Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Defender disabled


  • Please log in to reply

#1
mraskin

mraskin

    Member

  • Member
  • PipPipPip
  • 238 posts
I use Dell XPS M1530 with Win7.
Yesterday I noted in the right bottom corner of the screen the notification that Microsoft Security Essentials and Windows Defender are disabled.
I've tried to turn On both programs but no luck. I've tried to re-install the Microsoft Security Essentials but I couldn't uninstall it as a first step.
Then I read on Microsoft tech support site that this might be a symptom of having a Trojan virus called Win32/Sirefef.
I've tried to use Microsoft's FixIt program but it didn't work. Then I tried to fix the problem manually. I did as per their instructions, i.e. backed up the whole set of the registries and then started deleting the registries with Microsoft Security Essentials (deleted 2 registries as per their instructions and then I stumbled on unclear instruction regarding further registries deletion). So I stopped.
Then I read on Microsoft tech support site that they recommend to use HitmanPro for checking and fixing the problem. And indeed this program found Trojan virus called Win32/Sirefef and removed it. Right after that Microsoft Security Essentials started to work again. But Windows Defender still was Off. I'v tried to turn it On but no luck, it for a second showed as if it did turn On and then back to Off.
I suspected that probably since I'v deleted 2 registries of Microsoft Security Essentials the security system is compromised.
I decided to re-install the Microsoft Security Essentials but again I couldn't uninstall it as a first step. Uninstall process didn't go through till the end. And now Microsoft Security Essentials is not even listed in the Control Panel\All Control Panel Items\Programs and Features. But I see it in the Start menu. However I can't turn it On, i.e. when I click on Microsoft Security Essentials in the Start\All Programs the message pops up:
"An error occurred in the program during initialization. If this problem continues, please contact your system administrator.
Error code: 0x80070002 "
I did search on Microsoft tech support site for this error code and FixIt program helped to bring back to life the Microsoft Security Essentials.
But Windows Defender still is Off. When I tried to turn it On the message pop up with Error code: 0x800106ba came on. I did search on Microsoft tech support site for this error code but FixIt program did not help this time.
Any idea how I can fix Windows Defender?

