 | 002,458,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/31 12:27:14 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/03/19 07:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/11/02 09:24:04 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/08/29 23:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2011/08/08 19:46:08 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/08/08 19:46:06 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/07/01 13:52:02 | 000,094,208 | ---- | M] (eWON s.a.) [Auto | Running] -- C:\Program Files (x86)\eCatcher-Talk2M\Talk2mVpnService\bin\Talk2MVpnService.exe -- (Talk2MVpnService)
SRV - [2011/06/07 14:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/05/12 18:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/17 11:08:52 | 001,633,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2010/11/25 07:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 07:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/08/24 10:37:52 | 000,444,976 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe -- (vmware-converter-worker)
SRV - [2010/08/24 10:37:52 | 000,444,976 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe -- (vmware-converter-server)
SRV - [2010/08/24 10:25:44 | 000,444,976 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe -- (vmware-converter-agent)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003/04/18 22:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- c:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/06/09 02:37:26 | 000,063,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012/06/09 02:37:24 | 000,031,384 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2012/06/09 02:36:16 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012/06/09 02:35:38 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012/06/08 23:52:20 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012/06/08 23:52:20 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012/05/31 16:18:00 | 000,249,192 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2012/05/31 16:18:00 | 000,029,032 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 15:05:08 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2012/02/15 15:05:06 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/01 15:13:18 | 000,018,512 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urfltv64.sys -- (f5ipfw)
DRV:64bit: - [2011/11/19 08:03:59 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/19 08:03:59 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/11/19 06:34:00 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/11/19 06:34:00 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/11/19 06:34:00 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/11/19 06:34:00 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/11/19 06:34:00 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/08/29 23:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/08/29 23:01:10 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011/08/08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/07/22 16:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)
DRV:64bit: - [2011/07/20 13:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/07/16 01:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011/06/10 15:16:08 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/07 04:58:52 | 000,044,112 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\covpnv64.sys -- (urvpndrv)
DRV:64bit: - [2011/05/26 14:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/05/10 16:05:48 | 000,038,504 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2011/05/10 06:41:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/23 17:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011/02/14 02:04:34 | 000,044,624 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV:64bit: - [2011/01/25 05:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/03 18:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:64bit: - [2011/01/03 16:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 09:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 07:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/20 16:42:16 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/21 15:13:40 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
DRV:64bit: - [2010/03/19 05:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/12 19:21:52 | 000,097,280 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2010/02/26 20:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 10:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010/01/13 10:12:14 | 000,738,792 | ---- | M] (XIMETA, Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lfsfilt.sys -- (lfsfilt)
DRV:64bit: - [2010/01/13 10:12:10 | 000,151,528 | ---- | M] (XIMETA, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lpx6x.sys -- (lpx)
DRV:64bit: - [2010/01/13 10:12:08 | 000,497,640 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndasbus.sys -- (ndasbus)
DRV:64bit: - [2010/01/13 10:12:04 | 000,607,720 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\Windows\SysNative\drivers\ndasfat.sys -- (ndasfat)
DRV:64bit: - [2010/01/13 10:12:02 | 000,746,472 | ---- | M] (XIMETA, Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\ndasfs.sys -- (ndasfs)
DRV:64bit: - [2010/01/13 10:11:54 | 001,053,160 | ---- | M] (XIMETA, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\ndasrofs.sys -- (ndasrofs)
DRV:64bit: - [2010/01/13 10:11:48 | 000,486,888 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndasscsi.sys -- (ndasscsi)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/16 20:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007/08/13 22:48:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {376D0A1E-8C6F-47FF-BF2A-B53516F589B3}
IE:64bit: - HKLM\..\SearchScopes\{376D0A1E-8C6F-47FF-BF2A-B53516F589B3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {376D0A1E-8C6F-47FF-BF2A-B53516F589B3}
IE - HKLM\..\SearchScopes\{376D0A1E-8C6F-47FF-BF2A-B53516F589B3}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sescowi.com/
IE - HKCU\..\SearchScopes,DefaultScope = {376D0A1E-8C6F-47FF-BF2A-B53516F589B3}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 16:33:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/28 09:23:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8340C04B-F113-11E1-8270-B8AC6F996F26}: C:\Users\kdelong\AppData\Local\{8340C04B-F113-11E1-8270-B8AC6F996F26}\ [2012/08/28 09:23:08 | 000,000,000 | ---D | M]

