# ~*~Mixed Bag of Problems~*~



## TabbyCat725

Hi, everyone! I have had a lot of problems with my computer lately and I'm hoping someone would be able to help me out. The most pressing issue right now is that my e-mail is sending out Spam links when I'm not even on my computer. The first time it happened, I changed my password, but tonight the e-mails were sent out again. 

Secondly, my computer cannot install Windows updates. I had previously posted about this problem and was told to post it here. I did, but no one responded. Since I'm posting about the e-mails, I figured I would post about this, also. 

I also have a problem where my laptop's battery will not charge. I've tried another charger and it worked for a very short while and then stopped. I only began having this problem when I had malware/virus issues earlier. Is there any way to fix this?

When I first ran .DDS, my computer gave me a blue screen. Upon restart, it scanned fine. The results are pasted below. 

The first time I ran GMER, the program froze and shut down. I ran it with minimal check marks as suggested and it ran fine. 

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
Run by Maria Tabitha at 1:04:44 on 2012-06-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1911.970 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [SecureUpgrade] "c:\program files\wave systems corp\SecureUpgrade.exe"
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
Trusted Zone: convergysworkathome.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{07FA0DAF-E116-4E80-9FCA-B238BDB81DF7} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{07FA0DAF-E116-4E80-9FCA-B238BDB81DF7}\34F6D6D616E6465627D27657563747 : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\maria tabitha\appdata\roaming\mozilla\firefox\profiles\tl76ao4b.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2010-11-18 17648]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-1-10 490840]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe [2010-9-25 81920]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-5-15 1803512]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2012-1-11 439632]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-6-3 1664304]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-11-18 43888]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-4-3 29472]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-11-18 146528]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-9-25 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-9-25 232960]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-11 654408]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-11-18 2320920]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 253600]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-11-18 134144]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-10 22344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-9-25 171520]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-31 1343400]
.
=============== Created Last 30 ================
.
2012-06-19 07:04:29 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-06-19 07:04:29 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-06-19 07:04:29 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2012-06-19 07:04:29 117728 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2012-06-19 07:04:28 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-06-19 07:04:25 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-19 07:04:25 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-16 20:08:54 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dfe4ddc4-fe86-4ec7-912a-a5c4a84a24ff}\mpengine.dll
2012-06-11 02:04:03 -------- d-----w- c:\programdata\PC Optimizer Pro
2012-06-11 01:58:29 -------- d-----w- c:\users\maria tabitha\appdata\local\Ilivid Player
2012-06-11 01:56:45 -------- d-----w- c:\program files\Searchqu Toolbar
2012-06-11 01:47:20 -------- d-----w- c:\users\maria tabitha\appdata\local\Google
.
==================== Find3M ====================
.
2012-04-04 21:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 23:28:26 52224 ----a-w- c:\windows\system32\wltrynt.dll
2012-04-03 23:28:26 457 ----a-w- c:\windows\system32\vcredist_x86.bat
2012-04-03 23:28:26 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
2012-04-03 23:28:25 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-04-03 23:28:22 7489024 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2012-04-03 23:28:22 58368 ----a-w- c:\windows\system32\bcmwlrmt.dll
2012-04-03 23:28:22 4517888 ----a-w- c:\windows\system32\bcmttls.dll
2012-04-03 23:28:22 18424 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2012-04-03 23:28:22 1032192 ----a-w- c:\windows\system32\BCMLogon.dll
2012-04-03 17:22:29 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-03 17:22:29 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 1:06:26.15 ===============


----------



## TabbyCat725

Bump me up, up, up, please! :butter:


----------



## Ried

Hi TabbyCat,

I do see several problems here and I'm sorry your previous thread had been overlooked.

Please download *Farbar Service Scanner* and run it on the computer with the issue
Make sure the following options are checked:


*Internet Services*
*Windows Firewall*
*System Restore*
*Security Center/Action Center*
*Windows Update*
*Windows Defender*


Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


----------



## TabbyCat725

*Hi, Ried! Thank you so much for responding so quickly! 

I just ran Farbar Service Scanner (it was super fast!!) and here's what it says: *

Farbar Service Scanner Version: 19-06-2012 01
Ran by Maria Tabitha (administrator) on 21-06-2012 at 23:28:34
Running from "C:\Users\Maria Tabitha\Downloads"
Microsoft Windows 7 Home Premium (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-09 05:04] - [2011-09-29 09:43] - 1285488 ____A (Microsoft Corporation) 56C198AC82EFA622DD93E9E43575F79C

C:\Windows\system32\dnsrslvr.dll
[2011-06-13 17:18] - [2011-03-02 23:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\Windows\system32\mpssvc.dll
[2009-07-13 17:53] - [2009-07-13 19:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-13 17:54] - [2009-07-13 19:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-13 17:23] - [2009-07-13 19:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-13 17:24] - [2009-07-13 19:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll
[2011-06-13 17:15] - [2010-12-20 23:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2009-07-13 18:15] - [2009-07-13 19:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

C:\Windows\system32\qmgr.dll
[2009-07-13 17:30] - [2009-07-13 19:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


----------



## Ried

You're welcome. :smile:

I just finished reading through the first thread you had and sorry, I need for you to do one more thing before we proceed. (This won't take very long either)

Download *SystemLook* from one of the links below and save it to your desktop.

*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:



Code:


:filefind
netbt.sys


Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*


----------



## TabbyCat725

I just ran it and here's what it says: 

SystemLook 30.07.11 by jpshortstuff
Log created at 23:44 on 21/06/2012 by Maria Tabitha
Administrator - Elevation successful

========== filefind ==========

Searching for "netbt.sys"
No files found.

-= EOF =-


----------



## Ried

That's what I was afraid of. :sigh:

Do you have the Windows 7 install disc?


----------



## TabbyCat725

Uh oh. This does not look like good news. lol 

Yes, I have the install disc.


----------



## Ried

No need to worry just yet. :smile:

netbt.sys is a critical Windows file and as you can see, it's missing on your machine. The NetBT service needs that driver file in order to function. I'm hoping to find a way to copy the file from your install disc, but I need to test it out myself first. 

It's very late here and I need some sleep. We'll pick up where we left off, tomorrow. 

In the meantime, change your password for your email to stop the spam. Make sure you give it a strong password.

Another thing I'd like for you to do while you're waiting for me, is to run an online scan to search for any remnants that may be lurking. Please go to *here* to run the online scannner from ESET.
 Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to *YES, I accept the Terms of Use.*
Click *Start*
When asked, allow the activex control to install
Click *Start*
Make sure that the option *Remove found threats* is *unticked*


Click on *Advanced Settings* and ensure these options are ticked:
*Scan for potentially unwanted applications*
*Scan for potentially unsafe applications*
*Enable Anti-Stealth Technology*

Click *Scan*
Wait for the scan to finish
If any threats were found, click the *'List of found threats' *, then click* Export to text file...*. 
Save it to your desktop, then please copy and paste that log as a reply to this topic.


----------



## TabbyCat725

_*How would netbt.sys be missing if it's critical? Oooh, unless the virus that I had previously could somehow infect it and remove it, maybe? 

I changed my password again. I tend to keep them very difficult using caps, numbers, and signs, so I'm not sure how I could get hacked. So far it hasn't sent anything out since. I was actually wondering if a System Restore would remove whatever could be on my computer to give it access to hack? 

It's late here, too, so I'll either scan tonight or tomorrow. Thank you so so so much for your help! I appreciate it immensely! Sleep tight!!*_


----------



## TabbyCat725

*While waiting for the scan to finish, I remembered that I'm still having the "Genuine Microsoft" pop up that you probably saw mentioned in my previous thread. Whenever I've attempted to install it, it doesn't work. We can add that to the list of problems. lol *


----------



## TabbyCat725

_*The scan just finished. It says there were no infected files that were found, but some were automatically put into quarantine: *_

C:\Users\Maria Tabitha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\26ac7ea2-41e4d43f

C:\Users\Maria Tabitha\Downloads\asc-setup.exe

C:\Windows\System32\drivers\netbt.sys

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603... _*(I couldn't get it to extend the screen far enough to see the end of that one and there was no way to export these to a text file).*_

_*It says I can delete the quarantined files or restore them, so I'll just leave the window up until you respond. 

Have a great day!!*_


----------



## Ried

*



C:\Windows\System32\drivers\netbt.sys

Click to expand...

*That's the file we need! :grin:

Restore that file.

After you've restored the file, download ComboFix from one of these locations:

*Link 1*
*Link 2*


** IMPORTANT- Save ComboFix.exe to your Desktop*

====================================================


*Disable your AntiVirus and AntiSpyware applications *as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic *How to disable your security applications*


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply for further review.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


----------



## TabbyCat725

I restored the file, but I'm running into a problem with ComboFix. I've had it previously on my computer, but I thought I had deleted it. When I run ComboFix now, it gives me a log from when I used it before. Do I need to completely remove it and try again? If so, how do I uninstall it?


----------



## Ried

Everytime you run ComboFix, the current run will be located at C:\ComboFix.txt. Previous runs get renamed and moved elsewhere. :smile:

If you ran ComboFix just now, still go ahead and post the C:\ComboFix.txt for me.


----------



## TabbyCat725

_*I ran it and I'll post the log below. I don't think it's running properly. When I used it previously, it would scan on a blue screen, but when I double click it, it just acts like it's downloading something. A screen pops up and says it's backing up the registry. There's never an actual scan. *_

ComboFix 12-02-11.03 - Maria Tabitha 02/11/2012 17:18:13.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1911.1177 [GMT -7:00]
Running from: c:\users\Maria Tabitha\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB51465$
c:\windows\$NtUninstallKB51465$\1039332603\@
c:\windows\$NtUninstallKB51465$\1039332603\bckfg.tmp
c:\windows\$NtUninstallKB51465$\1039332603\cfg.ini
c:\windows\$NtUninstallKB51465$\1039332603\Desktop.ini
c:\windows\$NtUninstallKB51465$\1039332603\keywords
c:\windows\$NtUninstallKB51465$\1039332603\kwrd.dll
c:\windows\$NtUninstallKB51465$\1039332603\L\xadqgnnk
c:\windows\$NtUninstallKB51465$\1039332603\lsflt7.ver
c:\windows\$NtUninstallKB51465$\1039332603\U\[email protected]
c:\windows\$NtUninstallKB51465$\1039332603\U\[email protected]
c:\windows\$NtUninstallKB51465$\1039332603\U\[email protected]
c:\windows\$NtUninstallKB51465$\1039332603\U\[email protected]
c:\windows\$NtUninstallKB51465$\1039332603\U\[email protected]
c:\windows\$NtUninstallKB51465$\1039332603\U\[email protected]
c:\windows\$NtUninstallKB51465$\3632772180
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected 
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe 
.
c:\windows\system32\drivers\netbt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-12 00:36 . 2012-02-12 00:39 -------- d-----w- c:\users\Maria Tabitha\AppData\Local\temp
2012-02-12 00:36 . 2012-02-12 00:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-11 20:43 . 2012-02-09 20:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16F0C64F-97B8-4922-9C93-92953242D415}\gapaengine.dll
2012-02-11 20:42 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{25D8472A-F7AA-45BA-B1CD-BB3CF84D4E02}\mpengine.dll
2012-02-09 00:24 . 2012-02-09 01:34 -------- d-----w- C:\FRST
2012-02-03 05:47 . 2012-02-03 05:47 -------- d-----w- C:\_OTL
2012-02-02 07:25 . 2012-02-02 07:25 -------- d-----w- c:\users\Maria Tabitha\AppData\Roaming\Apple Computer
2012-01-26 10:37 . 2012-01-26 10:37 -------- d-----w- c:\programdata\Apple Computer
2012-01-26 10:33 . 2012-01-26 10:33 -------- d-----w- c:\program files\Common Files\Apple
2012-01-26 10:31 . 2012-01-26 10:31 -------- d-----w- c:\users\Maria Tabitha\AppData\Local\Apple
2012-01-26 10:31 . 2012-01-26 10:31 -------- d-----w- c:\program files\Apple Software Update
2012-01-26 10:31 . 2012-01-26 10:31 -------- d-----w- c:\programdata\Apple
2012-01-24 18:06 . 2011-10-05 00:22 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-11 23:05 . 2012-01-11 23:05 388096 ----a-r- c:\users\Maria Tabitha\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-11 03:12 . 2012-01-11 03:12 99840 ----a-w- c:\windows\system32\sspicli.dll
2012-01-11 03:12 . 2012-01-11 03:12 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-11 03:12 . 2012-01-11 03:12 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-11 03:12 . 2012-01-11 03:12 314368 ----a-w- c:\windows\system32\webio.dll
2012-01-11 03:12 . 2012-01-11 03:12 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-11 03:12 . 2012-01-11 03:12 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-11 03:12 . 2012-01-11 03:12 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-11 03:12 . 2012-01-11 03:12 15360 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-11 03:12 . 2012-01-11 03:12 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-11 03:12 . 2012-01-11 03:12 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-06 04:19 . 2012-01-12 02:37 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-13 22:56 . 2011-12-13 22:56 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-13 22:56 . 2011-12-13 22:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-13 12:07 . 2011-07-30 06:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 22:24 . 2012-01-11 02:16 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 04:23 . 2011-12-14 19:45 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 02:43 . 2012-01-11 23:30 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-11-23 02:42 . 2012-01-11 23:20 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-11-23 02:41 . 2012-01-11 23:31 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2011-11-23 02:38 . 2012-01-11 23:32 105792 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-11-23 02:38 . 2012-01-11 23:32 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-11-23 01:20 . 2012-01-12 02:01 574424 --s-a-w- c:\windows\system32\drivers\TfSysMon.sys
2011-11-23 01:20 . 2012-01-12 02:01 35264 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-11-23 01:20 . 2012-01-12 02:01 54328 --s-a-w- c:\windows\system32\drivers\TfFsMon.sys
2011-11-21 10:47 . 2012-01-06 23:40 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C9A16CB8-D5B2-4913-AB87-806BD030B15A}\mpengine.dll
2011-11-19 14:06 . 2012-01-10 23:45 67072 ----a-w- c:\windows\system32\packager.dll
2011-11-17 05:41 . 2012-01-10 23:45 1288984 ----a-w- c:\windows\system32\ntdll.dll
2011-11-14 23:07 . 2012-01-11 23:37 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-11-14 23:07 . 2012-01-11 23:36 2246608 ----a-w- c:\windows\PCTBDCore.dll
2011-11-14 23:07 . 2012-01-11 23:36 1681360 ----a-w- c:\windows\PCTBDRes.dll
2011-11-14 23:06 . 2012-01-11 23:37 767952 ----a-w- c:\windows\BDTSupport.dll
2011-11-14 22:12 . 2012-01-11 23:21 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-11-14 22:12 . 2012-01-11 23:21 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-02-02 09:08 . 2012-01-07 01:36 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-16 6276408]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-08 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-08 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-08 170008]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-08-02 726640]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-11-18 5249024]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-12-13 296056]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
"ISTray"="c:\program files\PC Tools\PC Tools Security\pctsGui.exe" [2011-11-23 2659256]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl6de5363f;MpKsl6de5363f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FD2E748-5113-4B27-922A-AFF331F0F9AE}\MpKsl6de5363f.sys [x]
R1 MpKsl9346043a;MpKsl9346043a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8CE9F11-07FD-4089-8F53-DF6FFA47CEFC}\MpKsl9346043a.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-11-23 35264]
R3 ThreatFire;ThreatFire;c:\program files\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-31 1343400]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-11-14 331880]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-10-08 341656]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-10-08 660992]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-07-09 17648]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-11-23 54328]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-11-23 574424]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2011-11-23 253096]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [2011-11-23 185560]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-11 490840]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [2009-03-03 81920]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2011-11-14 546768]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [2011-11-23 402336]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-07-09 43888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 146528]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [2011-09-28 56840]
S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2011-11-23 70536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver32
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: convergysworkathome.com\www
TCP: DhcpNameServer = 192.168.1.1 69.145.232.4 69.144.49.30
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - c:\users\Maria Tabitha\AppData\Roaming\Mozilla\Firefox\Profiles\tl76ao4b.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
SafeBoot-28303808.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1749685330-1117841376-509585274-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1749685330-1117841376-509585274-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4224)
c:\program files\PC Tools\PC Tools Security\pctgmhk.dll
c:\windows\System32\gameux.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE
c:\program files\Dell\DW WLAN Card\bcmwltry.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\PC Tools\PC Tools Security\pctsSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-02-11 17:42:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-12 00:42
.
Pre-Run: 197,570,871,296 bytes free
Post-Run: 197,208,596,480 bytes free
.
- - End Of File - - FEF02E6FAB3F376D8DCFD87697090AEE


----------



## Ried

You're right - this is the old log



> ComboFix 12-02-11.03 - Maria Tabitha *02/11/2012 *


I understand you had problems back in February, but I do need for you to download a fresh copy and properly disable the AV. Click the 'How to disable your Security Applications' link I've given you below, to find out how to disable AVG.

Download ComboFix from one of these locations:

*Link 1*
*Link 2*


** IMPORTANT- Save ComboFix.exe to your Desktop*

====================================================


*Disable your AntiVirus and AntiSpyware applications *as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic *How to disable your security applications*


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply for further review.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


----------



## TabbyCat725

_*I'm sorry my reply took so long! For some reason, I wasn't notified you had responded like I normally am. 

How do I delete ComboFix? When I was first trying this when you suggested it, I put it in the recycle bin and downloaded it again, but still ended up with an old log. *_


----------



## Ried

If it's deleted, then that's all that needs to be done with it.

As long as ComboFix completes its run, a new log will be created at C:\Combofix.txt

Try again to run it. If you run into any problems, let me know. If not, post the contents of the log it produces.


----------



## TabbyCat725

_*I think I have found the problem, but I don't know how to solve it. I realized I was just deleting the desktop shortcut. ComboFix downloaded originally in the OS (C drive folder area. I found it there after deleting the file that was on my desktop, but when I attempt to delete it, I receive a pop up that says, "The action can't be completed because the folder or a file in it is open in another program. Close the folder or file and try again." 

I don't see it open anywhere so I'm not sure how to close it out so I can delete it. *_


----------



## Ried

Look again on the C:\ drive for a ComboFix folder, or a numeric folder beginning with the number 3. Do you see either of those? If you're not sure, can you take a screen shot of what shows up on the C:\ drive?

In Windows a screenshot of the entire monitor, complete with taskbar, can be copied to the system clipboard by pressing the Print screen key (normally located in the top row on the right-hand side of the keyboard).. 

You can then paste the clipboard into a program like MS Paint to save it as an image file or paste it directly into a document. 

Press the Print screen key 
Click the "Start" button (normally located in the bottom left of your screen). 
Click "Run" & type "mspaint" (without quotes) & click the "OK" button. 
Wait while the application "Paint" opens. Once it is open, proceed to the next step. 
Click the "Edit" menu and select "Paste". 
Click the "File" menu and select "Save As...". A dialog box will appear. 
In the "File name" field, enter a name of your choice. 
Click the "Save as type" drop-down and select "JPEG (*.JPG;*.JPEG;*.JPE*;.JFIF)". 
Click the "Save" button.
To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, browse to where you saved the file, and Click Upload.