Here is OTL log:
OTL logfile created on: 6/23/2013 6:20:44 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 36.47% Memory free
4.00 Gb Paging File | 2.27 Gb Available in Paging File | 56.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 194.89 Gb Free Space | 83.72% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/23 16:17:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2013/06/14 18:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/07 23:18:34 | 002,852,640 | ---- | M] (Conduit) -- C:\Users\User\AppData\Roaming\SearchProtect\bin\cltmng.exe
PRC - [2013/05/07 23:18:34 | 000,097,056 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2007/05/09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/14 18:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll
MOD - [2013/06/14 18:28:41 | 013,140,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
MOD - [2013/06/14 18:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
MOD - [2013/06/14 18:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dll
MOD - [2013/06/14 18:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dll
MOD - [2013/06/14 18:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/22 23:57:04 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/08/30 13:10:38 | 000,296,808 | ---- | M] (AuthenTec, Inc) [Auto | Running] -- C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe -- (FPLService)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/21 20:58:49 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/07 23:18:34 | 000,097,056 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 00:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/10/10 17:03:00 | 000,266,624 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV:64bit: - [2007/03/05 10:55:48 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV:64bit: - [2006/11/18 13:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2006/11/17 17:49:52 | 000,052,224 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {95BC8960-3CB2-4D94-9476-78DB9AD424CB}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...3F52&SSPV=TB_C5
IE - HKCU\..\SearchScopes,DefaultScope = {95BC8960-3CB2-4D94-9476-78DB9AD424CB}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{95BC8960-3CB2-4D94-9476-78DB9AD424CB}: "URL" = http://search.condui...UM=2&SSPV=TB_C5
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013/06/21 21:41:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions
[2013/06/21 21:42:01 | 000,000,000 | ---D | M] (uTorrentControl_v6) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...=CT3289847&UM=2
CHR - default_search_provider: suggest_url = http://suggest.searc...8818460131&UM=2
CHR - homepage: http://search.condui...8818460131&UM=2
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms ()
O4 - HKCU..\Run: [SearchProtect] C:\Users\User\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAD51C37-03F2-4C52-B402-719ADC38C96D}: DhcpNameServer = 192.168.1.254 75.153.176.9
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/23 00:09:07 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/06/22 23:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/06/22 23:55:59 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/06/22 22:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/06/22 22:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/06/22 22:05:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/06/22 22:05:55 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/06/22 22:00:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\WinRAR
[2013/06/22 20:50:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/06/22 20:00:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueSuite
[2013/06/22 04:06:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Dell
[2013/06/22 04:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
[2013/06/22 04:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2013/06/22 04:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2013/06/22 04:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2013/06/22 04:05:45 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2013/06/22 04:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell
[2013/06/22 04:02:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PCDr
[2013/06/22 04:02:30 | 000,000,000 | ---D | C] -- C:\temp
[2013/06/22 04:02:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2013/06/21 23:48:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\AuthenTec
[2013/06/21 23:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AuthenTec TrueSuite
[2013/06/21 23:46:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AuthenTec
[2013/06/21 23:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AuthenTec
[2013/06/21 23:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\AuthenTec TrueSuite
[2013/06/21 23:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/06/21 21:41:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Mozilla
[2013/06/21 21:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/06/21 21:41:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\WinZip
[2013/06/21 21:40:39 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Add-in Express
[2013/06/21 21:40:24 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013/06/21 21:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/06/21 21:36:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\uTorrent
[2013/06/21 21:36:24 | 001,045,072 | ---- | C] (BitTorrent Inc.) -- C:\Users\User\Desktop\utorrent.exe
[2013/06/21 03:36:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Macromedia
[2013/06/21 03:35:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/06/21 03:35:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/06/21 03:33:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AdobeUM
[2013/06/21 03:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/06/21 03:19:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/06/21 01:18:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Apple Computer
[2013/06/21 01:18:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple Computer
[2013/06/21 01:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/06/21 01:18:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013/06/21 01:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/06/21 01:17:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/06/21 01:17:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/06/21 01:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/06/21 01:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/06/21 01:16:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple
[2013/06/21 01:16:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/06/21 01:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/06/21 01:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/06/21 01:15:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/06/21 01:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/06/21 01:15:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/06/21 01:05:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\vlc
[2013/06/21 00:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/06/21 00:21:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/06/21 00:20:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PremierOpinion
[2013/06/21 00:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/06/21 00:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/06/21 00:18:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SearchProtect
[2013/06/21 00:18:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/06/21 00:18:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Conduit
[2013/06/21 00:18:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\CRE
[2013/06/21 00:17:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\SwvUpdater
[2013/06/21 00:11:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe Systems
[2013/06/21 00:11:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2013/06/21 00:09:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2013/06/21 00:09:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2013/06/20 23:18:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/06/20 23:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/06/20 22:58:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Skype
[2013/06/20 22:58:33 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/06/20 22:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/06/20 22:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/06/20 22:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/06/20 20:45:21 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Youcam
[2013/06/20 20:45:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\CyberLink
[2013/06/20 20:09:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Avg2013
[2013/06/20 20:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2013/06/20 19:59:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2013/06/20 19:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2013/06/20 19:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013/06/20 19:57:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2013/06/17 23:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/06/17 23:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/06/17 23:25:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Google
[2013/06/17 23:23:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apps
[2013/06/17 23:23:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Deployment