[2011/11/28 17:26:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kdelong\AppData\Roaming\mozilla\Extensions
[2012/08/28 10:31:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kdelong\AppData\Roaming\mozilla\Firefox\Profiles\kjquwj91.default\extensions
[2012/04/10 12:32:10 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Users\kdelong\AppData\Roaming\mozilla\Firefox\Profiles\kjquwj91.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
[2011/11/29 00:17:04 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\kdelong\AppData\Roaming\mozilla\Firefox\Profiles\kjquwj91.default\extensions\[email protected]
[2012/07/19 16:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/28 09:23:08 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\KDELONG\APPDATA\LOCAL\{8340C04B-F113-11E1-8270-B8AC6F996F26}
[2012/08/28 10:31:27 | 000,084,654 | ---- | M] () (No name found) -- C:\USERS\KDELONG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KJQUWJ91.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
[2012/08/28 10:31:27 | 000,455,379 | ---- | M] () (No name found) -- C:\USERS\KDELONG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KJQUWJ91.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
[2012/02/12 20:10:03 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\KDELONG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KJQUWJ91.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012/06/18 20:54:36 | 000,344,702 | ---- | M] () (No name found) -- C:\USERS\KDELONG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KJQUWJ91.DEFAULT\EXTENSIONS\[email protected]
[2012/07/19 16:33:51 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/19 21:14:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/19 21:14:55 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/28 11:49:14 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (1Password) - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\Program Files (x86)\1Password\Agile1pIE.dll (AgileBits)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Agile1pAgent] C:\Program Files (x86)\1Password\Agile1pAgent.exe (AgileBits)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - Startup: C:\Users\kdelong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\kdelong\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\kdelong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk = C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: 1Password - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Program Files (x86)\1Password\Agile1pIE.dll (AgileBits)
O9 - Extra 'Tools' menuitem : 1Password Ctrl+\ - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Program Files (x86)\1Password\Agile1pIE.dll (AgileBits)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cooperc3.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: schneider-electric.com ([www.myseus] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tnb.com ([tnbaccess] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.abb-contr...ptx/ScriptX.cab (MeadCo ScriptX)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://ra.paetec.ne...,2011,1201,2311 (F5 Networks VPN Manager)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://ra.paetec.ne...,2011,1201,2306 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://ra.paetec.ne...,2011,1201,2323 (F5 Networks Auto Update)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.co.../DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} http://www.websync.s...bEqm1/setup.ocx (InstallShield Setup Player V14)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://ra.paetec.ne...,2011,1201,2303 (F5 Networks SuperHost Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://ra.paetec.ne...,2011,1201,2321 (F5 Networks Host Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Milw1.sesco.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AD9174C-7937-4B09-B498-8D759F9CA515}: NameServer = 10.30.16.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{882CC7E1-6206-48C6-A586-18BED986FAB3}: DhcpNameServer = 10.30.16.100 10.30.16.105