----------



## TabbyCat725

*I attached a screen shot of what's in the C: drive. *


:butter:


----------



## Ried

Nice job. :grin:

Delete the C:\ComboFix folder and the numered entry that has an icon that looks like a computer. (The one that's 2 folders above the ComboFix folder)

After deleting those, disable your AV and try again to run ComboFix.exe


----------



## TabbyCat725

_*Thank you.  

I just deleted the numbered entry, but when I tried to delete the ComboFix folder, it gave me the same message that it's open in another program. *_


----------



## Ried

Reboot the machine and try again to delete that folder.


----------



## TabbyCat725

_*I just restarted, but it's giving me the same message. *_


----------



## TabbyCat725

_*Things just don't want to delete out of that folder! I noticed some old TDSSKiller logs were in there and tried to delete them. They appeared to be gone, but upon reboot, they're back. *_


----------



## Ried

Let's try it this way - download the attached fix.zip and save it to your desktop.

Extract all files, then *right click *the *fix.bat *and run as administrator. It will be very quick.

Is the C:\Combofix folder gone now?


----------



## TabbyCat725

_*Wow, that was fast! Buuut the folder is still there. *_


----------



## Ried

You have a new ComboFix.exe saved on your desktop, correct? What happens when you double click to run it?


----------



## TabbyCat725

_*It shuts down my browser and then runs as seen in the attached screenshots. *_


----------



## Ried

Ok, let it run. Did you disable your Anti Virus program first? If not, for now don't worry about it, let ComboFix complete a run. It may appear to disappear for a while, but be patient. Give it time.


----------



## TabbyCat725

_*I'm going to go get some lunch and then I have a workout scheduled, but I'll check back with you as soon as I can. 

Have a great afternoon!*_


----------



## TabbyCat725

_*My anti-virus is disabled. I'll let my computer sit here just in case ComboFix is going to do anything more. I'll be back soon! *_


----------



## Ried

Sounds great to me - I need to go out for a while as well. :smile:


----------



## TabbyCat725

_*I left my computer up, but it doesn't look as though ComboFix ran. I checked the ComboFix log and it's still the old one. Even more interesting is, the file that you suggested I delete that has the numbers and the computer logo, is back.*_


----------



## Ried

Boot into Safe Mode with Networking and try running ComboFix from there.

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight *Safe Mode with Networking *and press Enter.
5) Login with your usual account


----------



## TabbyCat725

_*I just tried that, but nothing changed. It ran those two screens like before and then did nothing. *_


----------



## Ried

Try this for me --

For this command to work, ComboFix.exe must be on the desktop.

Press the Windows Logo key and the letter R to bring up the Run command box. Copy/paste the following into the Run box and click OK:

*ComboFix /nombr*

ComboFix should begin to run. Follow all prompts. Post the log when it has completed.


----------



## TabbyCat725

_*I tried that but it ran like it has before and the log is the same. 

I have the ComboFix shortcut on my desktop, but I can't seem to get the original file to save there. Could that be the problem?

When I first download it, I have the option to save it, but when I select "save," there is no option to save it down to my desktop. It automatically goes to my download file. I've tried to drag it over to my desktop or "send" it there, but either way just creates a shortcut. *_


----------



## Ried

> I've tried to drag it over to my desktop or "send" it there, but either way just creates a shortcut.


You would have to right click and select Cut, then go to your desktop and select Paste.  Try doing that, then run it with the command I gave you.




> When I first download it, I have the option to save it, but when I select "save," there is no option to save it down to my desktop. It automatically goes to my download file.


Instead of selecting Save, select Save As and it will then give you a choice of where to download it.


----------



## TabbyCat725

_*lol I should have thought of the cut and paste thing. lol 

Well, it's on the desktop now but when I try the run command, it says it can't find the file. lol


*_


----------



## Ried

Ensure file extensions are viewable. To do that, on your keyboard, press the Windows Logo key and the letter 'E' to open Windows Explorer. Double click on the C:\ drive then look toward the top menu. (if you do not see a menu across the top, press the Alt key)

Click Tools>Folder Options>View Tab

* Under the Hidden files and folders heading:
 Uncheck the box beside *Hide file extensions for known file types*. 
* Click Apply and OK your way out.
 
===================================

Next, click the Start button and do a search for ComboFix.exe and delete all copies found.

Delete the C:\ComboFix folder (if it won't delete, move on to the next step anyway) 

===================================

After you've done that, download it again from *here*. Select Save As and direct it to the Desktop.

Disable your Anti Virus program. Open the Run box command as I showed you earlier, and copy/paste the following command:

*combofix /nombr*

Follow all prompts.


----------



## TabbyCat725

_*The "hide file extensions for known file types" box was unchecked.

I deleted the ComboFix.exe and attempted to delete the folder, but it wouldn't delete. 

I re-downloaded it and saved it directly to the desktop. (Going through Firefox, it only gives me the option to save it to my download folder, so I went on Internet Explorer and saved it straight down). 

I used the run command and it still isn't finding the folder. *_


----------



## Ried

Ok, cut and paste ComboFix.exe directly to the C:\ drive. Try again to run it.


----------



## TabbyCat725

_*I moved it to C:, but it's still not finding it. The only way it's working to find the file is if it's in the download folder, but even then it doesn't run the scan correctly. *_


----------



## Ried

Double click to run it. How long are you waiting? 

Also, when it seems to stall, bring up Task Manager (press Ctrl Alt Del keys in succession). Click the Processes tab, and at the bottom, click 'Show processes from all Users'.

Click the square in the upper right hand corner to enlarge Task Manager Window, then please take a screenshot and upload it for me so I can see what's happening.


----------



## TabbyCat725

_*I've been waiting at least a couple minutes. 

The list was too long to show in one screen shot, so I took three and laid them side by side for you in one file. *_


----------



## Ried

Nice job, thank you! ray:

I'm not sure this will make any difference and I should have noticed this earlier, but I see Adanced System Care, AVG and Microsoft Security Essentials installed. It's never a good idea to have more than 1 AV installed at a given time. 

Uninstall the following via Start>Control Panel>Programs 

*Advanced SystemCare 5
AVG 2012
AVG PC Tuneup
*

Reboot. Now try again to delete the C:\Combofix folder. Let me know if it deleted or not before we continue.


----------



## TabbyCat725

_*Thank you! 

I forgot my brother installed those on here when he was trying to fix my computer. I was able to uninstall Advanced SystemCare 5 and AVG P Tuneup, but AVG 2012 would not let me uninstall. It gives me a pop up that says: Setup error: Updating in progress. Severity: Error Error ode: 0xE0018D0D Error message: Updating in progress. Additional message: Running update must be finished before starting installation. Please wait for end of update and then run installation. Context: Initialization."

My two options are to exit or save the log. *_


----------



## TabbyCat725

_*That should say PC Tuneup. lol My "C" sticks.*_


----------



## TabbyCat725

_*After restarting, the AVG error went away and I was able to uninstall it. Then I restarted again. I just tried to delete the ComboFix folder and it still says it can't be deleted because it's open in another program. *_


----------



## Ried

Boot into Safe Mode and see if you can delete that C:\ComboFix folder


----------



## TabbyCat725

_*I tried to delete in safe mode, but it still wouldn't delete. *_


----------



## Ried

I'm wondering if TrendMicro RuBotted might be interfering - I do see it in your Running Processes.

Uninstall that via Control Panel>Programs and reboot.

Try again to delete the C:\ComboFix folder and if it still won't delete, do you still have FRST.exe on a flash drive? The previous Security Analyst had you download and run that tool.

If not, download it again from *here* and save it to a flash drive.

Plug the flashdrive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click *Repair your computer*

Follow the prompt to enter language, keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight *Command Prompt* and press Enter.

In the command window type in *notepad* and press *Enter*.
The notepad opens. Under File menu select *Open*.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type *e:\frst.exe* and press *Enter*.

*Note:* Replace letter e with the drive letter of your flash drive.


The tool will start to run.
When the tool opens click Yes to disclaimer.
Press *Scan* button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


----------



## TabbyCat725

_*I deleted TrendMicro, but the file still won't delete. 

I won't have access to a flashdrive or a clean laptop until tomorrow afternoon, so unless you have another idea, we may have to hold off until then. *_


----------



## Ried

We'll wait until then. :smile:


----------



## TabbyCat725

_*Sounds good! Thank you so, so, so, so, so much for all your help! I'll talk to you tomorrow. *_


----------



## Ried

You're welcome, get some well deserved rest. :smile:


----------



## TabbyCat725

_*I'll do my best! You, too!  *_


----------



## TabbyCat725

Good evening! I hope you're having a wonderful day!!

I just clicked on the link for FRST.exe and it's saying that page doesn't exist anymore.


----------



## Ried

My apologies, the download link has changed. Download it from here please.


----------



## TabbyCat725

_*I have some reading material for you. Here is the log from the FRST scan: *_

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-06-2012 01
Ran by SYSTEM at 26-06-2012 22:02:58
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US) 
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1602856 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [495708 2010-04-07] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [136216 2010-07-08] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [171032 2010-07-08] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [170008 2010-07-08] (Intel Corporation)
HKLM\...\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [726640 2010-08-02] ()
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5249024 2012-04-03] (Dell Inc.)
HKLM\...\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd)
HKLM\...\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [206336 2010-05-20] (Microsoft)
HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [296056 2011-12-13] (RealNetworks, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [997920 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12 [184320 2009-06-03] (Wave Systems Corp.)
HKLM\...\Run: [SecureUpgrade] "C:\Program Files\Wave Systems Corp\SecureUpgrade.exe" [656696 2009-08-24] (Wave Systems Corp.)
HKLM\...\Run: [EmbassySecurityCheck] "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [95544 2009-08-24] (Wave Systems Corp.)
HKU\Maria Tabitha\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet [6276408 2011-06-16] (Yahoo! Inc.)
HKU\Maria Tabitha\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
Lsa: [Authentication Packages] msv1_0
wvauth
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

================================ Services (Whitelisted) ==================

2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1803512 2009-05-15] (AuthenTec, Inc.)
2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [595232 2009-10-20] (Broadcom Corporation.)
3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556032 2010-08-03] (Microsoft Corporation)
3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-13] (Microsoft Corporation)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 SecureStorageService; "C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe" [1019904 2009-06-03] (Wave Systems Corp.)
2 tcsd_win32.exe; "C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1273856 2008-11-12] ()
2 TdmService; "C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe" [1622016 2009-08-21] (Wave Systems Corp.)
2 vcsFPService; C:\Windows\system32\vcsFPService.exe [1664304 2010-06-03] (Validity Sensors, Inc.)
3 wbengine; "C:\Windows\system32\wbengine.exe" [1202688 2009-07-13] (Microsoft Corporation)
2 wltrysvc; "C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE" "C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe" [4539392 2012-04-03] (Dell Inc.)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [43888 2010-07-09] (ST Microelectronics)
3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2012-04-03] (Broadcom Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [171520 2009-08-10] (Realtek Semiconductor Corp.)
0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17648 2010-07-09] (ST Microelectronics)
1 zuvivike; \??\C:\Windows\system32\drivers\zuvivike.sys [43480 2012-06-26] (Microsoft Corporation)
1 MpKsl6de5363f; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0FD2E748-5113-4B27-922A-AFF331F0F9AE}\MpKsl6de5363f.sys [x]
1 MpKsl9346043a; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F8CE9F11-07FD-4089-8F53-DF6FFA47CEFC}\MpKsl9346043a.sys [x]
0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [x]
3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]
0 TFSysMon; C:\Windows\System32\drivers\TfSysMon.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-26 02:54 - 2012-06-26 02:54 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zuvivike.sys
2012-06-25 19:19 - 2012-06-25 19:19 - 00001360 ____A C:\Windows\PFRO.log
2012-06-25 17:21 - 2012-06-25 17:22 - 04568282 ____R (Swearware) C:\ComboFix.exe
2012-06-24 12:22 - 2012-06-24 10:30 - 00000022 ____A C:\Users\Maria Tabitha\Desktop\fix.bat
2012-06-24 10:36 - 2012-06-24 10:36 - 00104193 ____A C:\Users\Maria Tabitha\Desktop\ComboFix screenshot.png
2012-06-24 10:34 - 2012-06-25 18:11 - 00000000 ___SD C:\32788R22FWJFW
2012-06-24 10:29 - 2012-06-24 10:29 - 00000134 ____A C:\Users\Maria Tabitha\Downloads\fix.zip
2012-06-23 17:17 - 2012-06-24 09:55 - 00001753 ____A C:\Users\Maria Tabitha\Desktop\imagejpeg_2.jpg - Shortcut.lnk
2012-06-21 21:44 - 2012-06-21 21:44 - 00139264 ____A C:\Users\Maria Tabitha\Downloads\SystemLook.exe
2012-06-21 21:27 - 2012-06-21 21:27 - 00338199 ____A C:\Users\Maria Tabitha\Downloads\FSS.exe
2012-06-18 23:53 - 2012-06-18 23:53 - 00004474 ____A C:\Users\Maria Tabitha\Desktop\Attach.zip
2012-06-18 23:09 - 2012-06-18 23:09 - 00294216 ____A C:\Users\Maria Tabitha\Downloads\gmer.zip
2012-06-18 23:09 - 2012-06-18 23:09 - 00000000 ____D C:\Users\Maria Tabitha\Downloads\gmer
2012-06-18 23:02 - 2012-06-26 19:56 - 00001242 ____A C:\Windows\setupact.log
2012-06-18 23:02 - 2012-06-18 23:02 - 244769066 ____A C:\Windows\MEMORY.DMP
2012-06-18 23:02 - 2012-06-18 23:02 - 00148000 ____A C:\Windows\Minidump\061912-30591-01.dmp
2012-06-18 23:02 - 2012-06-18 23:02 - 00000000 ____A C:\Windows\setuperr.log
2012-06-18 22:58 - 2012-06-18 22:58 - 00607260 ____R (Swearware) C:\Users\Maria Tabitha\Downloads\dds.scr
2012-06-15 09:40 - 2012-06-15 09:40 - 00000020 ___SH C:\Users\Maria Tabitha\ntuser.ini
2012-06-13 21:44 - 2012-06-13 21:44 - 00673280 ____A C:\Users\Maria Tabitha\Downloads\MicrosoftFixit50528.msi
2012-06-13 21:38 - 2012-06-13 21:38 - 00985600 ____A C:\Users\Maria Tabitha\Downloads\MicrosoftFixit50123.msi
2012-06-13 13:10 - 2012-06-13 13:10 - 00000000 ____D C:\Users\All Users\Application Data\Adobe
2012-06-13 13:10 - 2012-06-13 13:10 - 00000000 ____D C:\Users\All Users\Adobe
2012-06-11 09:18 - 2012-06-11 09:18 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-10 18:04 - 2012-06-10 18:04 - 00000000 ____D C:\Users\All Users\PC Optimizer Pro
2012-06-10 18:04 - 2012-06-10 18:04 - 00000000 ____D C:\Users\All Users\Application Data\PC Optimizer Pro
2012-06-10 17:58 - 2012-06-10 17:58 - 00000000 ____D C:\Users\Maria Tabitha\AppData\Local\Ilivid Player
2012-06-10 17:56 - 2012-06-10 18:03 - 00000000 ____D C:\Program Files\Searchqu Toolbar
2012-06-10 17:47 - 2012-06-10 17:47 - 00000000 ____D C:\Users\Maria Tabitha\AppData\Local\Google