[2013/06/09 10:14:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Nero
[2013/06/05 11:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/06/05 11:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/06/05 11:18:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/06/05 11:06:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/06/04 18:19:21 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Microsoft Office
[2013/06/04 18:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/06/04 18:14:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/06/04 18:14:28 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/06/04 18:11:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/06/04 18:10:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013/06/04 18:10:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Microsoft Help
[2013/06/04 18:09:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/06/04 18:09:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/06/04 18:09:17 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/06/04 17:36:34 | 000,000,000 | ---D | C] -- C:\MSOffice 2010
[2013/06/04 17:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Burning Tools
[2013/06/04 17:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2013/06/04 17:21:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2013/06/04 17:21:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2013/06/04 17:15:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LG Power Tools
[2013/06/04 17:15:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/06/04 17:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2013/06/04 17:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013/06/04 17:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013/06/04 16:21:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TuneUp Software
[2013/06/04 16:15:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/06/04 16:15:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\MFAData
[2013/06/04 16:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/06/04 16:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/06/04 16:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/06/04 16:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/06/04 15:59:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Adobe
[2013/06/04 14:31:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/06/04 14:30:28 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/06/04 14:22:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Adobe
[2013/06/04 14:13:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/06/04 14:13:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/06/04 13:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/06/04 13:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013/06/04 12:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
[2013/06/04 12:02:59 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/06/04 12:02:14 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/06/04 11:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\AuthenTec
[2013/06/04 11:18:46 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/06/04 11:18:46 | 000,000,000 | R--D | C] -- C:\Users\User\Searches
[2013/06/04 11:18:46 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/06/04 11:18:46 | 000,000,000 | -H-D | C] -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/06/04 11:18:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Identities
[2013/06/04 11:18:23 | 000,000,000 | R--D | C] -- C:\Users\User\Contacts
[2013/06/04 11:18:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\VirtualStore
[2013/06/04 11:17:58 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Local\Temporary Internet Files
[2013/06/04 11:17:58 | 000,000,000 | -HSD | C] -- C:\Users\User\Templates
[2013/06/04 11:17:58 | 000,000,000 | -HSD | C] -- C:\Users\User\Start Menu
[2013/06/04 11:17:58 | 000,000,000 | -HSD | C] -- C:\Users\User\SendTo
[2013/06/04 11:17:58 | 000,000,000 | -HSD | C] -- C:\Users\User\Recent
[2013/06/04 11:17:58 | 000,000,000 | -HSD | C] -- C:\Users\User\PrintHood
[2013/06/04 11:17:58 | 000,000,000 | -HSD | C] -- C:\Users\User\NetHood
[2013/06/04 11:17:58 | 000,000,000 | -HSD | C] -- C:\Users\User\Documents\My Videos
[2013/06/04 11:17:58 | 000,000,000 | -HSD | C] -- C:\Users\User\Documents\My Pictures
[2013/06/04 11:17:58 | 000,000,000 | -HSD | C] -- C:\Users\User\Documents\My Music
[2013/06/04 11:17:58 | 000,000,000 | -HSD | C] -- C:\Users\User\My Documents
[2013/06/04 11:17:58 | 000,000,000 | -HSD | C] -- C:\Users\User\Local Settings
[2013/06/04 11:17:58 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Local\History
[2013/06/04 11:17:58 | 000,000,000 | -HSD | C] -- C:\Users\User\Cookies
[2013/06/04 11:17:58 | 000,000,000 | -HSD | C] -- C:\Users\User\Application Data
[2013/06/04 11:17:58 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Local\Application Data
[2013/06/04 11:17:57 | 000,000,000 | --SD | C] -- C:\Users\User\AppData\Roaming\Microsoft
[2013/06/04 11:17:57 | 000,000,000 | R--D | C] -- C:\Users\User\Videos
[2013/06/04 11:17:57 | 000,000,000 | R--D | C] -- C:\Users\User\Saved Games
[2013/06/04 11:17:57 | 000,000,000 | R--D | C] -- C:\Users\User\Pictures
[2013/06/04 11:17:57 | 000,000,000 | R--D | C] -- C:\Users\User\Music
[2013/06/04 11:17:57 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/06/04 11:17:57 | 000,000,000 | R--D | C] -- C:\Users\User\Links
[2013/06/04 11:17:57 | 000,000,000 | R--D | C] -- C:\Users\User\Favorites
[2013/06/04 11:17:57 | 000,000,000 | R--D | C] -- C:\Users\User\Downloads
[2013/06/04 11:17:57 | 000,000,000 | R--D | C] -- C:\Users\User\Documents
[2013/06/04 11:17:57 | 000,000,000 | R--D | C] -- C:\Users\User\Desktop
[2013/06/04 11:17:57 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/06/04 11:17:57 | 000,000,000 | -H-D | C] -- C:\Users\User\AppData
[2013/06/04 11:17:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Temp
[2013/06/04 11:17:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Microsoft
[2013/06/04 11:17:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Media Center Programs
[2013/06/04 11:17:48 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/06/04 11:08:49 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/06/04 11:06:25 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\SysNative\
[2013/06/23 17:59:44 | 000,021,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/23 17:59:44 | 000,021,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/23 17:58:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/23 17:52:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/06/23 17:52:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/23 17:51:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/23 17:50:42 | 1609,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/23 17:30:36 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/06/23 17:30:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/23 02:27:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job
[2013/06/23 01:27:05 | 000,012,682 | ---- | M] () -- C:\FixitRegBackup.reg
[2013/06/23 00:09:07 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/06/22 23:57:04 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/06/22 23:30:22 | 000,000,404 | ---- | M] () -- C:\Users\User\Documents\backup RUN.reg
[2013/06/22 23:21:52 | 000,001,466 | ---- | M] () -- C:\Users\User\Documents\backup Uninstal MSC.reg
[2013/06/22 22:57:23 | 220,714,182 | ---- | M] () -- C:\Users\User\Documents\backup whole.reg
[2013/06/22 22:00:25 | 000,000,009 | ---- | M] () -- C:\END
[2013/06/22 20:36:06 | 000,782,250 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/22 20:36:06 | 000,662,536 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/22 20:36:06 | 000,122,372 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/22 20:04:28 | 000,774,496 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/22 19:37:43 | 000,000,095 | ---- | M] () -- C:\Users\Public\Documents\AcPro7_1_0.sta
[2013/06/22 19:32:40 | 000,002,453 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2013/06/21 21:36:26 | 001,045,072 | ---- | M] (BitTorrent Inc.) -- C:\Users\User\Desktop\utorrent.exe
[2013/06/21 20:04:21 | 000,418,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/06/21 03:19:23 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/06/21 01:08:32 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/06/21 01:08:11 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/06/21 00:09:59 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk
[2013/06/20 22:58:33 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/06/18 14:33:39 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/04 17:34:17 | 000,001,176 | ---- | M] () -- C:\Users\User\Desktop\LG Power Tools.lnk
[2013/06/04 17:24:11 | 000,002,291 | ---- | M] () -- C:\Users\Public\Desktop\LG Burning Tools.lnk
[2013/06/04 15:52:42 | 000,001,411 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/06/04 12:40:01 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/06/04 12:40:00 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/06/04 11:56:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_tcwbf_01_09_00.Wdf
[2013/06/04 11:56:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2013/06/04 11:09:32 | 000,041,450 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/06/04 11:09:32 | 000,041,450 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/06/04 11:08:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