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AABBF3EB-CADE-4F0B-A6D3-1830823E745C}: NameServer = 10.30.16.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C09F026A-FDF2-46D6-989B-3A93A9D3C018}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (wvauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/28 15:44:08 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/28 12:37:17 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\kdelong\Desktop\OTL.exe
[2012/08/28 12:27:38 | 000,000,000 | ---D | C] -- C:\Users\kdelong\New folder
[2012/08/28 11:59:23 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
[2012/08/28 11:50:17 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/08/28 11:38:55 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/08/28 11:37:10 | 000,000,000 | ---D | C] -- C:\RegBackup
[2012/08/28 11:16:48 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/08/28 11:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/08/28 11:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2012/08/28 09:55:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/28 09:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/28 09:55:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/28 09:47:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/08/28 09:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/28 09:23:08 | 000,000,000 | ---D | C] -- C:\Users\kdelong\AppData\Local\{8340C04B-F113-11E1-8270-B8AC6F996F26}
[2012/08/28 09:05:09 | 000,000,000 | ---D | C] -- C:\Users\kdelong\AppData\Roaming\Malwarebytes
[2012/08/28 09:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/28 08:40:14 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/08/28 08:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\7531CCA9221338D4A7F3332AF875EF60
[2012/08/28 08:10:03 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012/08/24 08:15:10 | 000,000,000 | ---D | C] -- C:\Users\kdelong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse
[2012/08/08 15:16:26 | 000,000,000 | ---D | C] -- C:\Users\kdelong\Desktop\RK_Quarantine
[2012/08/02 14:53:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
[2012/08/02 14:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinMerge
[2012/08/02 10:58:36 | 000,000,000 | ---D | C] -- C:\Users\kdelong\AppData\Roaming\FileZilla
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/28 12:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/28 12:10:40 | 000,021,312 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/28 12:10:40 | 000,021,312 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/28 12:05:59 | 000,807,876 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/28 12:05:59 | 000,680,742 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/28 12:05:59 | 000,128,776 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/28 11:58:27 | 000,462,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/28 11:58:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/28 11:58:07 | 444,194,815 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/28 11:50:47 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/08/28 11:49:14 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/28 11:38:05 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-1MS03Q1KDELONG-Microsoft-Windows-7-Professional-(64-bit).dat
[2012/08/28 11:16:42 | 000,002,293 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/08/28 10:41:20 | 000,000,000 | ---- | M] () -- C:\Users\kdelong\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[2012/08/28 09:55:42 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/28 09:47:47 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/28 09:47:07 | 000,804,630 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/28 09:23:20 | 000,345,600 | ---- | M] () -- C:\Users\kdelong\AppData\Roaming\mpcet.dll
[2012/08/28 09:23:08 | 000,537,600 | ---- | M] () -- C:\Users\kdelong\AppData\Roaming\wmsrfp.dll
[2012/08/28 08:36:45 | 000,155,648 | -HS- | M] () -- C:\Users\kdelong\AppData\Roaming\krone.dll
[2012/08/26 10:05:06 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\kdelong\Desktop\OTL.exe
[2012/08/24 12:09:07 | 000,088,247 | ---- | M] () -- C:\Users\kdelong\Desktop\2012 Healthy Lifestyles Wellness Program.pdf
[2012/08/24 09:29:08 | 000,000,977 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_416
[2012/08/24 08:56:49 | 000,000,822 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2012/08/24 08:15:29 | 000,000,055 | ---- | M] () -- C:\Users\kdelong\SolarMessageSource.ini
[2012/08/24 08:15:10 | 000,002,169 | ---- | M] () -- C:\Users\kdelong\Desktop\Solar Eclipse - eclipse.lnk
[2012/08/21 18:04:41 | 000,055,297 | ---- | M] () -- C:\Users\kdelong\Desktop\overload.pdf
[2012/08/21 18:01:45 | 000,090,641 | ---- | M] () -- C:\Users\kdelong\Desktop\handle.pdf
[2012/08/21 17:44:06 | 000,180,479 | ---- | M] () -- C:\Users\kdelong\Desktop\HJL36150M74.pdf
[2012/08/21 17:07:31 | 000,054,549 | ---- | M] () -- C:\Users\kdelong\Desktop\LC1D115.pdf
[2012/08/20 15:52:23 | 000,125,965 | ---- | M] () -- C:\Users\kdelong\Desktop\LIT1161520000_CAT6_Tools_C.pdf
[2012/08/20 07:16:58 | 000,001,025 | ---- | M] () -- C:\Users\kdelong\Desktop\1Password.lnk
[2012/08/17 10:11:46 | 003,875,811 | ---- | M] () -- C:\Users\kdelong\Desktop\OsiSense_XS_Cubic_Range.pdf
[2012/08/17 10:11:27 | 000,449,654 | ---- | M] () -- C:\Users\kdelong\Desktop\9006BR1203_303WFI.pdf
[2012/08/17 10:11:07 | 000,423,106 | ---- | M] () -- C:\Users\kdelong\Desktop\9006BR1202_316L.pdf
[2012/08/15 17:46:20 | 001,084,831 | ---- | M] () -- C:\Users\kdelong\Desktop\atv312_profibus_dp_s1a10386_01.pdf
[2012/08/15 17:02:35 | 000,700,954 | ---- | M] () -- C:\Users\kdelong\Desktop\8000BR1059.pdf
[2012/08/15 17:01:40 | 000,114,186 | ---- | M] () -- C:\Users\kdelong\Desktop\41058-en.pdf
[2012/08/15 16:42:34 | 000,574,738 | ---- | M] () -- C:\Users\kdelong\Desktop\8000BR1057.pdf
[2012/08/13 00:21:46 | 000,007,606 | ---- | M] () -- C:\Users\kdelong\AppData\Local\resmon.resmoncfg
[2012/08/02 19:04:05 | 000,288,686 | ---- | M] () -- C:\Users\kdelong\Desktop\ReleaseNotes_SoMachine.EN.pdf
[2012/08/02 14:53:56 | 000,000,978 | ---- | M] () -- C:\Users\kdelong\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMerge.lnk
[2012/08/02 14:53:56 | 000,000,954 | ---- | M] () -- C:\Users\Public\Desktop\WinMerge.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/28 11:47:46 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2012/08/28 11:38:05 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-1MS03Q1KDELONG-Microsoft-Windows-7-Professional-(64-bit).dat
[2012/08/28 11:16:42 | 000,002,293 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/08/28 09:55:42 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/28 09:47:08 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/28 09:23:19 | 000,345,600 | ---- | C] () -- C:\Users\kdelong\AppData\Roaming\mpcet.dll
[2012/08/28 09:23:08 | 000,000,000 | ---- | C] () -- C:\Users\kdelong\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[2012/08/28 09:23:05 | 000,537,600 | ---- | C] () -- C:\Users\kdelong\AppData\Roaming\wmsrfp.dll
[2012/08/28 08:36:55 | 000,155,648 | -HS- | C] () -- C:\Users\kdelong\AppData\Roaming\krone.dll
[2012/08/24 12:09:07 | 000,088,247 | ---- | C] () -- C:\Users\kdelong\Desktop\2012 Healthy Lifestyles Wellness Program.pdf
[2012/08/21 18:04:40 | 000,055,297 | ---- | C] () -- C:\Users\kdelong\Desktop\overload.pdf
[2012/08/21 18:01:44 | 000,090,641 | ---- | C] () -- C:\Users\kdelong\Desktop\handle.pdf
[2012/08/21 17:44:05 | 000,180,479 | ---- | C] () -- C:\Users\kdelong\Desktop\HJL36150M74.pdf
[2012/08/21 17:07:30 | 000,054,549 | ---- | C] () -- C:\Users\kdelong\Desktop\LC1D115.pdf
[2012/08/20 15:52:21 | 000,125,965 | ---- | C] () -- C:\Users\kdelong\Desktop\LIT1161520000_CAT6_Tools_C.pdf
[2012/08/15 17:46:20 | 001,084,831 | ---- | C] () -- C:\Users\kdelong\Desktop\atv312_profibus_dp_s1a10386_01.pdf
[2012/08/15 17:02:35 | 000,700,954 | ---- | C] () -- C:\Users\kdelong\Desktop\8000BR1059.pdf
[2012/08/15 17:01:40 | 000,114,186 | ---- | C] () -- C:\Users\kdelong\Desktop\41058-en.pdf
[2012/08/15 16:42:34 | 000,574,738 | ---- | C] () -- C:\Users\kdelong\Desktop\8000BR1057.pdf
[2012/08/02 19:04:05 | 000,288,686 | ---- | C] () -- C:\Users\kdelong\Desktop\ReleaseNotes_SoMachine.EN.pdf
[2012/08/02 15:16:55 | 000,000,007 | R--- | C] () -- C:\Users\kdelong\Documents\CRCDIR.DAT
[2012/08/02 14:53:56 | 000,000,978 | ---- | C] () -- C:\Users\kdelong\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMerge.lnk
[2012/08/02 14:53:56 | 000,000,954 | ---- | C] () -- C:\Users\Public\Desktop\WinMerge.lnk
[2012/07/26 10:12:37 | 000,002,116 | ---- | C] () -- C:\Users\kdelong\AppData\Local\recently-used.xbel
[2012/05/31 12:27:26 | 000,418,152 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/04/10 12:13:29 | 000,003,552 | ---- | C] () -- C:\Program Files (x86)\logo_en.gif
[2012/04/10 11:35:14 | 000,000,000 | ---- | C] () -- C:\Windows\f5unistall.INI
[2012/03/28 09:25:57 | 000,015,426 | ---- | C] () -- C:\Users\kdelong\load_step_log.html
[2012/03/05 21:10:00 | 000,000,000 | ---- | C] () -- C:\Windows\PCB123.INI
[2012/02/16 12:34:23 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
[2012/01/26 11:42:55 | 000,007,606 | ---- | C] () -- C:\Users\kdelong\AppData\Local\resmon.resmoncfg
[2011/12/12 11:50:45 | 000,060,304 | ---- | C] () -- C:\Users\kdelong\g2mdlhlpx.exe
[2011/12/07 12:45:59 | 000,000,000 | ---- | C] () -- C:\Windows\DESI.INI
[2011/11/30 10:32:34 | 000,037,893 | ---- | C] () -- C:\Users\kdelong\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/11/29 15:38:05 | 000,000,352 | ---- | C] () -- C:\Users\kdelong\AppData\Roaming\Network Meter_Settings.ini
[2011/11/29 15:32:59 | 000,000,412 | ---- | C] () -- C:\Users\kdelong\AppData\Roaming\All CPU Meter_Settings.ini
[2011/11/28 16:35:45 | 000,000,055 | ---- | C] () -- C:\Users\kdelong\SolarMessageSource.ini
[2011/11/28 15:51:30 | 000,000,000 | ---- | C] () -- C:\Windows\winfile.ini
[2011/11/28 13:30:41 | 000,006,318 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/11/19 07:55:28 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/11/19 07:55:28 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/11/19 07:55:27 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/11/19 07:55:26 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/11/19 07:55:25 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/11/19 06:42:29 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2011/11/19 06:39:05 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe
[2011/11/19 06:39:05 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/02/10 10:33:46 | 000,804,630 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2011/11/28 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\kdelong\AppData\Roaming\Agile Web Solutions
[2011/11/28 15:48:07 | 000,000,000 | ---D | M] -- C:\Users\kdelong\AppData\Roaming\Autodesk
[2011/12/07 12:54:40 | 000,000,000 | ---D | M] -- C:\Users\kdelong\AppData\Roaming\DESI
[2012/06/04 12:16:05 | 000,000,000 | ---D | M] -- C:\Users\kdelong\AppData\Roaming\Downloaded Installations
[2012/03/05 10:39:26 | 000,000,000 | ---D | M] -- C:\Users\kdelong\AppData\Roaming\DraftSight
[2012/08/28 12:04:08 | 000,000,000 | ---D | M] -- C:\Users\kdelong\AppData\Roaming\Dropbox
[2012/06/04 12:22:36 | 000,000,000 | ---D | M] -- C:\Users\kdelong\AppData\Roaming\FileOpen
[2012/08/02 20:42:54 | 000,000,000 | ---D | M] -- C:\Users\kdelong\AppData\Roaming\FileZilla
[2011/12/08 16:44:36 | 000,000,000 | ---D | M] -- C:\Users\kdelong\AppData\Roaming\Fritzing
[2012/05/07 07:54:57 | 000,000,000 | ---D | M] -- C:\Users\kdelong\AppData\Roaming\Fujitsu
[2011/12/21 10:36:51 | 000,000,000 | ---D | M] -- C:\Users\kdelong\AppData\Roaming\gtk-2.0
[2011/11/29 00:22:53 | 000,000,000 | ---D | M] -- C:\Users\kdelong\AppData\Roaming\Leadertech
[2012/08/28 12:00:36 | 000,000,000 | ---D | M] -- C:\Users\kdelong\AppData\Roaming\Nitro PDF
[2012/01/19 11:04:24 | 000,000,000 | ---D | M] -- C:\Users\kdelong\AppData\Roaming\PDF Writer
[2012/05/07 07:56:34 | 000,000,000 | ---D | M] -- C:\Users\kdelong\AppData\Roaming\PFU
[2012/03/05 21:19:49 | 000,000,000 | ---D | M] -- C:\Users\kdelong\AppData\Roaming\PGP
[2012/03/23 12:54:30 | 000,000,000 | ---D | M] -- C:\Users\kdelong\AppData\Roaming\PTC
[2012/02/29 16:51:25 | 000,000,000 | ---D | M] -- C:\Users\kdelong\AppData\Roaming\webex
[2012/08/08 13:59:57 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#2
Essexboy

Posted 28 August 2012 - 11:26 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you run the following programme please

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

#3
beenbitten

Posted 28 August 2012 - 11:53 AM

Member

Topic Starter
Member
11 posts

Here's the farbar output! Thanks

Farbar Service Scanner Version: 06-08-2012
Ran by kdelong (administrator) on 28-08-2012 at 13:51:48
Running from "C:\Users\kdelong\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

#4
Essexboy

Posted 28 August 2012 - 12:48 PM

GeekU Moderator

Retired Staff
69,964 posts

Download the two attached reg files to your desktop

Double click each in turn and allow to merge

[attachment=60114:BITS.reg]
[attachment=60115:WinDefend.reg]

Reboot the computer and run FSS again please.
Windows updates should now work

#5
beenbitten

Posted 28 August 2012 - 01:05 PM

Member

Topic Starter
Member
11 posts

Still doesn't work. Here's the output! Thanks,

Farbar Service Scanner Version: 06-08-2012
Ran by kdelong (administrator) on 28-08-2012 at 15:03:59
Running from "C:\Users\kdelong\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

#6
Essexboy

Posted 28 August 2012 - 01:37 PM

GeekU Moderator

Retired Staff
69,964 posts

Yep one more has gone missing. Are you experiencing any other problems ?

Download this reg file and run the same as before

[attachment=60117:wuauserv.reg]

For windows defender you will need to manually change one value in the registry .. Are you happy to do that ?

Go Start > Run
Type in Regedit and press OK
Navigate to the following key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\windefend
Select sub key Parameters
Right click Service.dll select modify
In the box that opens remove the (x86) part only
You should be left with %ProgramFiles%\Windows Defender\mpsvc.dll
Click OK
Close out of regedit and then try windefender

#7
beenbitten

Posted 28 August 2012 - 07:33 PM

Member

Topic Starter
Member
11 posts

That seems to have worked. Everything seems to be working...that I've tried.

Now Defender seems to be disabled, but since I'm using Microsoft Security Essentials.
Does it need to be?

I was having startup freezing for several weeks but I thought I was having wifi driver
or hardware issues. I noticed today after the Live Security virus showed itself that if
I kept the wifi off I wouldn't have any lockups, but once I turned it on it would immediately
lockup and when I rebooted it would sometimes freeze. Not freezing up anymore.

What would you suggest as a replacement for Microsoft Security Essentials? Since It didn't
find anything until it was too late to fix on it's own.

Here's the latest FSS output. Thanks again,

Farbar Service Scanner Version: 06-08-2012
Ran by kdelong (administrator) on 28-08-2012 at 21:32:06
Running from "C:\Users\kdelong\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
WAN connected
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Google.com returned error: Google.com is offline
Attempt to access Yahoo IP returned error: Yahoo IP is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

#8
Essexboy

Posted 29 August 2012 - 07:08 AM

GeekU Moderator

Retired Staff
69,964 posts

Windows defender will be disabled whilst MSE is installed

There are several free options for antivirus, they are listed below in order of my preference and affect on the system :

Avast

Avira

AVG

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Go to control panel
Select folder options (Appearance > Folder options in category view)
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

SPRING CLEAN

To manually create a new Restore Point

Go to Control Panel and select System
Select System
On the left select System Protection and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name i.e. Clean
Select Create

Now we can purge the infected ones

GoStart > All programs > Accessories > system tools
Right click Disc cleanup and select run as administrator
Select Your main drive and accept the warning if you get one
For a few moments the system will make some calculations
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:

#9
Essexboy

Posted 31 August 2012 - 02:25 PM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.