============ 3 Months Modified Files and Folders ===============

2012-06-26 22:03 - 2012-02-08 16:24 - 00000000 ____D C:\FRST
2012-06-26 19:56 - 2012-06-18 23:02 - 00001242 ____A C:\Windows\setupact.log
2012-06-26 19:56 - 2012-01-10 16:54 - 01750297 ____A C:\Windows\WindowsUpdate.log
2012-06-26 19:02 - 2012-04-03 09:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-26 17:00 - 2010-11-18 09:41 - 00729688 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-26 02:54 - 2012-06-26 02:54 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zuvivike.sys
2012-06-25 19:56 - 2009-07-13 20:34 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-25 19:56 - 2009-07-13 20:34 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-25 19:48 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-25 19:47 - 2010-11-18 09:44 - 00000000 ____D C:\Users\All Users\Trend Micro
2012-06-25 19:47 - 2010-11-18 09:44 - 00000000 ____D C:\Users\All Users\Application Data\Trend Micro
2012-06-25 19:19 - 2012-06-25 19:19 - 00001360 ____A C:\Windows\PFRO.log
2012-06-25 19:18 - 2012-03-08 13:26 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-25 19:18 - 2012-03-08 13:26 - 00000000 ____D C:\Users\All Users\Application Data\MFAData
2012-06-25 19:17 - 2012-03-08 13:31 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-06-25 19:10 - 2011-09-05 19:39 - 00000000 ____D C:\Users\Maria Tabitha\AppData\Roaming\Skype
2012-06-25 18:46 - 2012-01-06 17:32 - 00000000 ____D C:\Program Files\AVG
2012-06-25 18:11 - 2012-06-24 10:34 - 00000000 ___SD C:\32788R22FWJFW
2012-06-25 17:22 - 2012-06-25 17:21 - 04568282 ____R (Swearware) C:\ComboFix.exe
2012-06-24 10:36 - 2012-06-24 10:36 - 00104193 ____A C:\Users\Maria Tabitha\Desktop\ComboFix screenshot.png
2012-06-24 10:30 - 2012-06-24 12:22 - 00000022 ____A C:\Users\Maria Tabitha\Desktop\fix.bat
2012-06-24 10:29 - 2012-06-24 10:29 - 00000134 ____A C:\Users\Maria Tabitha\Downloads\fix.zip
2012-06-24 10:12 - 2012-04-25 18:11 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-06-24 09:55 - 2012-06-23 17:17 - 00001753 ____A C:\Users\Maria Tabitha\Desktop\imagejpeg_2.jpg - Shortcut.lnk
2012-06-21 21:44 - 2012-06-21 21:44 - 00139264 ____A C:\Users\Maria Tabitha\Downloads\SystemLook.exe
2012-06-21 21:28 - 2010-12-30 17:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-06-21 21:27 - 2012-06-21 21:27 - 00338199 ____A C:\Users\Maria Tabitha\Downloads\FSS.exe
2012-06-18 23:53 - 2012-06-18 23:53 - 00004474 ____A C:\Users\Maria Tabitha\Desktop\Attach.zip
2012-06-18 23:09 - 2012-06-18 23:09 - 00294216 ____A C:\Users\Maria Tabitha\Downloads\gmer.zip
2012-06-18 23:09 - 2012-06-18 23:09 - 00000000 ____D C:\Users\Maria Tabitha\Downloads\gmer
2012-06-18 23:02 - 2012-06-18 23:02 - 244769066 ____A C:\Windows\MEMORY.DMP
2012-06-18 23:02 - 2012-06-18 23:02 - 00148000 ____A C:\Windows\Minidump\061912-30591-01.dmp
2012-06-18 23:02 - 2012-06-18 23:02 - 00000000 ____A C:\Windows\setuperr.log
2012-06-18 23:02 - 2012-01-17 00:32 - 00000000 ____D C:\Windows\Minidump
2012-06-18 22:58 - 2012-06-18 22:58 - 00607260 ____R (Swearware) C:\Users\Maria Tabitha\Downloads\dds.scr
2012-06-18 10:51 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2012-06-15 09:40 - 2012-06-15 09:40 - 00000020 ___SH C:\Users\Maria Tabitha\ntuser.ini
2012-06-15 09:40 - 2010-12-30 17:47 - 00000000 ____D C:\users\Maria Tabitha
2012-06-13 21:44 - 2012-06-13 21:44 - 00673280 ____A C:\Users\Maria Tabitha\Downloads\MicrosoftFixit50528.msi
2012-06-13 21:38 - 2012-06-13 21:38 - 00985600 ____A C:\Users\Maria Tabitha\Downloads\MicrosoftFixit50123.msi
2012-06-13 13:10 - 2012-06-13 13:10 - 00000000 ____D C:\Users\All Users\Application Data\Adobe
2012-06-13 13:10 - 2012-06-13 13:10 - 00000000 ____D C:\Users\All Users\Adobe
2012-06-11 15:53 - 2010-12-30 19:41 - 00000967 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-06-11 15:53 - 2010-12-30 19:41 - 00000000 ____D C:\Program Files\CCleaner
2012-06-11 09:19 - 2012-01-10 18:16 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-06-11 09:18 - 2012-06-11 09:18 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-10 18:12 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2012-06-10 18:11 - 2010-12-30 17:57 - 00000000 ____D C:\Users\All Users\Real
2012-06-10 18:11 - 2010-12-30 17:57 - 00000000 ____D C:\Users\All Users\Application Data\Real
2012-06-10 18:11 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2012-06-10 18:11 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2012-06-10 18:11 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\AppCompat
2012-06-10 18:04 - 2012-06-10 18:04 - 00000000 ____D C:\Users\All Users\PC Optimizer Pro
2012-06-10 18:04 - 2012-06-10 18:04 - 00000000 ____D C:\Users\All Users\Application Data\PC Optimizer Pro
2012-06-10 18:03 - 2012-06-10 17:56 - 00000000 ____D C:\Program Files\Searchqu Toolbar
2012-06-10 17:58 - 2012-06-10 17:58 - 00000000 ____D C:\Users\Maria Tabitha\AppData\Local\Ilivid Player
2012-06-10 17:47 - 2012-06-10 17:47 - 00000000 ____D C:\Users\Maria Tabitha\AppData\Local\Google
2012-05-24 12:12 - 2012-05-24 12:12 - 00565235 ____A C:\Users\Maria Tabitha\Desktop\CHOMP.png
2012-05-24 11:53 - 2012-05-24 11:53 - 00659356 ____A C:\Users\Maria Tabitha\Desktop\Jo Jo.png
2012-05-20 19:57 - 2012-04-14 19:48 - 00000000 ____D C:\Users\Maria Tabitha\Desktop\Files
2012-05-16 18:04 - 2012-05-16 18:04 - 42467328 ____A C:\Windows\System32\config\software.iobit
2012-05-16 18:04 - 2012-05-16 18:04 - 14868480 ____A C:\Windows\System32\config\system.iobit
2012-05-16 18:04 - 2012-05-16 18:04 - 00262144 ____A C:\Windows\System32\config\default.iobit
2012-05-16 18:04 - 2012-05-16 18:04 - 00061440 ____A C:\Windows\System32\config\sam.iobit
2012-05-16 18:04 - 2012-05-16 18:04 - 00028672 ____A C:\Windows\System32\config\security.iobit
2012-04-25 18:11 - 2012-04-25 18:11 - 00000000 ____D C:\Users\All Users\Mozilla
2012-04-25 18:11 - 2012-04-25 18:11 - 00000000 ____D C:\Users\All Users\Application Data\Mozilla
2012-04-05 12:51 - 2012-04-03 14:36 - 00000000 ____D C:\Users\Maria Tabitha\AppData\Roaming\Wave Systems Corp
2012-04-05 12:50 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\system
2012-04-05 12:49 - 2012-04-03 14:34 - 00000000 ____D C:\Users\All Users\Wave Systems Corp
2012-04-05 12:49 - 2012-04-03 14:34 - 00000000 ____D C:\Users\All Users\Application Data\Wave Systems Corp
2012-04-04 13:56 - 2012-01-10 18:16 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 15:49 - 2012-04-03 15:44 - 00037721 ____A C:\DEBUG.TXT
2012-04-03 15:40 - 2012-04-03 15:40 - 00000000 ____D C:\Program Files\Validity Sensors
2012-04-03 15:31 - 2010-11-18 09:43 - 00000000 ____D C:\Windows\System32\vs08
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-TW
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-HK
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\zh-CN
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\tr-TR
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\th-TH
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\sv-SE
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\sl-SI
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\sk-SK
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ru-RU
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ro-RO
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pt-PT
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pt-BR
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\pl-PL
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\nl-NL
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\nb-NO
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\lv-LV
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\lt-LT
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ko-KR
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ja-JP
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\it-IT
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\hu-HU
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\hr-HR
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\he-IL
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\fr-FR
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\fi-FI
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\et-EE
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\el-GR
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\de-DE
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\bg-BG
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\ar-SA
2012-04-03 15:31 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Help
2012-04-03 15:28 - 2012-04-03 15:28 - 00000000 ____D C:\Users\Maria Tabitha\AppData\Roaming\InstallShield
2012-04-03 15:28 - 2010-11-18 09:43 - 07489024 ____A (Dell Inc.) C:\Windows\System32\BCMWLCPL.CPL
2012-04-03 15:28 - 2010-11-18 09:43 - 04517888 ____A (Dell Inc.) C:\Windows\System32\bcmttls.dll
2012-04-03 15:28 - 2010-11-18 09:43 - 02682880 ____A (Microsoft Corporation) C:\Windows\System32\vcredist_x86.exe
2012-04-03 15:28 - 2010-11-18 09:43 - 01032192 ____A (Dell Inc.) C:\Windows\System32\BCMLogon.dll
2012-04-03 15:28 - 2010-11-18 09:43 - 00058368 ____A (Broadcom Corporation) C:\Windows\System32\bcmwlrmt.dll
2012-04-03 15:28 - 2010-11-18 09:43 - 00052224 ____A (Broadcom Corporation) C:\Windows\System32\wltrynt.dll
2012-04-03 15:28 - 2010-11-18 09:43 - 00018424 ____A (Broadcom Corporation) C:\Windows\System32\Drivers\bcm42rly.sys
2012-04-03 15:28 - 2010-11-18 09:43 - 00006656 ____A C:\Windows\System32\bcmwlrc.dll
2012-04-03 15:28 - 2010-11-18 09:43 - 00000457 ____A C:\Windows\System32\vcredist_x86.bat
2012-04-03 14:51 - 2010-11-18 09:40 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2012-04-03 14:47 - 2012-04-03 14:47 - 00000736 ____A C:\Windows\System32\InstallUtil.InstallLog
2012-04-03 14:47 - 2012-04-03 14:36 - 00000000 ____D C:\Program Files\Wave Systems Corp
2012-04-03 14:44 - 2012-04-03 14:43 - 00000000 ____D C:\Users\Maria Tabitha\AppData\Local\Wave Systems Corp
2012-04-03 14:39 - 2012-04-03 14:39 - 00000000 ____D C:\Program Files\Fingerprint Sensor
2012-04-03 14:39 - 2012-04-03 14:39 - 00000000 ____D C:\Program Files\DIFX
2012-04-03 14:38 - 2012-04-03 14:38 - 00000000 ____D C:\Windows\System32\BioAPIFFDB
2012-04-03 14:35 - 2012-04-03 14:35 - 00000000 ____D C:\Windows\System32\Test
2012-04-03 14:35 - 2012-04-03 14:35 - 00000000 ____D C:\Users\All Users\NTRU Cryptosystems
2012-04-03 14:35 - 2012-04-03 14:35 - 00000000 ____D C:\Users\All Users\Application Data\NTRU Cryptosystems
2012-04-03 14:35 - 2012-04-03 14:35 - 00000000 ____D C:\Program Files\NTRU Cryptosystems
2012-04-03 14:34 - 2012-04-03 14:34 - 00000000 ____D C:\Windows\Downloaded Installations
2012-04-03 14:19 - 2010-11-18 11:12 - 00000000 ____D C:\dell
2012-04-03 09:22 - 2012-04-03 09:22 - 00418464 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-04-03 09:22 - 2011-07-29 22:04 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ====================== 

Percentage of memory in use: 21%
Total physical RAM: 1910.68 MB
Available physical RAM: 1491.32 MB
Total Pagefile: 1910.68 MB
Available Pagefile: 1487.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.65 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:182.92 GB) NTFS
3 Drive f: (LEXAR) (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.75 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B 
Disk 1 Online 247 MB 0 B 

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 218 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden 

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 14 GB Healthy 

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 218 GB Healthy 

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 247 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 04
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F LEXAR FAT Removable 247 MB Healthy 

======================================================================================================

==========================================================

Last Boot: 2012-06-18 14:36

======================= End Of Log ==========================


----------



## Ried

Thanks. Let's see if this helps...

Open Notepad and copy/paste the content inside the quote box, into Notepad



> 2012-06-25 18:11 - 2012-06-24 10:34 - 00000000 ___SD C:\32788R22FWJFW
> 2012-06-25 17:22 - 2012-06-25 17:21 - 04568282 ____R (Swearware) C:\ComboFix.exe
> 2012-06-25 19:18 - 2012-03-08 13:26 - 00000000 ____D C:\Users\All Users\MFAData
> 2012-06-25 19:18 - 2012-03-08 13:26 - 00000000 ____D C:\Users\All Users\Application Data\MFAData
> 2012-06-25 19:17 - 2012-03-08 13:31 - 00000000 ____D C:\Windows\System32\Drivers\AVG
> 2012-06-25 18:46 - 2012-01-06 17:32 - 00000000 ____D C:\Program Files\AVG
> 2012-06-10 18:04 - 2012-06-10 18:04 - 00000000 ____D C:\Users\All Users\PC Optimizer Pro
> 2012-06-10 18:04 - 2012-06-10 18:04 - 00000000 ____D C:\Users\All Users\Application Data\PC Optimizer Pro
> 2012-06-10 18:03 - 2012-06-10 17:56 - 00000000 ____D C:\Program Files\Searchqu Toolbar
> 2012-05-16 18:04 - 2012-05-16 18:04 - 42467328 ____A C:\Windows\System32\config\software.iobit
> 2012-05-16 18:04 - 2012-05-16 18:04 - 14868480 ____A C:\Windows\System32\config\system.iobit
> 2012-05-16 18:04 - 2012-05-16 18:04 - 00262144 ____A C:\Windows\System32\config\default.iobit
> 2012-05-16 18:04 - 2012-05-16 18:04 - 00061440 ____A C:\Windows\System32\config\sam.iobit
> 2012-05-16 18:04 - 2012-05-16 18:04 - 00028672 ____A C:\Windows\System32\config\security.iobit
> C:\ComboFix


Save this as *fixlist.txt *and it must be saved in the same location as the tool, frst.exe. 

Same as you did earlier to run frst.exe, restart your computer and tap F8 to bring up the Advanced Menu, then click *Repair your computer*

Follow the prompt to enter language, keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight *Command Prompt* and press Enter.

Type in the following to run FRST.exe

*F:\frst.exe*

Click the *Fix *button just once, and wait.

When it has completed, exit the Command prompt and restart the computer. A log will have been created on the flash drive. Please post the contents of the Fixlog.txt


----------



## TabbyCat725

_*I just noticed that the drive changed from f: to e: after I ran FRST.exe. Weird!

Here is the fixlog.txt:*_

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-06-2012 01
Ran by SYSTEM at 2012-06-26 23:14:03 Run:2
Running from F:\

==============================================

C:\32788R22FWJFW moved successfully.
C:\ComboFix.exe moved successfully.
C:\Users\All Users\MFAData moved successfully.
C:\Users\All Users\Application Data\MFAData not found.
C:\Windows\System32\Drivers\AVG moved successfully.
C:\Program Files\AVG moved successfully.
C:\Users\All Users\PC Optimizer Pro moved successfully.
C:\Users\All Users\Application Data\PC Optimizer Pro not found.
C:\Program Files\Searchqu Toolbar moved successfully.
C:\Windows\System32\config\software.iobit moved successfully.
C:\Windows\System32\config\system.iobit moved successfully.
C:\Windows\System32\config\default.iobit moved successfully.
C:\Windows\System32\config\sam.iobit moved successfully.
C:\Windows\System32\config\security.iobit moved successfully.
C:\ComboFix moved successfully.

==== End of Fixlog ====


----------



## Ried

Good, now please download ComboFix from *here* and save it to your desktop. 

Disable your Anti Virus program and run ComboFix.exe. Post the log when it has completed.


----------



## TabbyCat725

_*You are a very smart cookie! ComboFix just ran great! I did notice that my mouse pad isn't working properly now. I had the ability to scroll down by running my finger along the side of my mouse pad, but now it's not working. 

Here's the log: *_
ComboFix 12-06-27.01 - Maria Tabitha 06/27/2012 18:21:31.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1911.1173 [GMT -6:00]
Running from: c:\users\Maria Tabitha\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\test
.
c:\windows\system32\drivers\netbt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
.
.
2012-06-28 00:50 . 2012-06-28 00:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-28 00:50 . 2012-06-28 00:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-27 05:25 . 2012-06-28 00:28 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{88D675A6-AE7C-41BE-A89A-674E627E9522}\offreg.dll
2012-06-27 04:08 . 2012-06-27 04:08 -------- d-----w- c:\program files\Common Files\xing shared
2012-06-27 04:07 . 2012-06-27 04:07 129144 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2012-06-26 10:45 . 2012-06-18 09:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{88D675A6-AE7C-41BE-A89A-674E627E9522}\mpengine.dll
2012-06-23 02:19 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3211EFBD-1896-47B1-94BD-A909097E243E}\mpengine.dll
2012-06-19 07:04 . 2012-06-19 07:04 85472 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-06-19 07:04 . 2012-06-19 07:04 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-06-19 07:04 . 2012-06-19 07:04 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-06-19 07:04 . 2012-06-19 07:04 117728 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-06-19 07:04 . 2012-06-19 07:04 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-06-19 07:04 . 2012-06-19 07:04 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-19 07:04 . 2012-06-19 07:04 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-11 01:58 . 2012-06-11 01:58 -------- d-----w- c:\users\Maria Tabitha\AppData\Local\Ilivid Player
2012-06-11 01:47 . 2012-06-11 01:47 -------- d-----w- c:\users\Maria Tabitha\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-27 04:07 . 2011-12-13 22:56 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-27 04:07 . 2011-12-13 22:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-08 16:40 . 2012-01-12 02:37 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-04 21:56 . 2012-01-11 02:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 23:28 . 2010-11-18 17:43 52224 ----a-w- c:\windows\system32\wltrynt.dll
2012-04-03 23:28 . 2010-11-18 17:43 457 ----a-w- c:\windows\system32\vcredist_x86.bat
2012-04-03 23:28 . 2010-11-18 17:43 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
2012-04-03 23:28 . 2010-11-18 17:43 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-04-03 23:28 . 2010-11-18 17:43 1032192 ----a-w- c:\windows\system32\BCMLogon.dll
2012-04-03 23:28 . 2010-11-18 17:43 7489024 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2012-04-03 23:28 . 2010-11-18 17:43 58368 ----a-w- c:\windows\system32\bcmwlrmt.dll
2012-04-03 23:28 . 2010-11-18 17:43 4517888 ----a-w- c:\windows\system32\bcmttls.dll
2012-04-03 23:28 . 2010-11-18 17:43 18424 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2012-04-03 17:22 . 2012-04-03 17:22  418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-03 17:22 . 2011-07-30 06:04 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-19 07:04 . 2012-06-19 07:04 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-08-21 18:47 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-08-21 18:47 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-16 6276408]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-08 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-08 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-08 170008]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-08-02 726640]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2012-04-03 5249024]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-08-24 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-08-24 95544]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-06-27 296056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R1 MpKsl6de5363f;MpKsl6de5363f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FD2E748-5113-4B27-922A-AFF331F0F9AE}\MpKsl6de5363f.sys [x]
R1 MpKsl9346043a;MpKsl9346043a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8CE9F11-07FD-4089-8F53-DF6FFA47CEFC}\MpKsl9346043a.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 17:22]
.
.
------- Supplementary Scan -------
.
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: convergysworkathome.com\www
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - c:\users\Maria Tabitha\AppData\Roaming\Mozilla\Firefox\Profiles\tl76ao4b.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1749685330-1117841376-509585274-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1749685330-1117841376-509585274-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(560)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(3800)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Dell\DW WLAN Card\bcmwltry.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\windows defender\MpCmdRun.exe
.
**************************************************************************
.
Completion time: 2012-06-27 19:03:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-28 01:03
ComboFix2.txt 2012-02-12 00:42
.
Pre-Run: 196,000,002,048 bytes free
Post-Run: 195,948,670,976 bytes free
.
- - End Of File - - A9D7AFD273BD0CBA13C4912090DD60D9


----------



## Ried

We'll deal with the touchpad scroll later, right now we need to deal with the netbt.sys that ComboFix still says is missing. Way back in Post #12, you said Eset online scanner automatically quarantined c:\windows\system32\drivers\netbt.sys.

Did you ever get around to restoring that file? It would be located in C:\Program Files\Eset\Eset Online Scanner\Quarantine folder.


----------



## TabbyCat725

_*I did click restore. I think it worked because I don't see it in the Quarantine folder. *_


----------



## Ried

Ok, then please physically look for the file. Go to C:\Windows\system32\drivers folder. Do you see netbt.sys in there?


----------



## TabbyCat725

_*I don't see it in there. *_


----------



## Ried

Seems to me the simplest solution is to have you update Windows 7 to Service Pack 1 (your dds.txt shows that is not yet installed)

SP1 does contain a netbt.sys. Go to Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1 | Download Service Pack and download the Stand Alone version for Windows 7. You'll see them referring to x86, x64 and IA64 - yours is x86 :smile:

Be sure to *disable your Anti Virus program before installing *the Service Pack. Let me know how that worked out for you.


----------



## TabbyCat725

_*I clicked on the Stand Alone version and it's given me a list of files to download. Do I need to download them all?*_


----------



## Ried

Sorry, no - download the last one windows6.1-KB976932-X86.exe


----------



## TabbyCat725

Okay, it's downloading. Do I need to restart after installing?


----------



## Ried

Hmm, I don't recall. It would tell you if you need to. :smile:


----------



## TabbyCat725

*I'm back!! Did you miss me?? 

Okay, the service pack is now installed. It did end up restarting my computer. *


----------



## TabbyCat725

_*I just realized that my scroll bar is working again. lol *_


----------



## Ried

Wonderful! :grin:

Are Windows Updates working now as well?


----------



## TabbyCat725

_*No.  I'm still receiving Error Code 80096001.*_


----------



## Ried

Please try Microsoft's FixIt (this is not the same as you tried back in March) How do I reset Windows Update components?

Reboot when done. Any luck?


----------



## TabbyCat725

*I just restarted after trying the FixIt and it still doesn't update. Same error code. *


----------



## Ried

I'd like to see the Windows Update log. Navigate to C:\Windows\WindowsUpdate.log and please attach that to your next reply.


----------



## TabbyCat725

_*It says the file is too large to attach and that it's invalid? Is it okay if I paste it down below?*_


----------



## Ried

It may be too large to paste into reply box. Right click the file and select Send To > Compressed (zipped) file. See if it will attach.


----------



## TabbyCat725

_*Here it is:*_


----------



## Ried

Download the attached query netbt.zip and save it to your desktop. Extract all files, then right click the .bat file within and run as administrator.

A log will pop open for you when it has finished - it should only take a moment. Please post the contents of the log.


----------



## TabbyCat725

_*It is great to be back!! As of last night, my internet wasn't working, but after about half an hour of talking to a technician for our internet company, it's up and running. 

I ran the file, but received a pop up from notepad saying, "The process cannot access the file because it is being used by another process." When I click "ok," it gives me a blank notepad document. *_


----------



## Ried

Move the batch file directly to the C:\ drive and try again. If you still get that message, open SystemLook.


Copy the content of the following codebox into the main textfield:



Code:


:reg
HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\Services\NetBT /s


Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply


----------



## TabbyCat725

_*I moved the file to the C:\ drive but it still wouldn't work. Here's the log from SystemLook: *_

SystemLook 30.07.11 by jpshortstuff
Log created at 00:48 on 01/07/2012 by Maria Tabitha
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\Services\NetBT]
"Type"= 0x0000000001 (1)
"Start"= 0x0000000001 (1)
"ErrorControl"= 0x0000000001 (1)
"ImagePath"="system32\drivers\netbt.sys"
"Group"="PNP_TDI"
"DependOnService"="Tdx tcpip"
"DisplayName"="@%SystemRoot%\system32\drivers\netbt.sys,-2"
"Description"="@%SystemRoot%\system32\drivers\netbt.sys,-1"

[HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\Services\NetBT\Linkage]
"OtherDependencies"="Tcpip"
"Bind"="\Device\Tcpip_{7D00223C-9899-4D54-BBBF-B908793153DD} \Device\Tcpip_{C9B43B9C-321A-48B6-8CCE-0413A001132A} \Device\Tcpip_{A596D949-9ADC-4965-8E12-5C812E4F7F4F} \Device\Tcpip6_{356F794B-ACFE-42D5-965E-48B7FA716A37} \Device\Tcpip6_{DA47ADBE-5FE1-4F4B-B386-C5949804AB23} \Device\Tcpip6_{7D00223C-9899-4D54-BBBF-B908793153DD} \Device\Tcpip6_{EED39EE6-45FB-43BF-8767-74C20831446D} \Device\Tcpip6_{049A37D9-7BB9-4E1C-974C-204EDBD5F08D} \Device\Tcpip6_{83181DCD-8092-49C6-829A-22C5627C360F} \Device\Tcpip6_{C9B43B9C-321A-48B6-8CCE-0413A001132A} \Device\Tcpip6_{7C46F6A3-800D-4FA2-B281-DD2002A6F0A4} \Device\Tcpip6_{A596D949-9ADC-4965-8E12-5C812E4F7F4F}"
"Route"=""Tcpip" "{7D00223C-9899-4D54-BBBF-B908793153DD}" "Tcpip" "{C9B43B9C-321A-48B6-8CCE-0413A001132A}" "Tcpip" "{A596D949-9ADC-4965-8E12-5C812E4F7F4F}" "Tcpip6" "{356F794B-ACFE-42D5-965E-48B7FA716A37}" "Tcpip6" "{DA47ADBE-5FE1-4F4B-B386-C5949804AB23}" "Tcpip6" "{7D00223C-9899-4D54-BBBF-B908793153DD}" "Tcpip6" "{EED39EE6-45FB-43BF-8767-74C20831446D}" "Tcpip6" "{049A37D9-7BB9-4E1C-974C-204EDBD5F08D}" "Tcpip6" "{83181DCD-8092-49C6-829A-22C5627C360F}" "Tcpip6" "{C9B43B9C-321A-48B6-8CCE-0413A001132A}" "Tcpip6" "{7C46F6A3-800D-4FA2-B281-DD2002A6F0A4}" "Tcpip6" "{A596D949-9ADC-4965-8E12-5C812E4F7F4F}""
"Export"="\Device\NetBT_Tcpip_{7D00223C-9899-4D54-BBBF-B908793153DD} \Device\NetBT_Tcpip_{C9B43B9C-321A-48B6-8CCE-0413A001132A} \Device\NetBT_Tcpip_{A596D949-9ADC-4965-8E12-5C812E4F7F4F} \Device\NetBT_Tcpip6_{356F794B-ACFE-42D5-965E-48B7FA716A37} \Device\NetBT_Tcpip6_{DA47ADBE-5FE1-4F4B-B386-C5949804AB23} \Device\NetBT_Tcpip6_{7D00223C-9899-4D54-BBBF-B908793153DD} \Device\NetBT_Tcpip6_{EED39EE6-45FB-43BF-8767-74C20831446D} \Device\NetBT_Tcpip6_{049A37D9-7BB9-4E1C-974C-204EDBD5F08D} \Device\NetBT_Tcpip6_{83181DCD-8092-49C6-829A-22C5627C360F} \Device\NetBT_Tcpip6_{C9B43B9C-321A-48B6-8CCE-0413A001132A} \Device\NetBT_Tcpip6_{7C46F6A3-800D-4FA2-B281-DD2002A6F0A4} \Device\NetBT_Tcpip6_{A596D949-9ADC-4965-8E12-5C812E4F7F4F}"

[HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\Services\NetBT\Parameters]
"TransportBindName"="\Device\"
"EnableLMHOSTS"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\Services\NetBT\Parameters\Interfaces]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\Services\NetBT\Parameters\Interfaces\Tcpip_{7D00223C-9899-4D54-BBBF-B908793153DD}]
"NameServerList"=" "
"NetbiosOptions"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\Services\NetBT\Parameters\Interfaces\Tcpip_{A596D949-9ADC-4965-8E12-5C812E4F7F4F}]
"NameServerList"=" "
"NetbiosOptions"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\Services\NetBT\Parameters\Interfaces\Tcpip_{C9B43B9C-321A-48B6-8CCE-0413A001132A}]
"NameServerList"=" "
"NetbiosOptions"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\currentcontrolset\Services\NetBT\Enum]
"0"="Root\LEGACY_NETBT\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)


-= EOF =-


----------



## Ried

Disable your Anti Virus and run ComboFix.exe again. It will prompt you that an update is available - please allow it to update.

Post the ComboFix.txt when it has completed


----------



## TabbyCat725

_*I disabled my anti-virus and ran ComboFix, but had some problems with it. I wasn't prompted for an update. It went through the first two little windows scanning just fine, but once it got to the blue window, it said, "'PING' is not recognized as an internal or external command, operable program or batch file."

At that time, I had a pop up which said, "Current date is 2012-07-02. ComboFix has expired. Click 'yes' to run in REDUCED FUNCTIONALITY mode. Click 'no' to exit."*_

_*Should I click yes or no?*_


----------



## Ried

Click No to exit. You need the latest Combofix so please delete that existing ComboFix.exe and download the latest version from here and save it to the desktop.

Same as before, disable your AV and run ComboFix.exe


----------



## TabbyCat725

_*BIG BIG BIG problem. ComboFix ran, but now I can't open anything on my computer. Firefox and Internet Explorer included. 

For example, when I try to open FireFox, I receive an error message that says: Illegal operation attempted on a registry key that has been marked for deletion. When I click "ok," it says I can't open this item. 

I receive a similar error message for anything that I attempt to open. *_


----------



## Ried

All you have to do is reboot the machine and all will be well. 

Reboot, then post the C:\ComboFix.txt


----------



## TabbyCat725

_*Oh, thank God! lol It's working now. But now I can't find the log anywhere. I've searched for it and it flat out doesn't exist. *_


----------



## Ried

Did ComboFix complete? If so, the log will be directly on the C:\ drive, named ComboFix.txt


----------



## TabbyCat725

_*It did complete because I saw the log pop up, but after the restart it's nowhere to be found. I did a search for "ComboFix" and only found ComboFix.exe. *_


----------



## Ried

Disable your AV and run Combofix.exe again. Same as before...



> *NOTE:* If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


If you see the ComboFix log pop open when ComboFix has completed, and you're afraid you'll lose the log, save the log to the Desktop before rebooting.


----------



## TabbyCat725

_*Will do! Are you feeling like this: :banghead: yet? lol*_


----------



## Ried

As a matter of fact, I'm getting there... :laugh:


----------



## TabbyCat725

_*Aww! I'm sorry! But on the bright side, we now have a ComboFix log:*_

ComboFix 12-07-02.01 - Maria Tabitha 07/02/2012 20:21:48.4.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1911.1183 [GMT -6:00]
Running from: c:\users\Maria Tabitha\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-07-03 02:40 . 2012-07-03 02:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-03 02:40 . 2012-07-03 02:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-03 02:18 . 2012-07-03 02:18 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68BAC94A-AE57-4E59-88EB-4F0DC8CC75A0}\offreg.dll
2012-07-02 23:30 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68BAC94A-AE57-4E59-88EB-4F0DC8CC75A0}\mpengine.dll
2012-06-30 19:39 . 2012-02-09 20:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E868032-2749-4B57-AC20-838B3C52136C}\gapaengine.dll
2012-06-30 15:21 . 2012-06-30 19:36 65 ----a-w- C:\query netbt.bat
2012-06-30 02:55 . 2012-06-30 03:46 -------- d-----w- c:\program files\Common Files\Java
2012-06-30 02:44 . 2012-06-30 03:46 -------- d-----w- c:\program files\Oracle
2012-06-30 02:21 . 2012-06-30 02:21 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-30 02:19 . 2012-06-30 02:19 -------- d-----w- c:\programdata\McAfee
2012-06-30 02:14 . 2012-06-30 02:14 -------- d-----w- c:\users\Maria Tabitha\AppData\Local\Macromedia
2012-06-28 05:46 . 2012-06-29 20:22 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{88D675A6-AE7C-41BE-A89A-674E627E9522}\offreg.dll
2012-06-28 05:34 . 2012-06-30 03:54 -------- d-----w- c:\windows\system32\SPReview
2012-06-28 04:52 . 2010-11-20 10:21 198144 ----a-w- c:\windows\system32\sysclass.dll
2012-06-28 04:33 . 2012-06-28 04:33 -------- d-----w- c:\windows\system32\EventProviders
2012-06-27 04:08 . 2012-06-27 04:08 -------- d-----w- c:\program files\Common Files\xing shared
2012-06-27 04:07 . 2012-06-27 04:07 129144 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2012-06-26 10:45 . 2012-06-18 09:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{88D675A6-AE7C-41BE-A89A-674E627E9522}\mpengine.dll
2012-06-19 07:04 . 2012-06-19 07:04 85472 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-06-19 07:04 . 2012-06-19 07:04 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-06-19 07:04 . 2012-06-19 07:04 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-06-19 07:04 . 2012-06-19 07:04 117728 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-06-19 07:04 . 2012-06-19 07:04 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-06-19 07:04 . 2012-06-19 07:04 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-19 07:04 . 2012-06-19 07:04 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-11 01:58 . 2012-06-11 01:58 -------- d-----w- c:\users\Maria Tabitha\AppData\Local\Ilivid Player
2012-06-11 01:47 . 2012-06-11 01:47 -------- d-----w- c:\users\Maria Tabitha\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-30 02:14 . 2012-04-03 17:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-30 02:14 . 2011-07-30 06:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-28 05:27 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-06-27 04:07 . 2011-12-13 22:56 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-27 04:07 . 2011-12-13 22:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-31 03:41 . 2012-01-12 02:37 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-05 01:29 . 2010-11-18 17:38 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 21:56 . 2012-01-11 02:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-19 07:04 . 2012-06-19 07:04 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-08-21 18:47 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-08-21 18:47 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-16 6276408]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-08 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-08 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-08 170008]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-08-02 726640]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2012-04-03 5249024]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-08-24 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-08-24 95544]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-06-27 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R1 MpKsl6de5363f;MpKsl6de5363f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FD2E748-5113-4B27-922A-AFF331F0F9AE}\MpKsl6de5363f.sys [x]
R1 MpKsl9346043a;MpKsl9346043a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8CE9F11-07FD-4089-8F53-DF6FFA47CEFC}\MpKsl9346043a.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:14]
.
.
------- Supplementary Scan -------
.
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: convergysworkathome.com\www
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - c:\users\Maria Tabitha\AppData\Roaming\Mozilla\Firefox\Profiles\i5cwg6d1.default-1341042064726\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1749685330-1117841376-509585274-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1749685330-1117841376-509585274-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(560)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(4428)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2012-07-02 20:44:02
ComboFix-quarantined-files.txt 2012-07-03 02:44
ComboFix2.txt 2012-07-02 23:21
ComboFix3.txt 2012-06-28 01:03
ComboFix4.txt 2012-02-12 00:42
.
Pre-Run: 195,253,194,752 bytes free
Post-Run: 194,972,647,424 bytes free
.
- - End Of File - - 081E23CDADD1CCC9C3CBFBC0C5B4A277


----------



## Ried

Thanks. :smile:

Everything is in place as far as our logs can see. I take it you still cannot run Windows Update?

If so, try creating a new Admin user account and see if Windows Updates work in that account.

Click Start>Control Panel>User Accounts>Manage another account>Create New Account. 

Be sure to give it Administrative priveleges.

=====================================

Log into that new account and try Windows Update. Let me know what happens.

Look in the left side panel and click Manage


----------



## TabbyCat725

_*I received the same error as I do on this account. *_


----------



## Ried

Odd question for you - is this machine connected to the internet wirelessly via a router, or is it connected directly to the modem.


----------



## TabbyCat725

_*It's wireless. *_


----------



## Ried

How difficult would it be for you to connect it directly to the modem?

One more thing -- please navigate to C:\Qoobox and post the ComboFix2.txt


----------



## TabbyCat725

_*Umm, probably not too difficult. I can look for the cord tomorrow, if you'd like. 

Here's ComboFix2: *_

ComboFix 12-07-02.01 - Maria Tabitha 07/02/2012 16:58:16.3.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1911.1101 [GMT -6:00]
Running from: c:\users\Maria Tabitha\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 )))))))))))))))))))))))))))))))
.
.
2012-07-02 23:16 . 2012-07-02 23:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-02 23:16 . 2012-07-02 23:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-01 09:38 . 2012-07-01 09:38 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D333FA37-E6F0-48A6-A907-C3CBD5AA1F69}\offreg.dll
2012-06-30 19:39 . 2012-02-09 20:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E868032-2749-4B57-AC20-838B3C52136C}\gapaengine.dll
2012-06-30 19:38 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D333FA37-E6F0-48A6-A907-C3CBD5AA1F69}\mpengine.dll
2012-06-30 15:21 . 2012-06-30 19:36 65 ----a-w- C:\query netbt.bat
2012-06-30 02:55 . 2012-06-30 03:46 -------- d-----w- c:\program files\Common Files\Java
2012-06-30 02:44 . 2012-06-30 03:46 -------- d-----w- c:\program files\Oracle
2012-06-30 02:21 . 2012-06-30 02:21 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-30 02:19 . 2012-06-30 02:19 -------- d-----w- c:\programdata\McAfee
2012-06-30 02:14 . 2012-06-30 02:14 -------- d-----w- c:\users\Maria Tabitha\AppData\Local\Macromedia
2012-06-28 05:46 . 2012-06-29 20:22 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{88D675A6-AE7C-41BE-A89A-674E627E9522}\offreg.dll
2012-06-28 05:34 . 2012-06-30 03:54 -------- d-----w- c:\windows\system32\SPReview
2012-06-28 04:52 . 2010-11-20 10:21 198144 ----a-w- c:\windows\system32\sysclass.dll
2012-06-28 04:33 . 2012-06-28 04:33 -------- d-----w- c:\windows\system32\EventProviders
2012-06-27 04:08 . 2012-06-27 04:08 -------- d-----w- c:\program files\Common Files\xing shared
2012-06-27 04:07 . 2012-06-27 04:07 129144 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2012-06-26 10:45 . 2012-06-18 09:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{88D675A6-AE7C-41BE-A89A-674E627E9522}\mpengine.dll
2012-06-19 07:04 . 2012-06-19 07:04 85472 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-06-19 07:04 . 2012-06-19 07:04 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-06-19 07:04 . 2012-06-19 07:04 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-06-19 07:04 . 2012-06-19 07:04 117728 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-06-19 07:04 . 2012-06-19 07:04 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-06-19 07:04 . 2012-06-19 07:04 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-19 07:04 . 2012-06-19 07:04 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-11 01:58 . 2012-06-11 01:58 -------- d-----w- c:\users\Maria Tabitha\AppData\Local\Ilivid Player
2012-06-11 01:47 . 2012-06-11 01:47 -------- d-----w- c:\users\Maria Tabitha\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-30 02:14 . 2012-04-03 17:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-30 02:14 . 2011-07-30 06:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-28 05:27 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-06-27 04:07 . 2011-12-13 22:56 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-27 04:07 . 2011-12-13 22:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-31 03:41 . 2012-01-12 02:37 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-05 01:29 . 2010-11-18 17:38 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 21:56 . 2012-01-11 02:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 23:28 . 2010-11-18 17:43 52224 ----a-w- c:\windows\system32\wltrynt.dll
2012-04-03 23:28 . 2010-11-18 17:43 457 ----a-w- c:\windows\system32\vcredist_x86.bat
2012-04-03 23:28 . 2010-11-18 17:43 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
2012-04-03 23:28 . 2010-11-18 17:43 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-04-03 23:28 . 2010-11-18 17:43 1032192 ----a-w- c:\windows\system32\BCMLogon.dll
2012-04-03 23:28 . 2010-11-18 17:43 7489024 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2012-04-03 23:28 . 2010-11-18 17:43 58368 ----a-w- c:\windows\system32\bcmwlrmt.dll
2012-04-03 23:28 . 2010-11-18 17:43 4517888 ----a-w- c:\windows\system32\bcmttls.dll
2012-04-03 23:28 . 2010-11-18 17:43 18424 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2012-06-19 07:04 . 2012-06-19 07:04 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-08-21 18:47 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-08-21 18:47 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-16 6276408]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-08 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-08 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-08 170008]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-08-02 726640]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2012-04-03 5249024]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-08-24 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-08-24 95544]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-06-27 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R1 MpKsl6de5363f;MpKsl6de5363f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FD2E748-5113-4B27-922A-AFF331F0F9AE}\MpKsl6de5363f.sys [x]
R1 MpKsl9346043a;MpKsl9346043a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8CE9F11-07FD-4089-8F53-DF6FFA47CEFC}\MpKsl9346043a.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:14]
.
.
------- Supplementary Scan -------
.
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: convergysworkathome.com\www
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - c:\users\Maria Tabitha\AppData\Roaming\Mozilla\Firefox\Profiles\i5cwg6d1.default-1341042064726\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1749685330-1117841376-509585274-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1749685330-1117841376-509585274-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(560)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(8472)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2012-07-02  17:21:04
ComboFix-quarantined-files.txt 2012-07-02 23:21
ComboFix2.txt 2012-06-28 01:03
ComboFix3.txt 2012-02-12 00:42
.
Pre-Run: 195,758,190,592 bytes free
Post-Run: 195,350,360,064 bytes free
.
- - End Of File - - 50B8878F1B07915790708EB0CBC480C5


----------



## Ried

It was just a thought - I had seen some people resolve this issue by connecting directly to the modem, but honestly, I don't think that will make any difference for you due to the infection you had on this machine. ZAccess is known to damage the Operating System and sometimes we just cannot locate exactly what it did to mess up the Windows Update feature. You may end up having to reinstall Windows 7.

Before we do that, I'd like to get a look at several more registry keys. If these appear as they should, then a reinstall would be the quickest and safest way for you to proceed.

Open SystemLook and copy/paste the following into the open field:



Code:


:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{11c058e0-9f3e-4c90-a459-2553f2f9e011}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{653C5148-4DCE-4905-9CFD-1B23662D3D9E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B366DEBE-645B-43A5-B865-DDD82C345492}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{e30984f1-b02b-4c27-a40f-23d11b8c1212}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{f62fdd2e-66d2-423b-9a04-f71ea00f892a}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36eef7db-88ad-4e81-ad49-0e313f0c35f8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfbc05bc-1b9e-4693-a49c-4e7181d69e0a}
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3DE\52C64B7E

Click the Look button. The log will pop open for you, and will also be saved on the desktop as SystemLook.txt (if that's where SystemLook.exe is located)

Please attach that log to your next reply. I'll look it over tomorrow.


----------



## TabbyCat725

_*Aww. :sad: I so hope I don't need to reinstall Windows!!  <~*~ Pardon me while I throw a temper tantrum. :wnk:

I've attached the log. 
*_


----------



## Ried

Thanks. 

A bit my fault on that last script - I need to find out the full registry key path on your machine.

Open SystemLook and copy/paste the following into the open field and click the Look button.



> :regfind
> 52C64B7E


Post the log for me, then I'll have you do another SystemLook once I see the path to that folder.


----------



## TabbyCat725

_*This looks bad...lol*_

SystemLook 30.07.11 by jpshortstuff
Log created at 14:50 on 03/07/2012 by Maria Tabitha
Administrator - Elevation successful

========== regfind ==========

Searching for "52C64B7E "
No data found.

-= EOF =-


----------



## Ried

Let's try it another way just to be sure it is really missing.

Open SystemLook and copy/paste the following, click Look button and post or attach.the log.



> :reg
> HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache /s


----------



## TabbyCat725

*Wow. That took like .2 seconds. As soon as I clicked "look," the log popped up. Here it is: *

SystemLook 30.07.11 by jpshortstuff
Log created at 15:41 on 03/07/2012 by Maria Tabitha
Administrator - Elevation successful

========== reg ==========

[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache]
(No values found)

[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\1A9]
(No values found)

[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\1A9\52C64B7E]
"LanguageList"="en-US en"
"@%SystemRoot%\system32\p2pcollab.dll,-8042"="Peer to Peer Trust"
"@%SystemRoot%\system32\qagentrt.dll,-10"="System Health Authentication"
"@%SystemRoot%\system32\dnsapi.dll,-103"="Domain Name System (DNS) Server Trust"
"@%SystemRoot%\System32\fveui.dll,-843"="BitLocker Drive Encryption"
"@%SystemRoot%\System32\fveui.dll,-844"="BitLocker Data Recovery Agent"
"@C:\Windows\system32\prnfldr.dll,-8036"="Printers"
"@C:\Windows\system32\netshell.dll,-1200"="Network Connections"
"@C:\Windows\System32\ie4uinit.exe,-731"="Internet Explorer"
"@C:\Windows\system32\SNTSearch.dll,-505"="Sticky Notes"
"@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100"="Bing Bar"
"@gameux.dll,-10102"="Internet Backgammon"
"@gameux.dll,-10054"="Chess Titans"
"@gameux.dll,-10060"="Solitaire"
"@gameux.dll,-10103"="Internet Spades"
"@gameux.dll,-10055"="FreeCell"
"@gameux.dll,-10101"="Internet Checkers"
"@gameux.dll,-10059"="Mahjong Titans"
"@gameux.dll,-10061"="Spider Solitaire"
"@gameux.dll,-10058"="Purble Place"
"@gameux.dll,-10057"="Minesweeper"
"@gameux.dll,-10209"="More Games from Microsoft"
"@gameux.dll,-10056"="Hearts"
"@C:\Windows\System32\wpccpl.dll,-100"="Parental Controls"
"@"%systemroot%\system32\windowspowershell\v1.0\powershell.exe",-111"="Performs object-based (command-line) functions"
"@C:\Windows\system32\bcmwlrc.dll,-4049"="DW WLAN Card Readme"
"@C:\Windows\system32\bcmwlrc.dll,-4001"="DW WLAN Card Utility"
"@C:\Program Files\Intel\Intel Control Center\Uninstaller\SetupICC.exe,-102"="View and open Intel applications."
"@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1000"="Blog like a pro, with photos, videos, maps, and more"
"@C:\Program Files\Windows Live\Mail\maillang.dll,-100"="Send and receive email and manage your contacts and calendars."
"@C:\Program Files\Windows Live\Messenger\msgslang.dll,-2140"="Stay in touch with the people you care about most from your PC, phone, or web."
"@C:\Program Files\Windows Live\Photo Gallery\MovieMakerLang.dll,-1135"="Turn your videos and photos into a movie and share it with others."
"@C:\Program Files\Windows Live\Photo Gallery\WLXPhotoLibraryDuiResourcesLocalized.dll,-3100"="View, edit, organize, and share your photos"
"@"%windir%\System32\ie4uinit.exe",-738"="Start Internet Explorer without ActiveX controls or browser extensions."
"@"%windir%\System32\ie4uinit.exe",-732"="Finds and displays information and Web sites on the Internet."
"@gameux.dll,-10301"="Enjoy the classic strategy game of Backgammon. Compete against players online and race to be the first to remove all your playing pieces from the board."
"@gameux.dll,-10308"="Mahjong Titans is a form of solitaire played with tiles instead of cards. Match pairs of tiles until all have been removed from the board in this classic game."
"@gameux.dll,-10307"="Purble Place is an educational and entertaining game that comprises three distinct games that help teach colors, shapes and pattern recognition."
"@C:\Windows\system32\sud.dll,-1"="Default Programs"
"@C:\Windows\ehome\ehres.dll,-100"="Windows Media Center"
"@C:\Windows\system32\WindowsAnytimeUpgradeUI.exe,-1"="Windows Anytime Upgrade"
"@C:\Program Files\Windows Sidebar\sidebar.exe,-1005"="Desktop Gadget Gallery"
"@C:\Windows\system32\FXSRESM.dll,-114"="Windows Fax and Scan"
"@C:\Program Files\DVD Maker\DVDMaker.exe,-61403"="Windows DVD Maker"
"@C:\PROGRA~1\WIC4A1~1\PHOTOG~1\MOVIEM~2.DLL,-1131"="Windows Live Movie Maker"
"@C:\PROGRA~1\WIC4A1~1\Mail\maillang.dll,-21159"="Windows Live Mail"
"@C:\Windows\system32\unregmp2.exe,-4"="Windows Media Player"
"@C:\Windows\system32\wucltux.dll,-1"="Windows Update"
"@C:\PROGRA~1\WIC4A1~1\PHOTOG~1\WL09BB~1.DLL,-3098"="Windows Live Photo Gallery"
"@C:\Windows\system32\XpsRchVw.exe,-102"="XPS Viewer"
"@C:\Windows\system32\DeviceCenter.dll,-2000"="View and manage devices, printers, and print jobs"
"@explorer.exe,-7001"="Find Help topics, tutorials, troubleshooting, and other support services."
"@C:\Windows\System32\ie4uinit.exe,-737"="Internet Explorer (No Add-ons)"
"@C:\Windows\system32\AccessibilityCpl.dll,-10"="Ease of Access Center"
"@C:\PROGRA~1\WIC4A1~1\Writer\WI68BE~1.DLL,-1001"="Windows Live Writer"
"@C:\Windows\system32\sdcpl.dll,-101"="Backup and Restore"
"@C:\Windows\system32\recdisc.exe,-2000"="Create a System Repair Disc"
"@C:\Windows\system32\msra.exe,-100"="Windows Remote Assistance"
"@C:\PROGRA~1\Intel\INTELC~1\UNINST~1\SetupICC.exe,-100"="Intel® Control Center"
"@C:\Windows\system32\gameux.dll,-10054"="Chess Titans"
"@C:\Windows\system32\gameux.dll,-10055"="FreeCell"
"@C:\Windows\system32\gameux.dll,-10082"="Games Explorer"
"@C:\Windows\system32\gameux.dll,-10056"="Hearts"
"@C:\Windows\system32\gameux.dll,-10102"="Internet Backgammon"
"@C:\Windows\system32\gameux.dll,-10101"="Internet Checkers"
"@C:\Windows\system32\gameux.dll,-10103"="Internet Spades"
"@C:\Windows\system32\gameux.dll,-10059"="Mahjong Titans"
"@C:\Windows\system32\gameux.dll,-10057"="Minesweeper"
"@C:\Windows\system32\gameux.dll,-10209"="More Games from Microsoft"
"@C:\Windows\system32\gameux.dll,-10058"="Purble Place"
"@C:\Windows\system32\gameux.dll,-10060"="Solitaire"
"@C:\Windows\system32\gameux.dll,-10061"="Spider Solitaire"
"@C:\Windows\system32\comres.dll,-3410"="Component Services"
"@C:\Windows\system32\mycomput.dll,-300"="Computer Management"
"@C:\Windows\system32\odbcint.dll,-1310"="Data Sources (ODBC)"
"@C:\Windows\system32\miguiresource.dll,-101"="Event Viewer"
"@C:\Windows\system32\iscsicpl.dll,-5001"="iSCSI Initiator"
"@C:\Windows\system32\MdSched.exe,-4001"="Windows Memory Diagnostic"
"@C:\Windows\system32\wdc.dll,-10021"="Performance Monitor"
"@C:\Windows\system32\filemgmt.dll,-2204"="Services"
"@C:\Windows\system32\msconfig.exe,-126"="System Configuration"
"@C:\Windows\system32\miguiresource.dll,-201"="Task Scheduler"
"@C:\Windows\System32\AuthFWGP.dll,-20"="Windows Firewall with Advanced Security"
"@C:\Windows\system32\displayswitch.exe,-320"="Connect to a Projector"
"@C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe,-291"="Math Input Panel"
"@C:\Windows\system32\mblctr.exe,-1008"="Windows Mobility Center"
"@C:\Windows\system32\mstsc.exe,-4000"="Remote Desktop Connection"
"@C:\Windows\system32\SnippingTool.exe,-15051"="Snipping Tool"
"@C:\Windows\system32\SoundRecorder.exe,-100"="Sound Recorder"
"@C:\Windows\System32\SyncCenter.dll,-3000"="Sync Center"
"@C:\Program Files\windows journal\journal.exe,-62005"="Tablet PC"
"@C:\Windows\system32\OobeFldr.dll,-33056"="Getting Started"
"@C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe,-101"="Windows PowerShell ISE"
"@C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe,-298"="Personalize Handwriting Recognition"
"@C:\Program Files\Common Files\Microsoft Shared\Ink\TipTsf.dll,-80"="Tablet PC Input Panel"
"@C:\Program Files\Windows Journal\Journal.exe,-3074"="Windows Journal"
"@C:\Windows\system32\dfrgui.exe,-103"="Disk Defragmenter"
"@C:\Windows\system32\wdc.dll,-10030"="Resource Monitor"
"@C:\Windows\system32\msinfo32.exe,-100"="System Information"
"@C:\Windows\system32\rstrui.exe,-100"="System Restore"
"@C:\Windows\system32\migwiz\wet.dll,-591"="Windows Easy Transfer Reports"
"@C:\Windows\system32\migwiz\wet.dll,-588"="Windows Easy Transfer"
"@C:\Windows\system32\Speech\SpeechUX\sapi.cpl,-5555"="Windows Speech Recognition"
"@%ProgramFiles%\DVD Maker\DVDMaker.exe,-63385"="Burn pictures and video to DVD."
"@C:\Program Files\Common Files\system\wab32res.dll,-10100"="Contacts"
"@C:\Windows\system32\NetworkExplorer.dll,-1"="Network"
"@C:\Windows\System32\powercpl.dll,-1"="Power Options"
"@C:\Windows\System32\powercpl.dll,-2"="Conserve energy or maximize performance by choosing how your computer manages power."
"@C:\Windows\System32\taskbarcpl.dll,-1"="Notification Area Icons"
"@C:\Windows\System32\taskbarcpl.dll,-2"="Select which icons and notifications appear in the notification area."
"@C:\Windows\system32\Vault.dll,-1"="Credential Manager"
"@C:\Windows\system32\Vault.dll,-2"="Manage your Windows Credentials."
"@C:\Windows\System32\sud.dll,-10"="Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."
"@C:\Windows\System32\tsworkspace.dll,-15300"="RemoteApp and Desktop Connections"
"@C:\Windows\System32\tsworkspace.dll,-15301"="Manage your RemoteApp and Desktop Connections"
"@C:\Program Files\windows live\installer\LangSelectorLang.dll,-10000"="Windows Live Language Setting"
"@C:\Program Files\windows live\installer\LangSelectorLang.dll,-10050"="Change the language used for Windows Live programs."
"@C:\Windows\system32\wucltux.dll,-4"="Check for software and driver updates, choose automatic updating settings, or view installed updates."
"@C:\Program Files\Windows Sidebar\sidebar.exe,-11003"="Desktop Gadgets"
"@C:\Program Files\Windows Sidebar\sidebar.exe,-11002"="View the desktop gadgets installed on your computer."
"@C:\Windows\system32\FirewallControlPanel.dll,-12122"="Windows Firewall"
"@C:\Windows\system32\FirewallControlPanel.dll,-12123"="Set firewall security options to help protect your computer from hackers and malicious software."
"@C:\Windows\System32\telephon.cpl,-1"="Phone and Modem"
"@C:\Windows\System32\telephon.cpl,-2"="Configure your telephone dialing rules and modem settings."
"@C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\javacpl.exe,-2"="Java(TM) Control Panel"
"@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1"="Speech Recognition"
"@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2"="Configure how speech recognition works on your computer."
"@C:\Windows\system32\mblctr.exe,-1002"="Windows Mobility Center"
"@C:\Windows\system32\mblctr.exe,-1003"="Adjust display brightness, volume, power options, and other commonly used mobile PC settings."
"@C:\Windows\System32\usercpl.dll,-1"="User Accounts"
"@C:\Windows\System32\usercpl.dll,-2"="Change user account settings and passwords for people who share this computer."
"@C:\Windows\System32\intl.cpl,-1"="Region and Language"
"@C:\Windows\System32\intl.cpl,-2"="Customize settings for the display of languages, numbers, times, and dates."
"@C:\Windows\System32\hgcpl.dll,-1"="HomeGroup"
"@C:\Windows\System32\hgcpl.dll,-2"="View HomeGroup settings, choose sharing options, and view or change the password."
"@C:\Windows\System32\main.cpl,-100"="Mouse"
"@C:\Windows\System32\main.cpl,-101"="Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."
"@C:\Windows\System32\main.cpl,-102"="Keyboard"
"@C:\Windows\System32\main.cpl,-103"="Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."
"@C:\Windows\System32\devmgr.dll,-4"="Device Manager"
"@C:\Windows\System32\devmgr.dll,-5"="View and update your hardware's settings and driver software."
"@C:\Windows\System32\icardres.dll,-4097"="Windows CardSpace"
"@C:\Windows\System32\icardres.dll,-4098"="Manage Information Cards used to log on and register with websites and online services."
"@C:\Windows\System32\PerfCenterCPL.dll,-1"="Performance Information and Tools"
"@C:\Windows\System32\PerfCenterCPL.dll,-2"="Get information about your computer's speed and performance. If solutions to performance problems are available, Windows lets you know."
"@C:\Windows\system32\appwiz.cpl,-159"="Programs and Features"
"@C:\Windows\system32\appwiz.cpl,-160"="Uninstall or change programs on your computer."
"@C:\Windows\System32\srchadmin.dll,-601"="Indexing Options"
"@C:\Windows\System32\srchadmin.dll,-602"="Change how Windows indexes items for faster searching"
"@C:\Windows\System32\netcenter.dll,-1"="Network and Sharing Center"
"@C:\Windows\System32\netcenter.dll,-2"="Check network status, change network settings and set preferences for sharing files and printers."
"@C:\Windows\System32\wpccpl.dll,-101"="Change Parental Controls settings."
"@C:\Windows\System32\autoplay.dll,-1"="AutoPlay"
"@C:\Windows\System32\autoplay.dll,-2"="Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."
"@C:\Windows\System32\SyncCenter.dll,-3001"="Sync files between your computer and network folders"
"@C:\Windows\System32\recovery.dll,-101"="Recovery"
"@C:\Windows\System32\recovery.dll,-2"="Restore your system to an earlier time without affecting your files, or replace everything on your computer and reinstall Windows."
"@C:\Windows\System32\inetcpl.cpl,-4312"="Internet Options"
"@C:\Windows\System32\inetcpl.cpl,-4313"="Configure your Internet display and connection settings."
"@C:\Windows\system32\DeviceCenter.dll,-1000"="Devices and Printers"
"@C:\Windows\system32\colorcpl.exe,-6"="Color Management"
"@C:\Windows\system32\colorcpl.exe,-7"="Change advanced color management settings for displays, scanners, and printers."
"@C:\Windows\System32\sdcpl.dll,-100"="Backup and restore your files and system. Monitor latest backup status and configuration."
"@C:\Windows\System32\systemcpl.dll,-1"="System"
"@C:\Windows\System32\systemcpl.dll,-2"="View information about your computer, and change settings for hardware, performance, and remote connections."
"@C:\Windows\System32\ActionCenterCPL.dll,-1"="Action Center"
"@C:\Windows\System32\ActionCenterCPL.dll,-2"="Review recent messages and resolve problems with your computer."
"@C:\Windows\System32\windowsanytimeupgradeui.exe,-2"="A convenient and affordable way to upgrade Windows"
"@C:\Windows\System32\Display.dll,-1"="Display"
"@C:\Windows\System32\Display.dll,-2"="Change your display settings and make it easier to read what's on your screen."
"@C:\Windows\System32\DiagCpl.dll,-1"="Troubleshooting"
"@C:\Windows\System32\DiagCpl.dll,-15"="Troubleshoot and fix common computer problems."
"@C:\Windows\system32\OobeFldr.dll,-33057"="Learn about Windows features and start using them."
"@C:\Windows\System32\accessibilitycpl.dll,-45"="Make your computer easier to use."
"@C:\Program Files\Windows Defender\MsMpRes.dll,-104"="Windows Defender"
"@C:\Program Files\Windows Defender\MsMpRes.dll,-1176"="Protection against spyware and potentially unwanted software"
"@C:\Windows\System32\timedate.cpl,-51"="Date and Time"
"@C:\Windows\System32\timedate.cpl,-52"="Set the date, time, and time zone for your computer."
"@C:\Windows\System32\SensorsCpl.dll,-1"="Location and Other Sensors"
"@C:\Windows\System32\SensorsCpl.dll,-701"="Configure your sensor settings."
"@C:\Windows\System32\themecpl.dll,-1"="Personalization"
"@C:\Windows\System32\themecpl.dll,-2"="Change the pictures, colors, and sounds for this computer."
"@C:\Windows\System32\mmsys.cpl,-300"="Sound"
"@C:\Windows\System32\mmsys.cpl,-301"="Configure your audio devices or change the sound scheme for your computer."
"@netcenter.dll,-1"="Network and Sharing Center"
"@C:\Windows\system32\wlanpref.dll,-20001"="Manage Wireless Networks"
"@C:\Windows\system32\NetworkMap.dll,-1"="Network Map"
"@van.dll,-2401"="Shows available wireless networks and dial-up and VPN connections that you can connect to."
"@netshell.dll,-12026"="View and connect to Bluetooth Personal Area Network devices and computers."
"@netshell.dll,-12027"="Temporarily inactivate the selected connection so that it cannot be used."
"@netshell.dll,-12002"="Activate the selected connection."
"@netshell.dll,-12003"="Temporarily inactivate the selected connection so that it cannot be used."
"@netshell.dll,-12016"="Prepare the selected network device for use."
"@netshell.dll,-12017"="Inactivate the selected network device so that it cannot be used."
"@netshell.dll,-12023"="Correct problems that prevent you from connecting to the network."
"@netshell.dll,-12007"="Give the connection a different name."
"@netshell.dll,-12004"="View the connection, duration, speed, activity, and other status settings for this connection."
"@netshell.dll,-12006"="Remove the selected connection(s) so that it can no longer be used. "
"@netshell.dll,-12008"="Change settings for this connection, such as adapter or protocol configuration settings."
"@van.dll,-2400"="Connect To"
"@netshell.dll,-1700"="View Bluetooth network devices"
"@netshell.dll,-1712"="Disconnect this connection"
"@netshell.dll,-1530"="Start this connection"
"@netshell.dll,-1535"="Disconnect this connection"
"@netshell.dll,-1565"="Enable this network device"
"@netshell.dll,-1570"="Disable this network device"
"@netshell.dll,-1540"="Diagnose this connection"
"@netshell.dll,-1550"="Rename this connection"
"@netshell.dll,-1555"="View status of this connection"
"@netshell.dll,-1560"="Delete this connection"
"@netshell.dll,-1575"="Change settings of this connection"
"@gameux.dll,-10304"="Move all the cards to the home cells using the free cells as placeholders. Stack the cards by suit and rank from lowest (ace) to highest (king)."
"@gameux.dll,-10302"="Compete with - and against - online opponents at the classic trick-taking, partnership card game of Spades. Score the most points to win."
"@gameux.dll,-10305"="Hearts is a trick-based card game in which the goal is to get rid of cards while avoiding points. The player with the lowest number of points wins."
"@C:\Windows\explorer.exe,-7021"="Help and Support"
"@%SystemRoot%\system32\netshell.dll,-1200"="Network Connections"
"@netcfgx.dll,-50002"="Allows your computer to access resources on a Microsoft network."
"@%SystemRoot%\System32\drivers\pacer.sys,-100"="Quality of Service Packet Scheduler. This component provides network traffic control, including rate-of-flow and prioritization services."
"@netcfgx.dll,-50003"="Allows other computers to access resources on your computer using a Microsoft network."
"@tcpipcfg.dll,-50002"="TCP/IP version 6. The latest version of the internet protocol that provides communication across diverse interconnected networks."
"@%SystemRoot%\system32\tcpipcfg.dll,-50001"="Transmission Control Protocol/Internet Protocol. The default wide area network protocol that provides communication across diverse interconnected networks."
"@%SystemRoot%\system32\lltdres.dll,-4"="Used to discover and locate other PCs, devices, and network infrastructure components on the network. Also used to determine network bandwidth."
"@%SystemRoot%\system32\lltdres.dll,-3"="Allows this PC to be discovered and located on the network."
"@%systemroot%\system32\rascfg.dll,-32010"="Provides the abilitiy to connect a host to a Remote Access Concentrator that supports RFC2516."
"@%systemroot%\system32\rascfg.dll,-32009"="Allows you to securely connect to a private network using the Internet."
"@%systemroot%\system32\rascfg.dll,-32008"="Allows you to securely connect to a private network using the Internet."
"@%systemroot%\system32\sstpsvc.dll,-203"="Allows you to securely connect to a private network using the Internet."
"@FirewallControlPanel.dll,-1"="Windows Firewall"
"@ActionCenterCPL.dll,-1"="Action Center"
"@PerfCenterCPL.dll,-1"="Performance Information and Tools"
"@hgcpl.dll,-4"="Advanced sharing settings"
"@%SystemRoot%\system32\wlanui.dll,-17301"="Wireless Network Properties"
"@%systemroot%\system32\mspaint.exe,-59418"="Paintbrush Picture"
"@sendmail.dll,-21"="Desktop (create shortcut)"
"@C:\Windows\system32\ntshrui.dll,-103"="S&hare with"
"@zipfldr.dll,-10148"="Compressed (zipped) folder"
"@btrez.dll,-4001"="Bluetooth"
"@C:\Windows\system32\FXSRESM.dll,-120"="Fax recipient"
"@sendmail.dll,-4"="Mail recipient"
"@C:\Program Files\Windows Photo Viewer\photoviewer.dll,-3043"="Pre&view"
"@C:\Windows\system32\stobject.dll,-417"="Set as desktop &background"
"@C:\Windows\system32\ntshrui.dll,-5112"="Share the selected items with other people on the network."
"@C:\Windows\system32\ntshrui.dll,-5108"="Makes the selected items private so other people can’t access them."
"@C:\Windows\system32\ntshrui.dll,-5104"="Nobody"
"@C:\Windows\system32\wmploc.dll,-128"="Microsoft Windows Media Player"
"@C:\Windows\System32\ie4uinit.exe,-21"="Internet Explorer"
"@C:\Windows\system32\themeui.dll,-2682"="Themes Setup"
"@DiagCpl.dll,-1"="Troubleshooting"
"@DiagCpl.dll,-23"="Network and Internet"
"@FirewallControlPanel.dll,-32"="Allowed Programs"
"@FirewallAPI.dll,-28502"="File and Printer Sharing"
"@FirewallAPI.dll,-38502"="This feature is used for sharing local files and printers with other users on the network. (Uses NetBIOS, LLMNR, SMB and RPC)"
"@FirewallAPI.dll,-31252"="Windows Media Player Network Sharing Service"
"@FirewallAPI.dll,-41252"="This feature enables users to share media over a network. (Uses UPnP, SSDP and qWave)"
"@FirewallAPI.dll,-31002"="Windows Media Player"
"@FirewallAPI.dll,-41002"="This feature allows users to receive streaming media over UDP."
"@FirewallAPI.dll,-30502"="Wireless Portable Devices"
"@FirewallAPI.dll,-40502"="This feature allows the transfer of media from your network enabled camera or media device to your computer using the Media Transfer Protocol (MTP). (Uses UPnP and SSDP)"
"@FirewallAPI.dll,-30752"="Media Center Extenders"
"@FirewallAPI.dll,-40752"="This feature allows Media Center Extenders to communicate with a computer running Windows Media Center. (Uses SSDP and qWave)"
"@FirewallAPI.dll,-31752"="Connect to a Network Projector"
"@FirewallAPI.dll,-41752"="This feature enables users to connect to projectors over wired or wireless networks to project presentations. (Uses WSDAPI)"
"@FirewallAPI.dll,-34501"="Remote Volume Management"
"@FirewallAPI.dll,-44501"="This feature provides remote software and hardware disk volume management. (Uses RPC)"
"@FirewallAPI.dll,-33752"="Routing and Remote Access"
"@FirewallAPI.dll,-43752"="This feature is used to allow incoming VPN and RAS connections."
"@FirewallAPI.dll,-30002"="Windows Firewall Remote Management"
"@FirewallAPI.dll,-40002"="This feature allows remote management of the local Windows Firewall. (Uses RPC)"
"@FirewallAPI.dll,-30252"="Windows Remote Management"
"@FirewallAPI.dll,-40252"="This feature allows remote management of the system via WS-Management, a web services-based protocol for remote management of operating systems and devices."
"@FirewallAPI.dll,-33252"="Remote Scheduled Tasks Management"
"@FirewallAPI.dll,-43252"="This feature allows remote management of the local task scheduling service. (Uses RPC)"
"@FirewallAPI.dll,-29252"="Remote Event Log Management"
"@FirewallAPI.dll,-39252"="This feature allows remote viewing and management of the local event log. (Uses Named Pipes and RPC)"
"@FirewallAPI.dll,-34002"="Windows Collaboration Computer Name Registration Service"
"@FirewallAPI.dll,-44002"="This feature allows other computers to find and communicate with your computer using the Peer Name Resolution Protocol. (Uses SSDP and PNRP)"
"@FirewallAPI.dll,-34251"="Windows Management Instrumentation (WMI)"
"@FirewallAPI.dll,-44251"="This feature allows remote management of Windows by exposing a set of manageable components in a set of classes defined by the Common Information Model (CIM) of the distributed management task force. (Uses DCOM)"
"@FirewallAPI.dll,-34752"="Performance Logs and Alerts"
"@FirewallAPI.dll,-44752"="This feature allows remote management of the Performance Logs and Alerts service. (Uses RPC)"
"@FirewallAPI.dll,-29502"="Remote Service Management"
"@FirewallAPI.dll,-39502"="This feature allows remote management of local services. (Uses Named Pipes and RPC)"
"@FirewallAPI.dll,-33502"="Distributed Transaction Coordinator"
"@FirewallAPI.dll,-43502"="This feature coordinates transactions that update transaction-protected resources, such as databases, message queues and file systems."
"@FirewallAPI.dll,-29002"="iSCSI Service"
"@FirewallAPI.dll,-39002"="This feature is used for connecting to iSCSI target servers and devices."
"@FirewallAPI.dll,-32752"="Network Discovery"
"@FirewallAPI.dll,-42752"="This feature allows this computer to discover other devices and be discovered by other devices on the network. (Uses Function Discovery Host and Publication Services, UPnP, SSDP, NetBIOS and LLMNR)"
"@FirewallAPI.dll,-25000"="Core Networking"
"@FirewallAPI.dll,-35000"="The firewall rules that are part of Core Networking are required for reliable IPv4 and IPv6 connectivity."
"@FirewallAPI.dll,-33002"="Remote Assistance"
"@FirewallAPI.dll,-43002"="This feature allows users of this computer to request remote assistance from other users on the network. (Uses UPnP, SSDP, PNRP and Teredo)"
"@FirewallAPI.dll,-32002"="Windows Peer to Peer Collaboration Foundation"
"@FirewallAPI.dll,-42002"="This feature is required to enable various peer-to-peer programs and technologies. (Uses SSDP and PNRP)"
"@%systemroot%\system32\provsvc.dll,-202"="HomeGroup"
"@FirewallAPI.dll,-31500"="Windows Media Player Network Sharing Service (Internet)"
"@FirewallAPI.dll,-41500"="This feature allows users to share out home media over the Internet"
"@snmptrap.exe,-3"="SNMP Trap"
"@snmptrap.exe,-10003"="This feature allows SNMP Trap service traffic to be received by this computer."
"@netlogon.dll,-1010"="Netlogon Service"
"@netlogon.dll,-11010"="This feature is used to maintain a secure channel between domain clients and a domain controller for authenticating users and services. (Uses RPC)"
"@sstpsvc.dll,-35001"="Secure Socket Tunneling Protocol"
"@sstpsvc.dll,-45001"="This feature is used to allow incoming VPN connections using Secure Socket Tunneling Protocol (SSTP). (Uses HTTPS)"
"@%SystemRoot%\System32\FirewallControlPanel.dll,-1"="Windows Firewall"
"@DiagCpl.dll,-48"="Additional Information"
"@C:\Windows\System32\DiagCpl.dll,-82"="Online Support"
"@C:\Windows\System32\DiagCpl.dll,-83"="For technical assistance, contact Customer Support online."
"@C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe,-101"="FlashBroker"
"@C:\Windows\System32\acppage.dll,-6002"="Windows Batch File"
"@C:\Windows\system32\mycomput.dll,-400"="Mana&ge"
"@C:\Windows\System32\BdeUnlockWizard.exe,-100"="&Unlock Drive..."
"@C:\Windows\system32\notepad.exe,-469"="Text Document"
"@%SystemRoot%\system32\shell32.dll,-50176"="File Operation"
"@%SystemRoot%\system32\aelupsvc.dll,-2"="Processes application compatibility cache requests for applications as they are launched"
"@%SystemRoot%\system32\Alg.exe,-113"="Provides support for 3rd party protocol plug-ins for Internet Connection Sharing"
"@%systemroot%\system32\appidsvc.dll,-101"="Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced."
"@%systemroot%\system32\appinfo.dll,-101"="Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks."
"@%SystemRoot%\System32\audiosrv.dll,-205"="Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start"
"@%SystemRoot%\System32\audiosrv.dll,-201"="Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start"
"@%SystemRoot%\system32\AxInstSV.dll,-104"="Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings."
"@%SystemRoot%\system32\bdesvc.dll,-101"="BDESVC hosts the BitLocker Drive Encryption service. BitLocker Drive Encryption provides secure startup for the operating system, as well as full volume encryption for OS, fixed or removable volumes. This service allows BitLocker to prompt users for various actions related to their volumes when mounted, and unlocks volumes automatically without user interaction. Additionally, it stores recovery information to Active Directory, if available, and, if necessary, ensures the most recent recovery certificates are used. Stopping or disabling the service would prevent users from leveraging this functionality."
"@%SystemRoot%\system32\bfe.dll,-1002"="The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications."
"@%SystemRoot%\system32\qmgr.dll,-1001"="Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information."
"@%systemroot%\system32\browser.dll,-101"="Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\System32\bthserv.dll,-102"="The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated."
"@%SystemRoot%\System32\certprop.dll,-12"="Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver."
"@comres.dll,-948"="Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\cryptsvc.dll,-1002"="Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start."
"@oleres.dll,-5013"="The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running."
"@%SystemRoot%\system32\defragsvc.dll,-102"="Provides Disk Defragmentation Capabilities."
"@%SystemRoot%\system32\dhcpcore.dll,-101"="Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\System32\dnsapi.dll,-102"="The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start."
"@%systemroot%\system32\dot3svc.dll,-1103"="The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service."
"@%systemroot%\system32\dps.dll,-501"="The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function."
"@%systemroot%\system32\eapsvc.dll,-2"="The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication."
"@%SystemRoot%\system32\efssvc.dll,-101"="Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files."
"@%SystemRoot%\ehome\ehrecvr.exe,-102"="Windows Media Center Service for TV and FM broadcast reception"
"@%SystemRoot%\ehome\ehsched.exe,-102"="Starts and stops recording of TV programs within Windows Media Center"
"@%SystemRoot%\system32\wevtsvc.dll,-201"="This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system."
"@comres.dll,-2451"="Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%systemroot%\system32\fxsresm.dll,-122"="Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network."
"@%systemroot%\system32\fdPHost.dll,-101"="The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services – Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources."
"@%systemroot%\system32\fdrespub.dll,-101"="Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network."
"@%systemroot%\system32\FntCache.dll,-101"="Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance."
"@%SystemRoot%\system32\PresentationHost.exe,-3310"="Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications."
"@gpapi.dll,-113"="The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is stopped or disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is stopped or disabled."
"@%SystemRoot%\System32\hidserv.dll,-102"="Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\kmsvc.dll,-7"="Provides X.509 certificate and key management services for the Network Access Protection Agent (NAPAgent). Enforcement technologies that use X.509 certificates may not function properly without this service"
"@%SystemRoot%\System32\ListSvc.dll,-101"="Makes local computer changes associated with configuration and maintenance of the homegroup-joined computer. If this service is stopped or disabled, your computer will not work properly in a homegroup and your homegroup might not work properly. It is recommended that you keep this service running."
"@%SystemRoot%\System32\provsvc.dll,-101"="Performs networking tasks associated with configuration and maintenance of homegroups. If this service is stopped or disabled, your computer will be unable to detect other homegroups and your homegroup might not work properly. It is recommended that you keep this service running."
"@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192"="Securely enables the creation, management, and disclosure of digital identities."
"@%SystemRoot%\system32\ikeext.dll,-502"="The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running."
"@%systemroot%\system32\IPBusEnum.dll,-103"="The PnP-X bus enumerator service manages the virtual network bus. It discovers network connected devices using the SSDP/WS discovery protocols and gives them presence in PnP. If this service is stopped or disabled, presence of NCD devices will not be maintained in PnP. All pnpx based scenarios will stop functioning."
"@%SystemRoot%\system32\iphlpsvc.dll,-501"="Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer."
"@keyiso.dll,-101"="The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements."
"@comres.dll,-2947"="Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start."
"@%systemroot%\system32\srvsvc.dll,-101"="Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%systemroot%\system32\wkssvc.dll,-101"="Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\lltdres.dll,-2"="Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly."
"@%SystemRoot%\system32\lmhsvc.dll,-102"="Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\ehome\ehres.dll,-15502"="Allows Media Center Extenders to locate and connect to the computer."
"@%systemroot%\system32\mmcss.dll,-101"="Enables relative prioritization of work based on system-wide task priorities. This is intended mainly for multimedia applications. If this service is stopped, individual tasks resort to their default priority."
"@%SystemRoot%\system32\FirewallAPI.dll,-23091"="Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network."
"@comres.dll,-2798"="Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\iscsidsc.dll,-5001"="Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\msimsg.dll,-32"="Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start."
"@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-240"="Helps protect users from malware and other potentially unwanted software"
"@%SystemRoot%\system32\qagentrt.dll,-7"="The Network Access Protection (NAP) agent service collects and manages health information for client computers on a network. Information collected by NAP agent is used to make sure that the client computer has the required software and settings. If a client computer is not compliant with health policy, it can be provided with restricted network access until its configuration is updated. Depending on the configuration of health policy, client computers might be automatically updated so that users quickly regain full network access without having to manually update their computer."
"@%SystemRoot%\System32\netlogon.dll,-103"="Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\netman.dll,-110"="Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections."
"@%SystemRoot%\system32\netprofm.dll,-203"="Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change."
"@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8200"="Provides ability to share TCP ports over the net.tcp protocol."
"@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-242"="Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols"
"@%SystemRoot%\System32\nlasvc.dll,-2"="Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\nsisvc.dll,-201"="This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start."
"@%SystemRoot%\system32\pnrpsvc.dll,-8005"="Provides identity services for the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services. If disabled, the Peer Name Resolution Protocol (PNRP) and Peer-to-Peer Grouping services may not function, and some applications, such as HomeGroup and Remote Assistance, may not function correctly."
"@%SystemRoot%\system32\p2psvc.dll,-8007"="Enables multi-party communication using Peer-to-Peer Grouping. If disabled, some applications, such as HomeGroup, may not function."
"@%SystemRoot%\system32\pcasvc.dll,-2"="This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly."
"@%systemroot%\system32\pla.dll,-501"="Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\umpnpmgr.dll,-101"="Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability."
"@%SystemRoot%\system32\pnrpauto.dll,-8003"="This service publishes a machine name using the Peer Name Resolution Protocol. Configuration is managed via the netsh context 'p2p pnrp peer' "
"@%SystemRoot%\system32\pnrpsvc.dll,-8001"="Enables serverless peer name resolution over the Internet using the Peer Name Resolution Protocol (PNRP). If disabled, some peer-to-peer and collaborative applications, such as Remote Assistance, may not function."
"@%SystemRoot%\system32\polstore.dll,-5011"="Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool "netsh ipsec". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Firewall is not available when this service is stopped."
"@%SystemRoot%\system32\umpo.dll,-101"="Manages power policy and power policy notification delivery."
"@%systemroot%\system32\profsvc.dll,-301"="This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully logon or logoff, applications may have problems getting to users' data, and components registered to receive profile event notifications will not receive them."
"@%systemroot%\system32\psbase.dll,-301"="Provides protected storage for sensitive data, such as passwords, to prevent access by unauthorized services, processes, or users."
"@%SystemRoot%\system32\qwave.dll,-2"="Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization."
"@%Systemroot%\system32\rasauto.dll,-201"="Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address."
"@%Systemroot%\system32\rasmans.dll,-201"="Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%Systemroot%\system32\mprdim.dll,-201"="Offers routing services to businesses in local area and wide area network environments."
"@regsvc.dll,-2"="Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%windir%\system32\RpcEpMap.dll,-1002"="Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly."
"@%systemroot%\system32\Locator.exe,-3"="In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility."
"@oleres.dll,-5011"="The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running"
"@%SystemRoot%\system32\samsrv.dll,-2"="The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled."
"@%SystemRoot%\System32\SCardSvr.dll,-5"="Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\schedsvc.dll,-101"="Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\System32\certprop.dll,-14"="Allows the system to be configured to lock the user desktop upon smart card removal."
"@%SystemRoot%\system32\sdrsvc.dll,-102"="Provides Windows Backup and Restore capabilities."
"@%SystemRoot%\system32\seclogon.dll,-7000"="Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\Sens.dll,-201"="Monitors system events and notifies subscribers to COM+ Event System of these events."
"@%SystemRoot%\System32\sensrsvc.dll,-1001"="Monitors ambient light sensors to detect changes in ambient light and adjust the display brightness. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions."
"@%SystemRoot%\System32\SessEnv.dll,-1027"="Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates."
"@%SystemRoot%\system32\ipnathlp.dll,-107"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network."
"@%SystemRoot%\System32\shsvcs.dll,-12289"="Provides notifications for AutoPlay hardware events."
"@%SystemRoot%\system32\snmptrap.exe,-4"="Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%systemroot%\system32\spoolsv.exe,-2"="Loads files to memory for later printing"
"@%SystemRoot%\system32\sppsvc.exe,-100"="Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service."
"@%SystemRoot%\system32\sppuinotify.dll,-102"="Provides Software Licensing activation and notification"
"@%systemroot%\system32\ssdpsrv.dll,-101"="Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\sstpsvc.dll,-201"="Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers."
"@%SystemRoot%\system32\wiaservc.dll,-10"="Provides image acquisition services for scanners and cameras"
"@%SystemRoot%\System32\swprv.dll,-102"="Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\sysmain.dll,-1001"="Maintains and improves system performance over time."
"@%SystemRoot%\system32\TabSvc.dll,-101"="Enables Tablet PC pen and ink functionality"
"@%SystemRoot%\system32\tapisrv.dll,-10101"="Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service."
"@%SystemRoot%\system32\tbssvc.dll,-101"="Enables access to the Trusted Platform Module (TPM), which provides hardware-based cryptographic services to system components and applications. If this service is stopped or disabled, applications will be unable to use keys protected by the TPM."
"@%SystemRoot%\System32\termsrv.dll,-267"="Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item."
"@%SystemRoot%\System32\themeservice.dll,-8193"="Provides user experience theme management."
"@%systemroot%\system32\mmcss.dll,-103"="Provides ordered execution for a group of threads within a specific period of time."
"@%SystemRoot%\system32\trkwks.dll,-2"="Maintains links between NTFS files within a computer or across computers in a network."
"@%SystemRoot%\servicing\TrustedInstaller.exe,-101"="Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer."
"@%SystemRoot%\system32\ui0detect.exe,-102"="Enables user notification of user input for interactive services, which enables access to dialogs created by interactive services when they appear. If this service is stopped, notifications of new interactive service dialogs will no longer function and there might not be access to interactive service dialogs. If this service is disabled, both notifications of and access to new interactive service dialogs will no longer function."
"@%systemroot%\system32\upnphost.dll,-214"="Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\dwm.exe,-2001"="Provides Desktop Window Manager startup and maintenance services"
"@%SystemRoot%\system32\vaultsvc.dll,-1004"="Provides secure storage and retrieval of credentials to users, applications and security service packages."
"@%SystemRoot%\system32\vds.exe,-112"="Provides management services for disks, volumes, file systems, and storage arrays."
"@%systemroot%\system32\vssvc.exe,-101"="Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\w32time.dll,-201"="Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\Wat\WatUX.exe,-602"="Performs Windows 7 Validation."
"@%systemroot%\system32\wbengine.exe,-105"="The WBENGINE service is used by Windows Backup to perform backup and recovery operations. If this service is stopped by a user, it may cause the currently running backup or recovery operation to fail. Disabling this service may disable backup and recovery operations using Windows Backup on this computer."
"@%systemroot%\system32\wbiosrvc.dll,-101"="The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process."
"@%SystemRoot%\system32\wcncsvc.dll,-4"="WCNCSVC hosts the Windows Connect Now Configuration which is Microsoft's Implementation of Wi-Fi Protected Setup (WPS) protocol. This is used to configure Wireless LAN settings for an Access Point (AP) or a Wi-Fi Device. The service is started programmatically as needed."
"@%SystemRoot%\system32\WcsPlugInService.dll,-201"="The WcsPlugInService service hosts third-party Windows Color System color device model and gamut map model plug-in modules. These plug-in modules are vendor-specific extensions to the Windows Color System baseline color device and gamut map models. Stopping or disabling the WcsPlugInService service will disable this extensibility feature, and the Windows Color System will use its baseline model processing rather than the vendor's desired processing. This might result in inaccurate color rendering."
"@%systemroot%\system32\wdi.dll,-503"="The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function."
"@%systemroot%\system32\wdi.dll,-501"="The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function."
"@%systemroot%\system32\webclnt.dll,-101"="Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%SystemRoot%\system32\wecsvc.dll,-201"="This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted."
"@%SystemRoot%\System32\wercplsupport.dll,-100"="This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel."
"@%SystemRoot%\System32\wersvc.dll,-101"="Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed."
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176"="Protection against spyware and potentially unwanted software"
"@%SystemRoot%\system32\winhttp.dll,-101"="WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol."
"@%Systemroot%\system32\wbem\wmisvc.dll,-204"="Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start."
"@%Systemroot%\system32\wsmsvc.dll,-102"="Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix."
"@%SystemRoot%\System32\wlansvc.dll,-258"="The WLANSVC service provides the logic required to configure, discover, connect to, and disconnect from a wireless local area network (WLAN) as defined by IEEE 802.11 standards. It also contains the logic to turn your computer into a software access point so that other devices or computers can connect to your computer wirelessly using a WLAN adapter that can support this. Stopping or disabling the WLANSVC service will make all WLAN adapters on your computer inaccessible from the Windows networking UI. It is strongly recommended that you have the WLANSVC service running if your computer has a WLAN adapter."
"@%Systemroot%\system32\wbem\wmiapsrv.exe,-111"="Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated."
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-102"="Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"
"@%SystemRoot%\system32\wpcsvc.dll,-101"="This service is a stub for Windows Parental Control functionality that existed in Vista. It is provided for backward compatibility only."
"@%SystemRoot%\system32\wpdbusenum.dll,-101"="Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices."
"@%SystemRoot%\System32\wscsvc.dll,-201"="The WSCSVC (Windows Security Center) service monitors and reports security health settings on the computer. The health settings include firewall (on/off), antivirus (on/off/out of date), antispyware (on/off/out of date), Windows Update (automatically/manually download and install updates), User Account Control (on/off), and Internet settings (recommended/not recommended). The service provides COM APIs for independent software vendors to register and record the state of their products to the Security Center service. The Action Center (AC) UI uses the service to provide systray alerts and a graphical view of the security health states in the AC control panel. Network Access Protection (NAP) uses the service to report the security health states of clients to the NAP Network Policy Server to make network quarantine decisions. The service also has a public API that allows external consumers to programmatically retrieve the aggregated security health state of the system."
"@%systemroot%\system32\SearchIndexer.exe,-104"="Provides content indexing, property caching, and search results for files, e-mail, and other content."
"@%SystemRoot%\system32\wudfsvc.dll,-1001"="Manages user-mode driver host processes."
"@%SystemRoot%\System32\wwansvc.dll,-258"="This service manages mobile broadband (GSM & CDMA) data card/embedded module adapters and connections by auto-configuring the networks. It is strongly recommended that this service be kept running for best user experience of mobile broadband devices."
"@C:\Program Files\Microsoft Security Client\EppManifest.dll,-1000"="Microsoft Security Essentials"
"@C:\Windows\system32\zipfldr.dll,-10195"="Compressed (zipped) Folder"
"@%systemroot%\system32\wuaueng.dll,-106"="Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API."
"@%systemroot%\system32\rstrui.exe,-102"="Restore system to a chosen restore point."
"@shell32,-10162"="Screen saver"
"@C:\Windows\System32\msimsg.dll,-34"="Windows Installer Package"
"@C:\Windows\System32\display.dll,-4"="S&creen resolution"
"@C:\Program Files\Windows Sidebar\sidebar.exe,-11100"="&Gadgets"
"@C:\Windows\system32\themecpl.dll,-10"="Pe&rsonalize"
"@%SystemRoot%\system32\powrprof.dll,-14"="Automatically balances performance with energy consumption on capable hardware."
"@%SystemRoot%\system32\powrprof.dll,-11"="Power saver"
"@%SystemRoot%\system32\powrprof.dll,-10"="Saves energy by reducing your computer’s performance where possible."
"@%windir%\system32\wucltux.dll,-2"="Delivers software updates and drivers, and provides automatic updating options."
"@wucltux.dll,-71"="Windows Update"
"@usercpl.dll,-45"="User Accounts"
"@usercpl.dll,-54"="Manage Accounts"
"@%SystemRoot%\System32\usercpl.dll,-71"="User Accounts Control Panel"
"@usercpl.dll,-48"="Create New Account"
"@usercpl.dll,-49"="Change an Account"
"@usercpl.dll,-62"="Create Password"
"@C:\Windows\explorer.exe,-7022"="Windows Security"
"@%systemroot%\ehome\ehres.dll,-116"="Opens your home entertainment option for digital and on-demand media, including TV, movies, music and pictures."
"@%systemroot%\system32\unregmp2.exe,-155"="Play digital media including music, videos, CDs, and DVDs."
"@%systemroot%\system32\recdisc.exe,-2001"="Creates a disc you can use to access system recovery options."


-= EOF =-


----------



## Ried

The good/bad news is that I see all the related Windows Update services being called. This is 'bad' because it means I'm out of ideas and I'd like for you to try a Repair install. 

Problem is, we upgraded to SP1 and your install disk is not. If you try to do a repair or 'in place upgrade' (as it is referred to in Win7), it will give you an error message about newer version installed, than what is on disc.

What we can do is uninstall Service Pack 1 via command prompt. Click Start>Accessories>Command Prompt. Right click the Command Prompt to run as Administrator.

Type in the following and press Enter:

*wusa.exe /uninstall /kb:976932*

(there is a space after wusa.exe and another space after /uninstall

If that completed successfully, then follow these step by step instructions for performing a repair install for Windows 7 Repair Install - Windows 7


----------



## TabbyCat725

_*I'm sorry I didn't get back to you sooner. The past couple days have been busy. I hope you had a lovely Independence Day!

If I run the Repair Install, will that do anything to my files? I'm about to uninstall the service pack. *_


----------



## Ried

Had a great Holiday, thanks. :smile:

The 'in place upgrade' should preserve your files. Read through and follow that link step by step and you'll see.


----------



## TabbyCat725

_*Okay. I'm still waiting for the uninstall to finish. It's going very slow. *_


----------



## TabbyCat725

*Well, it didn't uninstall. It says:* Installer encountered an error: 0x80073712 The component store has been corrupted.


----------



## Ried

Please run dds.scr (the tool you ran when you first started this thread) and post only the Attach.txt for me.


----------



## TabbyCat725

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 12/30/2010 6:47:01 PM
System Uptime: 7/2/2012 8:45:41 PM (67 hours ago)
.
Motherboard: Dell Inc. | | 0G2R51
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | CPU 1 | 909/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 181.564 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl6de5363f
Device ID: ROOT\LEGACY_MPKSL6DE5363F\0000
Manufacturer: 
Name: MpKsl6de5363f
PNP Device ID: ROOT\LEGACY_MPKSL6DE5363F\0000
Service: MpKsl6de5363f
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl9346043a
Device ID: ROOT\LEGACY_MPKSL9346043A\0000
Manufacturer: 
Name: MpKsl9346043a
PNP Device ID: ROOT\LEGACY_MPKSL9346043A\0000
Service: MpKsl9346043a
.
==== System Restore Points ===================
.
RP154: 6/29/2012 8:19:51 PM - Installed Java(TM) 6 Update 33
RP155: 6/29/2012 8:23:44 PM - Restore Operation
RP156: 6/29/2012 8:36:51 PM - Removed Java(TM) 6 Update 33
RP157: 6/29/2012 8:42:58 PM - Installed Java(TM) 7 Update 5
RP158: 6/29/2012 8:44:05 PM - Installed JavaFX 2.1.1
RP159: 6/29/2012 8:59:40 PM - Restore Operation
RP160: 7/2/2012 4:56:19 PM - ComboFix created restore point
RP161: 7/5/2012 2:16:50 PM - Windows Modules Installer
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
AccelerometerP11
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
Bing Bar
Bing Bar Platform
biolsp patch
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
Dell Backup and Recovery Manager
Dell Edoc Viewer
Dell Touchpad
Dell Webcam Central
DW WLAN Card Utility
Embassy Security Center - Dell Vostro Edition
EMBASSY Security Center Lite
EMBASSY Security Setup
ESC Home Page Plugin
ESET Online Scanner v3
Fingerprint Sensor Minimum Install
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Java Auto Updater
Java(TM) 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
NTRU TCG Software Stack
QuickSet32
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Secure Update
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Skype™ 5.5
Start Menu Cleanup
swMSM
Trusted Drive Manager
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
upekmsi
Validity Sensors DDK
Wave Infrastructure Installer
Wave Support Software
WIDCOMM Bluetooth Software
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.1
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/5/2012 1:42:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.768.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust. 
7/5/2012 1:32:23 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
7/4/2012 8:51:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.768.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust. 
7/4/2012 3:00:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.768.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust. 
7/4/2012 1:01:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.768.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust. 
7/3/2012 12:43:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.768.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust. 
7/2/2012 8:56:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.768.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust. 
7/2/2012 8:46:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TFSysMon
7/2/2012 8:45:59 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
7/2/2012 8:40:18 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/2/2012 5:55:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.768.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust. 
7/2/2012 5:45:33 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
7/2/2012 3:14:10 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.768.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust. 
7/2/2012 2:53:05 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.768.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust. 
7/1/2012 3:32:38 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.768.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust. 
7/1/2012 1:56:48 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.768.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust. 
6/30/2012 8:28:31 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/30/2012 8:28:31 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/30/2012 8:28:31 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/30/2012 8:28:31 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/30/2012 8:28:30 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/30/2012 8:28:30 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/30/2012 8:28:30 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/30/2012 8:28:30 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/30/2012 8:28:29 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
6/30/2012 8:17:05 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
6/30/2012 6:00:30 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/30/2012 12:48:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/30/2012 12:48:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/30/2012 12:48:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/30/2012 12:48:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/30/2012 12:48:48 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/30/2012 12:48:48 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/30/2012 12:48:48 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/30/2012 12:48:48 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/30/2012 12:48:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
6/30/2012 1:45:11 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: MariaTabitha\Maria Tabitha Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/30/2012 1:45:10 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: MariaTabitha\Maria Tabitha Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/30/2012 1:45:10 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: MariaTabitha\Maria Tabitha Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/30/2012 1:45:10 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: MariaTabitha\Maria Tabitha Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/30/2012 1:45:10 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: MariaTabitha\Maria Tabitha Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/30/2012 1:45:10 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: MariaTabitha\Maria Tabitha Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/30/2012 1:45:10 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: MariaTabitha\Maria Tabitha Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/30/2012 1:45:10 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: MariaTabitha\Maria Tabitha Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/30/2012 1:45:09 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
6/30/2012 1:38:36 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust. 
6/30/2012 1:29:33 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/29/2012 9:43:34 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147014846
6/29/2012 9:43:25 PM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the HTTP service which failed to start because of the following error: The system cannot find the file specified.
6/29/2012 9:43:25 PM, Error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: The system cannot find the file specified.
6/29/2012 9:42:50 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The system cannot find the file specified.
6/29/2012 9:42:50 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/29/2012 9:42:50 PM, Error: Service Control Manager [7000] - The TCP/IP Protocol Driver service failed to start due to the following error: The system cannot find the file specified.
6/29/2012 9:42:43 PM, Error: Service Control Manager [7023] - The DHCP Client service terminated with the following error: Element not found.
6/29/2012 9:42:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/29/2012 9:42:43 PM, Error: Microsoft-Windows-DHCPv6-Client [1004] - Error occurred in stopping the Dhcpv6 client service. ErrorCode is 0x32.ShutDown Flag value is 0.
6/29/2012 9:42:43 PM, Error: Microsoft-Windows-Dhcp-Client [1004] - Error occurred in stopping the Dhcpv4 Client service. Error code is 0x490. ShutDown Flag value is 0
6/29/2012 9:41:22 PM, Error: Service Control Manager [7034] - The AuthenTec Fingerprint Service service terminated unexpectedly. It has done this 1 time(s).
6/29/2012 9:41:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: NetBT Psched Tcpip TfFsMon TFSysMon Wanarpv6 WfpLwf
6/29/2012 9:41:22 PM, Error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: The system cannot find the device specified.
6/29/2012 9:41:21 PM, Error: RasMan [20063] - Remote Access Connection Manager failed to start because the Protocol engine [vpnike.dll] failed to initialize. The system cannot find the device specified.
6/29/2012 9:41:19 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The request is not supported.
6/29/2012 9:41:19 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2012 9:41:19 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2012 9:41:19 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: The system cannot find the file specified.
6/29/2012 9:41:19 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Base Filtering Engine service which failed to start because of the following error: The system cannot find the file specified.
6/29/2012 9:41:18 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: The system cannot find the file specified.
6/29/2012 9:41:18 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: The system cannot find the file specified.
6/29/2012 9:41:18 PM, Error: Service Control Manager [7001] - The Print Spooler service depends on the HTTP service which failed to start because of the following error: The system cannot find the file specified.
6/29/2012 9:41:18 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2012 9:41:18 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: The system cannot find the file specified.
6/29/2012 9:41:18 PM, Error: Service Control Manager [7001] - The Function Discovery Resource Publication service depends on the HTTP service which failed to start because of the following error: The system cannot find the file specified.
6/29/2012 9:41:18 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: The system cannot find the file specified.
6/29/2012 9:41:16 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2012 9:29:18 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
6/29/2012 8:42:29 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.640.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust. 
6/29/2012 8:22:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.640.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust. 
6/29/2012 10:45:35 PM, Error: Microsoft-Windows-Service Pack Installer [8] - Service Pack installation failed with error code 0x800f0a03.
6/29/2012 10:40:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
6/29/2012 10:40:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/29/2012 10:40:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/29/2012 10:40:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/29/2012 10:40:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/29/2012 10:40:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/29/2012 10:40:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/29/2012 10:40:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/29/2012 10:40:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 
6/29/2012 10:30:03 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
6/29/2012 1:45:54 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.640.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust. 
6/28/2012 12:15:23 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.310.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80096001 Error description: A system-level error occurred while verifying trust. 
.
==== End Of File ===========================


----------



## Ried

Thanks, and sorry for the delay - needed some dinner. :smile:

The fact you have a restore point available prior to the upgrade to SP1 is encouraging.

In an effort to ensure nothing interferes with the restore operation, I'd like for you to invoke the System Restore from outside of Windows being actively loaded. To do this:

Restart the machine and tap F8. 
Same as you did to run FRST, select Repair your computer.
Follow the prompts to select language, keyboard input, and enter password.
In the next menu, use the arrow key to highlight System Restore and click Next.

System Restore will load for you. Select the restore point of *7/2/2012 4:56:19 PM - ComboFix created restore point* and follow the prompts.

Let me know how that worked out for you.


----------



## TabbyCat725

_*It's okay.  I needed to make dinner, run to the library, and now I'm working out while doing this. lol

The System Restore successfully completed. *_


----------



## Ried

Great! Finally, something going right for us. :grin:

Now boot from your Windows 7 install disc and follow the instructions from that link I gave you earlier, for performing an 'in place upgrade'.


----------



## TabbyCat725

_*Well, the happiness was short lived. The upgrade didn't work. It said that the version I have now is more recent than the one I am trying to upgrade to. *_


----------



## Ried

Ugh. We can't go back far enough. My mistake - I thought SP1 was installed a couple days ago - just looked back in this thread and it was installed on 6/28 which means there is no restore point prior to that. 

You do have a hidden Recovery Partition installed on this machine by Dell. That would bring this machine back to factory condition - which means the condition it was in when you first purchased it. You would have to reinstall all your software, etc.

One last shot at trying to get Windows Update to work. Open Notepad and copy/paste the following text inside the quote box, into it:



> net stop wuauserv
> regsvr32 wuapi.dll /s
> regsvr32 wups.dll /s
> regsvr32 wuaueng.dll /s
> regsvr32 wucltui.dll /s
> regsvr32 wuweb.dll /s
> regsvr32 msxml.dll /s
> regsvr32 msxml2.dll /s
> regsvr32 msxml3.dll /s
> regsvr32 urlmon.dll /s
> net start wuauserv
> regsvr32 softpub.dll /s
> regsvr32 initpki.dll /s
> regsvr32 mssip32.dll /s
> regsvr32 wintrust.dll /s
> regsvr32 dssenh.dll /s
> regsvr32 rsaenh.dll /s
> regsvr32 gpkcsp.dll /s
> regsvr32 sccbase.dll /s
> regsvr32 slbcsp.dll /s
> regsvr32 cryptdlg.dll /s
> regsvr32 jscript.dll /s


Save this as *register.bat * Choose to "Save type as - All Files"

It should look like this:









Right click on the register.bat & run as administrator. 

Reboot and try Windows Update again. Any luck?


----------



## TabbyCat725

:frown: 

_*It didn't fix it...*_


----------



## Ried

Then it would seem we've run out of options at this stage. If you no longer have the documentation that came with this machine and don't know how to invoke the Dell Recovery Partition, what make and model is this machine and I'll try to find out.

What happens if you go directly to Microsoft's Update website --> Microsoft Update Will it scan your computer and notify you of any available updates?


----------



## TabbyCat725

*I don't know how to invoke the Dell Recovery Partition. I do have the paperwork, so I can go through it. This is a Dell Vostro. I'm not sure if there is a model number associated with that. I looked all over my laptop and can't find one. 

I took a screenshot so you can see what happens when I click that link. *


----------



## Ried

Thanks. That shows me it is not able to interact with your machine. I really hate to resort to a reinstall, but I've been reading for days on this and I've yet to find anyone who had this resolved without reinstalling or repairing Windows.

One more try if you don't mind. Open SystemLook and copy/paste the following into the open field and click the Look button:



> :reg
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv /s


 It should only take a moment to complete. Post the log when ready.


----------



## TabbyCat725

*I really appreciate you helping me as much as you have. It means a lot! I'd hate to reinstall, as well, but if that's what I have to do, then that's what I have to do. (Although, I really can't do a reinstall until Monday anyway because my work is on here and I don't start a new week of data until Monday. I'd hate to lose all my work from this week.)

Here's the log. I'm hoping for good news! lol *

SystemLook 30.07.11 by jpshortstuff
Log created at 18:51 on 06/07/2012 by Maria Tabitha
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv]
"PreshutdownTimeout"= 0x00036ee800 (57600000)
"DisplayName"="Windows Update"
"ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs"
"Description"="Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API."
"ObjectName"="LocalSystem"
"ErrorControl"= 0x0000000001 (1)
"Start"= 0x0000000002 (2)
"DelayedAutoStart"= 0x0000000001 (1)
"Type"= 0x0000000020 (32)
"DependOnService"="rpcss"
"ServiceSidType"= 0x0000000001 (1)
"RequiredPrivileges"="SeAuditPrivilege SeCreateGlobalPrivilege SeCreatePageFilePrivilege SeTcbPrivilege SeAssignPrimaryTokenPrivilege SeImpersonatePrivilege SeIncreaseQuotaPrivilege"
"FailureActions"=80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 (REG_NONE)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\Parameters]
"ServiceDll"="C:\Windows\system32\wuaueng.dll"
"ServiceMain"="WUServiceMain"
"ServiceDllUnloadOnStop"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\Security]
"Security"=01 00 14 80 78 00 00 00 84 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 00 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 48 00 03 00 00 00 00 00 14 00 9d 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 ff 01 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)


-= EOF =-


----------



## Ried

You're welcome. 

That key is as it should be as well. :sad:

Open Internet Explorer>Tools>Internet Options and click on the *Advanced* Tab.

Look toward the bottom and click the *Reset* button to reset Internet Explorer Settings back to default.

Close Internet Explorer. Try Windows Update again and let me know.

If still no joy, open SystemLook and copy/paste the following:



> :filefind
> muv4muredir.cab


Click the Look button and post the log for me.


----------



## TabbyCat725

_*Resetting Internet Explorer didn't work. I had hope, though. It took a little longer for Windows Update to try to look for an update before it gave the error code.*_

Here is the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 20:29 on 06/07/2012 by Maria Tabitha
Administrator - Elevation successful

========== filefind ==========

Searching for "muv4muredir.cab "
No files found.

-= EOF =-


----------



## Ried

That doesn't make sense.:huh:

It looks like there may be a space after .cab. Would you mind trying that search again?



> :filefind
> muv4muredir.cab


----------



## TabbyCat725

_*Oops! There was a space. My bad!

Here it is:*_

SystemLook 30.07.11 by jpshortstuff
Log created at 21:09 on 06/07/2012 by Maria Tabitha
Administrator - Elevation successful

========== filefind ==========

Searching for "muv4muredir.cab"
No files found.

-= EOF =-


----------



## Ried

If it really is missing, this could be the problem. (from your Windows Update.log)


> 2012-05-25	22:39:40:209	1112	5dc	Misc	*Validating signature* for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\*muv4muredir.cab*:
> 2012-05-25	22:39:40:223	1112	5dc	Misc	*WARNING: Error: 0x80096001 when verifying trust for *C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\*muv4muredir.cab*


Open SystemLook and copy/paste the following:



> :dir /s
> C:\Windows\SoftwareDistribution\WuRedir


Click the Look button and post the log.


----------



## TabbyCat725

_*Here you go:*_

SystemLook 30.07.11 by jpshortstuff
Log created at 21:30 on 06/07/2012 by Maria Tabitha
Administrator - Elevation successful

Invalid Context: dir /s

No Context: C:\Windows\SoftwareDistribution\WuRedir

-= EOF =-


----------



## Ried

Try it again using this:



> :dir
> C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D


----------



## TabbyCat725

_*Uh oh:*_

SystemLook 30.07.11 by jpshortstuff
Log created at 23:08 on 06/07/2012 by Maria Tabitha
Administrator - Elevation successful

========== dir ==========

C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

-= EOF =-


----------



## TabbyCat725

_*On a side note, I just saw something on the news that said on Monday they're expecting computers to be impacted by malware that could have been installed on the computer from up to a year ago, which will knock out the internet connection. Is this something I need to be concerned about since my computer is so damaged? *_


----------



## Ried

No, I do not see the proxy settings they're referring to, on this machine but for your own peace of mind..


> To check whether a computer is infected, users can visit a website run by the group brought in by the FBI: DCWG | DNS Changer Working Group.


Last shot at getting your Windows Update to work. :smile:

Click Start>All Programs>Accessories>Command Prompt. Right click and run it as administrator.

Type in the following and press Enter:

*net stop wuauserv*

Wait for a message confirming it has been stopped.

====================================

Navigate to the C:\Windows\*SoftwareDistribution* folder. Right click that folder and select 'rename'. *Rename it to SoftwareDistributionOld*

Click start>All Programs>Windows Update

Any luck?


----------



## TabbyCat725

_*No luck.  It stopped successfully but I still have the error. *_


----------



## TabbyCat725

_*The good news is, I checked my computer with that link you gave me (Thank you!) and it's clean! Yay for good news!!*_


----------



## Ried

:smile: Good.

Look and see if a new c:\windows\SoftwareDistribution folder was created.

If so, keep drilling down and see if this exists now C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab


----------



## TabbyCat725

_*I do see a new file that was created, but the numbers don't match up. I see: C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77*_


----------



## Ried

That's fine. Does that folder have the muv4muredir.cab in it?


----------



## TabbyCat725

_*No. When I double click it, it says it's empty. *_


----------



## Ried

Run SystemLook and copy/paste the following into the open field:



> :reg
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /s


Click the Look button and post the log.


----------



## TabbyCat725

_*Happy Sunday!! I hope it's a great one for you!

Here you go: *_

SystemLook 30.07.11 by jpshortstuff
Log created at 14:50 on 08/07/2012 by Maria Tabitha
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate]
"SusClientIdValidation"=06 02 28 01 46 0e 20 00 20 00 20 00 20 00 20 00 20 00 53 00 32 00 41 00 4d 00 4a 00 31 00 4d 00 5a 00 41 00 30 00 32 00 37 00 39 00 32 00 06 f0 4d a2 a7 3b dd 2e 00 32 00 35 00 59 00 4e 00 58 00 4d 00 31 00 2e 00 43 00 4e 00 37 00 30 00 31 00 36 00 36 00 30 00 42 00 48 00 30 00 30 00 44 00 48 00 2e 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 32 00 35 00 59 00 4e 00 58 00 4d 00 31 00 (REG_BINARY)
"SusClientId"="f50108f3-3515-407d-a6e7-2cebf6b46298"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"NextSqmReportTime"="2012-07-09 01:36:03"
"FeaturedUpdatesNotificationSeqNum"= 0x00000017fb (6139)
"FeaturedUpdatesNotificationSeqNumGenTime"="2012-02-27 03:24:55"
"ElevateNonAdmins"= 0x0000000001 (1)
"AUOptions"= 0x0000000004 (4)
"ScheduledInstallDay"= 0x0000000000 (0)
"ScheduledInstallTime"= 0x0000000003 (3)
"IncludeRecommendedUpdates"= 0x0000000001 (1)
"ActionCenterLastPossibleRestartNotification"="2011-01-23 10:00:00"
"NextDetectionTime"="2012-07-08 20:30:03"
"NextFeaturedUpdatesNotificationTime"="2010-12-31 21:29:46"
"EnableFeaturedSoftware"= 0x0000000001 (1)
"ScheduledInstallDate"="2012-07-09 09:00:00"
"ActionCenterNotificationCount"= 0x0000000004 (4)
"BalloonTime"="2012-01-07 02:08:37"
"BalloonType"= 0x0000000008 (8)
"LastRestoreId"="{A844CD50-C937-46DA-8AB5-67F61B24E6EA}"
"DownloadExpirationTime"="2012-01-12 22:47:04"
"UnableToDetectTime"="2012-07-08 01:36:16"
"ShowUnableToDetectUI"= 0x0000000001 (1)
"FirstDetectionFailureTime"="2012-07-07 17:58:37"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect]
"LastError"= 0x0080096001 (-2146869247)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\UAS]
"UpdateCount"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting]
"BatchFlushAge"= 0x0000001def (7663)
"SamplingValue2"= 0x0000000009 (9)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\7971f918-a847-4430-9279-4a52d1efe18d]
"CurrentCacheFile"="C:\Windows\SoftwareDistribution\EventCache\{518F60C3-7E49-4D16-A3E2-170C06A6AE4B}.bin"
"FlushCacheFiles"="C:\Windows\SoftwareDistribution\EventCache\{8BC6630D-2F89-42C4-985F-94879C30D43A}.bin C:\Windows\SoftwareDistribution\EventCache\{F3B307DC-322A-4041-98C0-98CEAFD016DF}.bin C:\Windows\SoftwareDistribution\EventCache\{CFDD3812-50D7-47F4-AC8A-E84BB441CC1F}.bin C:\Windows\SoftwareDistribution\EventCache\{4F9AF0AD-3A12-430D-A0D2-3FF9D64EE326}.bin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\9482f4b4-e343-43b6-b170-9a65bc822c77]
"CurrentCacheFile"="C:\Windows\SoftwareDistribution\EventCache\{7A5B49A7-469F-4B87-8A2A-56F7C5BCC091}.bin"
"FlushCacheFiles"="C:\Windows\SoftwareDistribution\EventCache\{148D1EEA-E02E-4BA4-ADE1-8C89EFD0038C}.bin C:\Windows\SoftwareDistribution\EventCache\{D22AE893-F001-413A-B97E-F2172828124F}.bin C:\Windows\SoftwareDistribution\EventCache\{73B2F3AC-9B28-4CE3-ADF6-881A15CD815F}.bin C:\Windows\SoftwareDistribution\EventCache\{D1C355E8-E1CA-4B15-A8C9-B637F87F3BAF}.bin C:\Windows\SoftwareDistribution\EventCache\{AE005895-550F-4666-B7C9-6B04F520353C}.bin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\RebootWatch]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\Pending]
"ValidatedPreWsus3RegistrationRequests"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\Pending\7971f918-a847-4430-9279-4a52d1efe18d]
"ClientApplicationID"="Default Service Recovery"
"RegisterWithAU"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup]
"SelfUpdateStatus"= 0x0000000000 (0)
"SelfupdateUnmanaged"= 0x0000000000 (0)


-= EOF =-


----------



## Ried

Had a very nice day, thanks. :smile:

:grin: You know the drill....Open SystemLook and copy/paste the following:



> :filefind
> authcab.cab


Click the Look button and post the log


----------



## TabbyCat725

_*I don't know why I even bother to close out SystemLook. lol 

Here's the log: *_

SystemLook 30.07.11 by jpshortstuff
Log created at 22:39 on 08/07/2012 by Maria Tabitha
Administrator - Elevation successful

========== filefind ==========

Searching for "authcab.cab"
C:\Windows\SoftwareDistributionOld\AuthCabs\authcab.cab --a---- 6722 bytes [21:02 01/07/2009] [21:29 31/12/2010] 63B542A77D1678E4E5A76C196B693C02

-= EOF =-


----------



## Ried

:smile: You can close it out now. 

I've exhausted what I can do here. When I tested by deleting the SoftwareDistribution folder, Windows Update created a new one, including that muv4muredir.cab that is showing as 'unable to validate' in your Windows Update.log and appears to still be missing.

As I mentioned earlier, the error message you are receiving from Windows Update is not uncommon and if the 2 Microsoft FixIts didn't fix it, then a reinstall of the Operating System is all you can do to set things right.


----------



## TabbyCat725

_*That's bad news. 

How do I go about reinstalling it? *_


----------



## Ried

We spoke briefly about this back around Post 126 :smile:

Dell has a hidden Recovery partition that will bring this machine back to the state it was in when you purchased it. Did you find the documentation/manual for this machine?

If not, see if this method to access the Dell Recovery Partition works for you -->Documentation

If not, I do need to know the model # of this Dell Vostro.


----------



## TabbyCat725

_*Well, today sure was a busy day! I was hoping to get to this earlier. 

I went through the manuals I have for this laptop. I don't have anything that talks about Dell Recovery Partition. The manual was such a basic one that it said I could have a Vostro 3300, 3400, 3500, or 3700. I went to Dell's website, entered in my product key and it told me I have a Vostro 3500. I won't be able to try the above link until tomorrow, but I'll let you know if it works for me. 

I do have a question. I had purchased Microsoft Office for the laptop I had before this one. I used that on my previous laptop, but I also was able to install it on here. If I wipe out my computer, I'll need to reinstall Microsoft Office (which I need for my job). Will I be able to reinstall it again with the same CD even though it's already been installed twice before? *_


----------



## Ried

According to Dell Restoring Your Computer´s Software to the Factory Settings | Dell

Press F8 and one of the choices listed there should be Dell Factory Image Restore. If not, you may have to go into Repair your computer and see if there's something listed in there similar to Dell Factory Image Restore. If not, then contact Dell to find out how to restore the computer to factory.

Regarding MS Office, as long as the activation key is not in use on any other machine, you should be able to activate it after reinstall. If you have a problem with the key, you may need to call Microsoft and explain the situation to them so they can activate the key for you.


----------



## TabbyCat725

_*Great! Thank you for all your help! I appreciate it so much! Here's hoping all things are fixed tomorrow! *_


----------