========== Files Created - No Company Name ==========

File not found -- C:\Windows\SysNative\
[2013/06/23 01:27:06 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job
[2013/06/23 01:27:05 | 000,012,682 | ---- | C] () -- C:\FixitRegBackup.reg
[2013/06/22 23:57:04 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/06/22 23:30:22 | 000,000,404 | ---- | C] () -- C:\Users\User\Documents\backup RUN.reg
[2013/06/22 23:21:52 | 000,001,466 | ---- | C] () -- C:\Users\User\Documents\backup Uninstal MSC.reg
[2013/06/22 22:57:08 | 220,714,182 | ---- | C] () -- C:\Users\User\Documents\backup whole.reg
[2013/06/22 19:34:15 | 000,000,095 | ---- | C] () -- C:\Users\Public\Documents\AcPro7_1_0.sta
[2013/06/22 03:46:37 | 000,774,496 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/21 03:35:57 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/21 03:19:23 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/06/21 01:16:49 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/06/21 01:05:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2013/06/21 00:21:59 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/06/21 00:19:13 | 000,000,009 | ---- | C] () -- C:\END
[2013/06/21 00:17:37 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/06/21 00:09:59 | 000,002,459 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 7.0.lnk
[2013/06/21 00:09:59 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Designer 7.0.lnk
[2013/06/21 00:09:59 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2013/06/21 00:09:59 | 000,002,447 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk
[2013/06/21 00:09:59 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk
[2013/06/20 23:18:28 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/06/20 23:18:21 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/06/20 22:58:33 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/06/17 23:28:22 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/17 23:25:37 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/17 23:25:32 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/04 17:29:38 | 000,001,176 | ---- | C] () -- C:\Users\User\Desktop\LG Power Tools.lnk
[2013/06/04 17:24:11 | 000,002,291 | ---- | C] () -- C:\Users\Public\Desktop\LG Burning Tools.lnk
[2013/06/04 16:07:56 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/06/04 15:52:42 | 000,001,411 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/06/04 12:52:05 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/06/04 12:40:01 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/06/04 12:40:00 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/06/04 12:03:42 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/06/04 11:56:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_tcwbf_01_09_00.Wdf
[2013/06/04 11:56:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2013/06/04 11:18:48 | 000,001,417 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/06/04 11:17:57 | 000,000,290 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/06/04 11:17:57 | 000,000,272 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/06/04 11:09:24 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/06/04 11:09:23 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/06/04 11:08:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/06/04 11:05:09 | 1609,089,024 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/06/22 04:02:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PCDr
[2013/06/21 21:47:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SearchProtect
[2013/06/04 16:21:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software
[2013/06/22 22:30:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,470 posts
  • MVP
MSE disables Windows Defender during installation so the only way to get Windows Defender to run is to uninstall MSE. See:
http://blogs.msdn.co...essentials.aspx
  • 0

#3
mraskin

mraskin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts
how important is this Windows Defender?
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,470 posts
  • MVP
If you are running MSE then you don't need Windows Defender which is why it gets turned off.
  • 0

#5
mraskin

mraskin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 238 posts
I see, good to know that :thumbsup: .
Thanks allot
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP