Jump to content

davywonder

Members
  • Posts

    17
  • Joined

  • Last visited

Everything posted by davywonder

  1. Actually, I found some info about it in a quick google search. I won't bother you with this anymore, since my system is malware free. Thanks for the help!
  2. Hi Maniac, So it seems like my system is running better, but it's not quite 100% yet. MalwareBytes runs and it hasn't found anything. I ran a full scan last night and it also came up with no results. Something is causing my McAfee to deactivate every time I turn it back on. sfc /verifyonly came up with the same results: it can't repair 'tcpmon.ini'. Here is the log with just the errors (since the whole log makes this post too long): 2012-08-22 15:27:27, Info CSI 00000354 [sR] Beginning Verify and Repair transaction 2012-08-22 15:27:29, Info CSI 00000356 [sR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2012-08-22 15:27:33, Info CSI 00000358 [sR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2012-08-22 15:27:33, Info CSI 00000359 [sR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery" 2012-08-22 15:27:33, Info CSI 0000035c [sR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"tcpmon.ini"; source file in store is also corrupted and again 2012-08-23 09:33:31, Info CSI 0000012e [sR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2012-08-23 09:33:43, Info CSI 00000130 [sR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2012-08-23 09:33:43, Info CSI 00000131 [sR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery" 2012-08-23 09:33:43, Info CSI 00000134 [sR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"tcpmon.ini"; source file in store is also corrupted I really appreciate your help with all of this. If you can help me fix this tcpmon.ini thing that would be great, but I do realize that your main goal was to get MalwareBytes working again. Thank you so much for getting it working. I am very much relieved that there are no malicious intruders on my computer!
  3. Hey! Guess what? MalwareBytes worked this time! It took over an hour for the quick scan, but at least it ran. Here is the log: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.22.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 DTC :: DTC-PC [administrator] 22/08/2012 5:23:41 PM mbam-log-2012-08-22 (17-23-41).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 197743 Time elapsed: 1 hour(s), 14 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  4. Okay, so sfc /scannow would not complete. It would get to 32% and then say it couldn't continue. I ran the sfc /verifyonly scan, and that did run through all the way. Here is the log from cbs.log 2012-08-20 11:26:10, Info CSI 0000000f [sR] Verifying 1 components 2012-08-20 11:26:10, Info CSI 00000010 [sR] Beginning Verify and Repair transaction 2012-08-20 11:32:54, Info CSI 00000014 [sR] Verifying 1 components 2012-08-20 11:32:54, Info CSI 00000015 [sR] Beginning Verify and Repair transaction 2012-08-20 11:38:45, Info CSI 00000019 [sR] Verifying 1 components 2012-08-20 11:38:45, Info CSI 0000001a [sR] Beginning Verify and Repair transaction 2012-08-20 11:46:42, Info CSI 0000001e [sR] Verifying 1 components 2012-08-20 11:46:42, Info CSI 0000001f [sR] Beginning Verify and Repair transaction 2012-08-20 11:52:23, Info CSI 00000023 [sR] Verifying 1 components 2012-08-20 11:52:23, Info CSI 00000024 [sR] Beginning Verify and Repair transaction 2012-08-20 15:18:01, Info CSI 00000009 [sR] Verifying 1 components 2012-08-20 15:18:01, Info CSI 0000000a [sR] Beginning Verify and Repair transaction 2012-08-20 15:28:49, Info CSI 0000000e [sR] Verifying 1 components 2012-08-20 15:28:49, Info CSI 0000000f [sR] Beginning Verify and Repair transaction 2012-08-20 15:33:24, Info CSI 00000013 [sR] Verifying 1 components 2012-08-20 15:33:24, Info CSI 00000014 [sR] Beginning Verify and Repair transaction 2012-08-20 15:38:44, Info CSI 00000018 [sR] Verifying 1 components 2012-08-20 15:38:44, Info CSI 00000019 [sR] Beginning Verify and Repair transaction 2012-08-21 23:03:03, Info CSI 00000009 [sR] Verifying 1 components 2012-08-21 23:03:03, Info CSI 0000000a [sR] Beginning Verify and Repair transaction 2012-08-21 23:11:48, Info CSI 0000000e [sR] Verifying 1 components 2012-08-21 23:11:48, Info CSI 0000000f [sR] Beginning Verify and Repair transaction 2012-08-21 23:15:30, Info CSI 00000013 [sR] Verifying 1 components 2012-08-21 23:15:30, Info CSI 00000014 [sR] Beginning Verify and Repair transaction 2012-08-21 23:24:14, Info CSI 00000018 [sR] Verifying 1 components 2012-08-21 23:24:14, Info CSI 00000019 [sR] Beginning Verify and Repair transaction 2012-08-21 23:31:10, Info CSI 0000001d [sR] Verifying 1 components 2012-08-21 23:31:10, Info CSI 0000001e [sR] Beginning Verify and Repair transaction 2012-08-21 23:37:31, Info CSI 00000022 [sR] Verifying 1 components 2012-08-21 23:37:31, Info CSI 00000023 [sR] Beginning Verify and Repair transaction 2012-08-21 23:41:55, Info CSI 00000027 [sR] Verifying 1 components 2012-08-21 23:41:55, Info CSI 00000028 [sR] Beginning Verify and Repair transaction 2012-08-21 23:55:22, Info CSI 0000002c [sR] Verifying 1 components 2012-08-21 23:55:22, Info CSI 0000002d [sR] Beginning Verify and Repair transaction 2012-08-21 23:59:31, Info CSI 00000031 [sR] Verifying 1 components 2012-08-21 23:59:31, Info CSI 00000032 [sR] Beginning Verify and Repair transaction 2012-08-22 00:36:48, Info CSI 00000009 [sR] Verifying 1 components 2012-08-22 00:36:48, Info CSI 0000000a [sR] Beginning Verify and Repair transaction 2012-08-22 00:44:59, Info CSI 0000000e [sR] Verifying 1 components 2012-08-22 00:44:59, Info CSI 0000000f [sR] Beginning Verify and Repair transaction 2012-08-22 00:48:57, Info CSI 00000013 [sR] Verifying 1 components 2012-08-22 00:48:57, Info CSI 00000014 [sR] Beginning Verify and Repair transaction 2012-08-22 00:53:17, Info CSI 00000018 [sR] Verifying 1 components 2012-08-22 00:53:17, Info CSI 00000019 [sR] Beginning Verify and Repair transaction 2012-08-22 14:52:09, Info CSI 00000009 [sR] Verifying 1 components 2012-08-22 14:52:09, Info CSI 0000000a [sR] Beginning Verify and Repair transaction 2012-08-22 15:00:58, Info CSI 0000000e [sR] Verifying 1 components 2012-08-22 15:00:58, Info CSI 0000000f [sR] Beginning Verify and Repair transaction 2012-08-22 15:05:01, Info CSI 00000013 [sR] Verifying 1 components 2012-08-22 15:05:01, Info CSI 00000014 [sR] Beginning Verify and Repair transaction 2012-08-22 15:11:10, Info CSI 00000009 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:11:10, Info CSI 0000000a [sR] Beginning Verify and Repair transaction 2012-08-22 15:11:14, Info CSI 0000000c [sR] Verify complete 2012-08-22 15:11:14, Info CSI 0000000d [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:11:14, Info CSI 0000000e [sR] Beginning Verify and Repair transaction 2012-08-22 15:11:17, Info CSI 00000010 [sR] Verify complete 2012-08-22 15:11:17, Info CSI 00000011 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:11:17, Info CSI 00000012 [sR] Beginning Verify and Repair transaction 2012-08-22 15:11:21, Info CSI 00000014 [sR] Verify complete 2012-08-22 15:11:21, Info CSI 00000015 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:11:21, Info CSI 00000016 [sR] Beginning Verify and Repair transaction 2012-08-22 15:11:26, Info CSI 00000018 [sR] Verify complete 2012-08-22 15:11:26, Info CSI 00000019 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:11:26, Info CSI 0000001a [sR] Beginning Verify and Repair transaction 2012-08-22 15:11:31, Info CSI 0000001c [sR] Verify complete 2012-08-22 15:11:31, Info CSI 0000001d [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:11:31, Info CSI 0000001e [sR] Beginning Verify and Repair transaction 2012-08-22 15:11:35, Info CSI 00000020 [sR] Verify complete 2012-08-22 15:11:35, Info CSI 00000021 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:11:35, Info CSI 00000022 [sR] Beginning Verify and Repair transaction 2012-08-22 15:11:39, Info CSI 00000024 [sR] Verify complete 2012-08-22 15:11:39, Info CSI 00000025 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:11:39, Info CSI 00000026 [sR] Beginning Verify and Repair transaction 2012-08-22 15:11:45, Info CSI 00000028 [sR] Verify complete 2012-08-22 15:11:45, Info CSI 00000029 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:11:45, Info CSI 0000002a [sR] Beginning Verify and Repair transaction 2012-08-22 15:11:48, Info CSI 0000002c [sR] Verify complete 2012-08-22 15:11:48, Info CSI 0000002d [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:11:48, Info CSI 0000002e [sR] Beginning Verify and Repair transaction 2012-08-22 15:11:52, Info CSI 00000030 [sR] Verify complete 2012-08-22 15:11:52, Info CSI 00000031 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:11:52, Info CSI 00000032 [sR] Beginning Verify and Repair transaction 2012-08-22 15:11:59, Info CSI 00000035 [sR] Verify complete 2012-08-22 15:11:59, Info CSI 00000036 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:11:59, Info CSI 00000037 [sR] Beginning Verify and Repair transaction 2012-08-22 15:12:12, Info CSI 0000003c [sR] Verify complete 2012-08-22 15:12:12, Info CSI 0000003d [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:12:12, Info CSI 0000003e [sR] Beginning Verify and Repair transaction 2012-08-22 15:12:22, Info CSI 00000041 [sR] Verify complete 2012-08-22 15:12:22, Info CSI 00000042 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:12:22, Info CSI 00000043 [sR] Beginning Verify and Repair transaction 2012-08-22 15:12:28, Info CSI 00000045 [sR] Verify complete 2012-08-22 15:12:28, Info CSI 00000046 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:12:28, Info CSI 00000047 [sR] Beginning Verify and Repair transaction 2012-08-22 15:12:36, Info CSI 0000005c [sR] Verify complete 2012-08-22 15:12:36, Info CSI 0000005d [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:12:36, Info CSI 0000005e [sR] Beginning Verify and Repair transaction 2012-08-22 15:12:44, Info CSI 00000070 [sR] Verify complete 2012-08-22 15:12:44, Info CSI 00000071 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:12:44, Info CSI 00000072 [sR] Beginning Verify and Repair transaction 2012-08-22 15:12:51, Info CSI 00000074 [sR] Verify complete 2012-08-22 15:12:52, Info CSI 00000075 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:12:52, Info CSI 00000076 [sR] Beginning Verify and Repair transaction 2012-08-22 15:12:57, Info CSI 00000078 [sR] Verify complete 2012-08-22 15:12:57, Info CSI 00000079 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:12:57, Info CSI 0000007a [sR] Beginning Verify and Repair transaction 2012-08-22 15:13:04, Info CSI 0000007c [sR] Verify complete 2012-08-22 15:13:04, Info CSI 0000007d [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:13:04, Info CSI 0000007e [sR] Beginning Verify and Repair transaction 2012-08-22 15:13:09, Info CSI 00000080 [sR] Verify complete 2012-08-22 15:13:09, Info CSI 00000081 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:13:09, Info CSI 00000082 [sR] Beginning Verify and Repair transaction 2012-08-22 15:13:19, Info CSI 00000086 [sR] Verify complete 2012-08-22 15:13:19, Info CSI 00000087 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:13:19, Info CSI 00000088 [sR] Beginning Verify and Repair transaction 2012-08-22 15:13:29, Info CSI 000000a9 [sR] Verify complete 2012-08-22 15:13:30, Info CSI 000000aa [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:13:30, Info CSI 000000ab [sR] Beginning Verify and Repair transaction 2012-08-22 15:13:40, Info CSI 000000ad [sR] Verify complete 2012-08-22 15:13:40, Info CSI 000000ae [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:13:40, Info CSI 000000af [sR] Beginning Verify and Repair transaction 2012-08-22 15:13:51, Info CSI 000000b3 [sR] Verify complete 2012-08-22 15:13:51, Info CSI 000000b4 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:13:51, Info CSI 000000b5 [sR] Beginning Verify and Repair transaction 2012-08-22 15:13:55, Info CSI 000000b7 [sR] Verify complete 2012-08-22 15:13:55, Info CSI 000000b8 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:13:55, Info CSI 000000b9 [sR] Beginning Verify and Repair transaction 2012-08-22 15:13:57, Info CSI 000000bb [sR] Verify complete 2012-08-22 15:13:57, Info CSI 000000bc [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:13:57, Info CSI 000000bd [sR] Beginning Verify and Repair transaction 2012-08-22 15:14:00, Info CSI 000000bf [sR] Verify complete 2012-08-22 15:14:01, Info CSI 000000c0 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:14:01, Info CSI 000000c1 [sR] Beginning Verify and Repair transaction 2012-08-22 15:14:11, Info CSI 000000d4 [sR] Verify complete 2012-08-22 15:14:11, Info CSI 000000d5 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:14:11, Info CSI 000000d6 [sR] Beginning Verify and Repair transaction 2012-08-22 15:14:15, Info CSI 000000d8 [sR] Verify complete 2012-08-22 15:14:15, Info CSI 000000d9 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:14:15, Info CSI 000000da [sR] Beginning Verify and Repair transaction 2012-08-22 15:14:19, Info CSI 000000dc [sR] Verify complete 2012-08-22 15:14:19, Info CSI 000000dd [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:14:19, Info CSI 000000de [sR] Beginning Verify and Repair transaction 2012-08-22 15:14:23, Info CSI 000000e0 [sR] Verify complete 2012-08-22 15:14:23, Info CSI 000000e1 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:14:23, Info CSI 000000e2 [sR] Beginning Verify and Repair transaction 2012-08-22 15:14:29, Info CSI 000000e5 [sR] Verify complete 2012-08-22 15:14:30, Info CSI 000000e6 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:14:30, Info CSI 000000e7 [sR] Beginning Verify and Repair transaction 2012-08-22 15:14:40, Info CSI 000000e9 [sR] Verify complete 2012-08-22 15:14:40, Info CSI 000000ea [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:14:40, Info CSI 000000eb [sR] Beginning Verify and Repair transaction 2012-08-22 15:14:44, Info CSI 000000ed [sR] Verify complete 2012-08-22 15:14:44, Info CSI 000000ee [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:14:44, Info CSI 000000ef [sR] Beginning Verify and Repair transaction 2012-08-22 15:14:48, Info CSI 000000f1 [sR] Verify complete 2012-08-22 15:14:48, Info CSI 000000f2 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:14:48, Info CSI 000000f3 [sR] Beginning Verify and Repair transaction 2012-08-22 15:14:57, Info CSI 000000f5 [sR] Verify complete 2012-08-22 15:14:57, Info CSI 000000f6 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:14:57, Info CSI 000000f7 [sR] Beginning Verify and Repair transaction 2012-08-22 15:15:05, Info CSI 000000f9 [sR] Verify complete 2012-08-22 15:15:06, Info CSI 000000fa [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:15:06, Info CSI 000000fb [sR] Beginning Verify and Repair transaction 2012-08-22 15:15:19, Info CSI 000000fd [sR] Verify complete 2012-08-22 15:15:20, Info CSI 000000fe [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:15:20, Info CSI 000000ff [sR] Beginning Verify and Repair transaction 2012-08-22 15:15:30, Info CSI 00000117 [sR] Verify complete 2012-08-22 15:15:30, Info CSI 00000118 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:15:30, Info CSI 00000119 [sR] Beginning Verify and Repair transaction 2012-08-22 15:16:54, Info CSI 0000011d [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:16:54, Info CSI 0000011e [sR] Beginning Verify and Repair transaction 2012-08-22 15:16:54, Info CSI 00000120 [sR] Verify complete 2012-08-22 15:16:55, Info CSI 00000121 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:16:55, Info CSI 00000122 [sR] Beginning Verify and Repair transaction 2012-08-22 15:16:55, Info CSI 00000124 [sR] Verify complete 2012-08-22 15:16:55, Info CSI 00000125 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:16:55, Info CSI 00000126 [sR] Beginning Verify and Repair transaction 2012-08-22 15:16:55, Info CSI 00000128 [sR] Verify complete 2012-08-22 15:16:55, Info CSI 00000129 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:16:55, Info CSI 0000012a [sR] Beginning Verify and Repair transaction 2012-08-22 15:16:56, Info CSI 0000012c [sR] Verify complete 2012-08-22 15:16:56, Info CSI 0000012d [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:16:56, Info CSI 0000012e [sR] Beginning Verify and Repair transaction 2012-08-22 15:16:57, Info CSI 00000130 [sR] Verify complete 2012-08-22 15:16:57, Info CSI 00000131 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:16:57, Info CSI 00000132 [sR] Beginning Verify and Repair transaction 2012-08-22 15:16:57, Info CSI 00000134 [sR] Verify complete 2012-08-22 15:16:58, Info CSI 00000135 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:16:58, Info CSI 00000136 [sR] Beginning Verify and Repair transaction 2012-08-22 15:16:58, Info CSI 00000138 [sR] Verify complete 2012-08-22 15:16:58, Info CSI 00000139 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:16:58, Info CSI 0000013a [sR] Beginning Verify and Repair transaction 2012-08-22 15:16:59, Info CSI 0000013c [sR] Verify complete 2012-08-22 15:16:59, Info CSI 0000013d [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:16:59, Info CSI 0000013e [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:00, Info CSI 00000140 [sR] Verify complete 2012-08-22 15:17:00, Info CSI 00000141 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:00, Info CSI 00000142 [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:00, Info CSI 00000144 [sR] Verify complete 2012-08-22 15:17:01, Info CSI 00000145 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:01, Info CSI 00000146 [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:02, Info CSI 00000149 [sR] Verify complete 2012-08-22 15:17:02, Info CSI 0000014a [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:02, Info CSI 0000014b [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:04, Info CSI 00000150 [sR] Verify complete 2012-08-22 15:17:04, Info CSI 00000151 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:04, Info CSI 00000152 [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:06, Info CSI 00000155 [sR] Verify complete 2012-08-22 15:17:06, Info CSI 00000156 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:06, Info CSI 00000157 [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:08, Info CSI 00000159 [sR] Verify complete 2012-08-22 15:17:08, Info CSI 0000015a [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:08, Info CSI 0000015b [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:11, Info CSI 00000170 [sR] Verify complete 2012-08-22 15:17:12, Info CSI 00000171 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:12, Info CSI 00000172 [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:15, Info CSI 00000184 [sR] Verify complete 2012-08-22 15:17:15, Info CSI 00000185 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:15, Info CSI 00000186 [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:18, Info CSI 00000188 [sR] Verify complete 2012-08-22 15:17:18, Info CSI 00000189 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:18, Info CSI 0000018a [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:19, Info CSI 0000018c [sR] Verify complete 2012-08-22 15:17:19, Info CSI 0000018d [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:19, Info CSI 0000018e [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:21, Info CSI 00000190 [sR] Verify complete 2012-08-22 15:17:21, Info CSI 00000191 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:21, Info CSI 00000192 [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:23, Info CSI 00000194 [sR] Verify complete 2012-08-22 15:17:23, Info CSI 00000195 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:23, Info CSI 00000196 [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:27, Info CSI 0000019a [sR] Verify complete 2012-08-22 15:17:27, Info CSI 0000019b [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:27, Info CSI 0000019c [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:30, Info CSI 000001bd [sR] Verify complete 2012-08-22 15:17:30, Info CSI 000001be [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:30, Info CSI 000001bf [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:35, Info CSI 000001c1 [sR] Verify complete 2012-08-22 15:17:36, Info CSI 000001c2 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:36, Info CSI 000001c3 [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:39, Info CSI 000001c7 [sR] Verify complete 2012-08-22 15:17:39, Info CSI 000001c8 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:39, Info CSI 000001c9 [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:40, Info CSI 000001cb [sR] Verify complete 2012-08-22 15:17:41, Info CSI 000001cc [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:41, Info CSI 000001cd [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:41, Info CSI 000001cf [sR] Verify complete 2012-08-22 15:17:41, Info CSI 000001d0 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:41, Info CSI 000001d1 [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:42, Info CSI 000001d3 [sR] Verify complete 2012-08-22 15:17:42, Info CSI 000001d4 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:42, Info CSI 000001d5 [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:48, Info CSI 000001e8 [sR] Verify complete 2012-08-22 15:17:48, Info CSI 000001e9 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:48, Info CSI 000001ea [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:49, Info CSI 000001ec [sR] Verify complete 2012-08-22 15:17:49, Info CSI 000001ed [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:49, Info CSI 000001ee [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:50, Info CSI 000001f0 [sR] Verify complete 2012-08-22 15:17:50, Info CSI 000001f1 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:50, Info CSI 000001f2 [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:51, Info CSI 000001f4 [sR] Verify complete 2012-08-22 15:17:51, Info CSI 000001f5 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:51, Info CSI 000001f6 [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:53, Info CSI 000001f9 [sR] Verify complete 2012-08-22 15:17:53, Info CSI 000001fa [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:53, Info CSI 000001fb [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:58, Info CSI 000001fd [sR] Verify complete 2012-08-22 15:17:58, Info CSI 000001fe [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:58, Info CSI 000001ff [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:58, Info CSI 00000201 [sR] Verify complete 2012-08-22 15:17:58, Info CSI 00000202 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:58, Info CSI 00000203 [sR] Beginning Verify and Repair transaction 2012-08-22 15:17:59, Info CSI 00000205 [sR] Verify complete 2012-08-22 15:17:59, Info CSI 00000206 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:17:59, Info CSI 00000207 [sR] Beginning Verify and Repair transaction 2012-08-22 15:18:01, Info CSI 00000209 [sR] Verify complete 2012-08-22 15:18:01, Info CSI 0000020a [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:18:01, Info CSI 0000020b [sR] Beginning Verify and Repair transaction 2012-08-22 15:18:03, Info CSI 0000020d [sR] Verify complete 2012-08-22 15:18:03, Info CSI 0000020e [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:18:03, Info CSI 0000020f [sR] Beginning Verify and Repair transaction 2012-08-22 15:18:06, Info CSI 00000211 [sR] Verify complete 2012-08-22 15:18:06, Info CSI 00000212 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:18:06, Info CSI 00000213 [sR] Beginning Verify and Repair transaction 2012-08-22 15:18:12, Info CSI 0000022b [sR] Verify complete 2012-08-22 15:18:12, Info CSI 0000022c [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:18:12, Info CSI 0000022d [sR] Beginning Verify and Repair transaction 2012-08-22 15:18:59, Info CSI 00000231 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:18:59, Info CSI 00000232 [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:00, Info CSI 00000234 [sR] Verify complete 2012-08-22 15:19:00, Info CSI 00000235 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:00, Info CSI 00000236 [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:00, Info CSI 00000238 [sR] Verify complete 2012-08-22 15:19:00, Info CSI 00000239 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:00, Info CSI 0000023a [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:00, Info CSI 0000023c [sR] Verify complete 2012-08-22 15:19:01, Info CSI 0000023d [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:01, Info CSI 0000023e [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:01, Info CSI 00000240 [sR] Verify complete 2012-08-22 15:19:02, Info CSI 00000241 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:02, Info CSI 00000242 [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:02, Info CSI 00000244 [sR] Verify complete 2012-08-22 15:19:02, Info CSI 00000245 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:02, Info CSI 00000246 [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:03, Info CSI 00000248 [sR] Verify complete 2012-08-22 15:19:03, Info CSI 00000249 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:03, Info CSI 0000024a [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:03, Info CSI 0000024c [sR] Verify complete 2012-08-22 15:19:03, Info CSI 0000024d [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:03, Info CSI 0000024e [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:04, Info CSI 00000250 [sR] Verify complete 2012-08-22 15:19:04, Info CSI 00000251 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:04, Info CSI 00000252 [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:05, Info CSI 00000254 [sR] Verify complete 2012-08-22 15:19:05, Info CSI 00000255 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:05, Info CSI 00000256 [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:05, Info CSI 00000258 [sR] Verify complete 2012-08-22 15:19:06, Info CSI 00000259 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:06, Info CSI 0000025a [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:07, Info CSI 0000025d [sR] Verify complete 2012-08-22 15:19:07, Info CSI 0000025e [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:07, Info CSI 0000025f [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:09, Info CSI 00000264 [sR] Verify complete 2012-08-22 15:19:10, Info CSI 00000265 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:10, Info CSI 00000266 [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:11, Info CSI 00000269 [sR] Verify complete 2012-08-22 15:19:11, Info CSI 0000026a [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:11, Info CSI 0000026b [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:12, Info CSI 0000026d [sR] Verify complete 2012-08-22 15:19:13, Info CSI 0000026e [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:13, Info CSI 0000026f [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:16, Info CSI 00000284 [sR] Verify complete 2012-08-22 15:19:16, Info CSI 00000285 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:16, Info CSI 00000286 [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:19, Info CSI 00000298 [sR] Verify complete 2012-08-22 15:19:19, Info CSI 00000299 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:19, Info CSI 0000029a [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:22, Info CSI 0000029c [sR] Verify complete 2012-08-22 15:19:22, Info CSI 0000029d [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:22, Info CSI 0000029e [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:23, Info CSI 000002a0 [sR] Verify complete 2012-08-22 15:19:23, Info CSI 000002a1 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:23, Info CSI 000002a2 [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:25, Info CSI 000002a4 [sR] Verify complete 2012-08-22 15:19:25, Info CSI 000002a5 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:25, Info CSI 000002a6 [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:27, Info CSI 000002a8 [sR] Verify complete 2012-08-22 15:19:27, Info CSI 000002a9 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:27, Info CSI 000002aa [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:31, Info CSI 000002ae [sR] Verify complete 2012-08-22 15:19:31, Info CSI 000002af [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:31, Info CSI 000002b0 [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:34, Info CSI 000002d1 [sR] Verify complete 2012-08-22 15:19:34, Info CSI 000002d2 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:34, Info CSI 000002d3 [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:39, Info CSI 000002d5 [sR] Verify complete 2012-08-22 15:19:39, Info CSI 000002d6 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:39, Info CSI 000002d7 [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:43, Info CSI 000002db [sR] Verify complete 2012-08-22 15:19:43, Info CSI 000002dc [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:43, Info CSI 000002dd [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:44, Info CSI 000002df [sR] Verify complete 2012-08-22 15:19:45, Info CSI 000002e0 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:45, Info CSI 000002e1 [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:45, Info CSI 000002e3 [sR] Verify complete 2012-08-22 15:19:45, Info CSI 000002e4 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:45, Info CSI 000002e5 [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:46, Info CSI 000002e7 [sR] Verify complete 2012-08-22 15:19:46, Info CSI 000002e8 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:46, Info CSI 000002e9 [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:52, Info CSI 000002fc [sR] Verify complete 2012-08-22 15:19:52, Info CSI 000002fd [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:52, Info CSI 000002fe [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:53, Info CSI 00000300 [sR] Verify complete 2012-08-22 15:19:53, Info CSI 00000301 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:53, Info CSI 00000302 [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:54, Info CSI 00000304 [sR] Verify complete 2012-08-22 15:19:54, Info CSI 00000305 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:54, Info CSI 00000306 [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:55, Info CSI 00000308 [sR] Verify complete 2012-08-22 15:19:55, Info CSI 00000309 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:55, Info CSI 0000030a [sR] Beginning Verify and Repair transaction 2012-08-22 15:19:57, Info CSI 0000030d [sR] Verify complete 2012-08-22 15:19:57, Info CSI 0000030e [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:19:57, Info CSI 0000030f [sR] Beginning Verify and Repair transaction 2012-08-22 15:20:02, Info CSI 00000311 [sR] Verify complete 2012-08-22 15:20:02, Info CSI 00000312 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:20:02, Info CSI 00000313 [sR] Beginning Verify and Repair transaction 2012-08-22 15:20:02, Info CSI 00000315 [sR] Verify complete 2012-08-22 15:20:03, Info CSI 00000316 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:20:03, Info CSI 00000317 [sR] Beginning Verify and Repair transaction 2012-08-22 15:20:03, Info CSI 00000319 [sR] Verify complete 2012-08-22 15:20:03, Info CSI 0000031a [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:20:03, Info CSI 0000031b [sR] Beginning Verify and Repair transaction 2012-08-22 15:20:05, Info CSI 0000031d [sR] Verify complete 2012-08-22 15:20:05, Info CSI 0000031e [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:20:05, Info CSI 0000031f [sR] Beginning Verify and Repair transaction 2012-08-22 15:20:07, Info CSI 00000321 [sR] Verify complete 2012-08-22 15:20:07, Info CSI 00000322 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:20:07, Info CSI 00000323 [sR] Beginning Verify and Repair transaction 2012-08-22 15:20:10, Info CSI 00000325 [sR] Verify complete 2012-08-22 15:20:10, Info CSI 00000326 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:20:10, Info CSI 00000327 [sR] Beginning Verify and Repair transaction 2012-08-22 15:20:16, Info CSI 0000033f [sR] Verify complete 2012-08-22 15:20:16, Info CSI 00000340 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:20:16, Info CSI 00000341 [sR] Beginning Verify and Repair transaction 2012-08-22 15:20:31, Info CSI 00000345 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:20:31, Info CSI 00000346 [sR] Beginning Verify and Repair transaction 2012-08-22 15:27:03, Info CSI 0000034a [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:27:03, Info CSI 0000034b [sR] Beginning Verify and Repair transaction 2012-08-22 15:27:17, Info CSI 0000034e [sR] Verify complete 2012-08-22 15:27:17, Info CSI 0000034f [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:27:17, Info CSI 00000350 [sR] Beginning Verify and Repair transaction 2012-08-22 15:27:27, Info CSI 00000352 [sR] Verify complete 2012-08-22 15:27:27, Info CSI 00000353 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:27:27, Info CSI 00000354 [sR] Beginning Verify and Repair transaction 2012-08-22 15:27:29, Info CSI 00000356 [sR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2012-08-22 15:27:33, Info CSI 00000358 [sR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2012-08-22 15:27:33, Info CSI 00000359 [sR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery" 2012-08-22 15:27:33, Info CSI 0000035c [sR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"tcpmon.ini"; source file in store is also corrupted 2012-08-22 15:27:33, Info CSI 0000035e [sR] Verify complete 2012-08-22 15:27:33, Info CSI 0000035f [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:27:33, Info CSI 00000360 [sR] Beginning Verify and Repair transaction 2012-08-22 15:27:40, Info CSI 00000362 [sR] Verify complete 2012-08-22 15:27:40, Info CSI 00000363 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:27:40, Info CSI 00000364 [sR] Beginning Verify and Repair transaction 2012-08-22 15:27:46, Info CSI 00000368 [sR] Verify complete 2012-08-22 15:27:47, Info CSI 00000369 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:27:47, Info CSI 0000036a [sR] Beginning Verify and Repair transaction 2012-08-22 15:27:53, Info CSI 0000036c [sR] Verify complete 2012-08-22 15:27:53, Info CSI 0000036d [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:27:53, Info CSI 0000036e [sR] Beginning Verify and Repair transaction 2012-08-22 15:28:08, Info CSI 00000370 [sR] Verify complete 2012-08-22 15:28:08, Info CSI 00000371 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:28:08, Info CSI 00000372 [sR] Beginning Verify and Repair transaction 2012-08-22 15:28:18, Info CSI 00000375 [sR] Verify complete 2012-08-22 15:28:18, Info CSI 00000376 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:28:18, Info CSI 00000377 [sR] Beginning Verify and Repair transaction 2012-08-22 15:28:24, Info CSI 0000037a [sR] Verify complete 2012-08-22 15:28:24, Info CSI 0000037b [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:28:24, Info CSI 0000037c [sR] Beginning Verify and Repair transaction 2012-08-22 15:28:32, Info CSI 0000037e [sR] Verify complete 2012-08-22 15:28:32, Info CSI 0000037f [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:28:32, Info CSI 00000380 [sR] Beginning Verify and Repair transaction 2012-08-22 15:28:40, Info CSI 00000383 [sR] Verify complete 2012-08-22 15:28:41, Info CSI 00000384 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:28:41, Info CSI 00000385 [sR] Beginning Verify and Repair transaction 2012-08-22 15:28:47, Info CSI 00000387 [sR] Verify complete 2012-08-22 15:28:47, Info CSI 00000388 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:28:47, Info CSI 00000389 [sR] Beginning Verify and Repair transaction 2012-08-22 15:28:54, Info CSI 0000038b [sR] Verify complete 2012-08-22 15:28:54, Info CSI 0000038c [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:28:54, Info CSI 0000038d [sR] Beginning Verify and Repair transaction 2012-08-22 15:29:00, Info CSI 00000390 [sR] Verify complete 2012-08-22 15:29:01, Info CSI 00000391 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:29:01, Info CSI 00000392 [sR] Beginning Verify and Repair transaction 2012-08-22 15:29:09, Info CSI 00000394 [sR] Verify complete 2012-08-22 15:29:09, Info CSI 00000395 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:29:09, Info CSI 00000396 [sR] Beginning Verify and Repair transaction 2012-08-22 15:29:15, Info CSI 00000398 [sR] Verify complete 2012-08-22 15:29:15, Info CSI 00000399 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:29:15, Info CSI 0000039a [sR] Beginning Verify and Repair transaction 2012-08-22 15:29:22, Info CSI 0000039d [sR] Verify complete 2012-08-22 15:29:22, Info CSI 0000039e [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:29:22, Info CSI 0000039f [sR] Beginning Verify and Repair transaction 2012-08-22 15:29:29, Info CSI 000003a3 [sR] Verify complete 2012-08-22 15:29:29, Info CSI 000003a4 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:29:29, Info CSI 000003a5 [sR] Beginning Verify and Repair transaction 2012-08-22 15:29:37, Info CSI 000003a7 [sR] Verify complete 2012-08-22 15:29:37, Info CSI 000003a8 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:29:37, Info CSI 000003a9 [sR] Beginning Verify and Repair transaction 2012-08-22 15:29:45, Info CSI 000003ac [sR] Verify complete 2012-08-22 15:29:45, Info CSI 000003ad [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:29:45, Info CSI 000003ae [sR] Beginning Verify and Repair transaction 2012-08-22 15:29:52, Info CSI 000003b0 [sR] Verify complete 2012-08-22 15:29:52, Info CSI 000003b1 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:29:52, Info CSI 000003b2 [sR] Beginning Verify and Repair transaction 2012-08-22 15:29:55, Info CSI 000003b4 [sR] Verify complete 2012-08-22 15:29:55, Info CSI 000003b5 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:29:55, Info CSI 000003b6 [sR] Beginning Verify and Repair transaction 2012-08-22 15:30:00, Info CSI 000003b8 [sR] Verify complete 2012-08-22 15:30:01, Info CSI 000003b9 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:30:01, Info CSI 000003ba [sR] Beginning Verify and Repair transaction 2012-08-22 15:30:06, Info CSI 000003bc [sR] Verify complete 2012-08-22 15:30:06, Info CSI 000003bd [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:30:06, Info CSI 000003be [sR] Beginning Verify and Repair transaction 2012-08-22 15:30:12, Info CSI 000003c0 [sR] Verify complete 2012-08-22 15:30:12, Info CSI 000003c1 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:30:12, Info CSI 000003c2 [sR] Beginning Verify and Repair transaction 2012-08-22 15:32:17, Info CSI 000003c6 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:32:17, Info CSI 000003c7 [sR] Beginning Verify and Repair transaction 2012-08-22 15:32:21, Info CSI 000003c9 [sR] Verify complete 2012-08-22 15:32:21, Info CSI 000003ca [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:32:21, Info CSI 000003cb [sR] Beginning Verify and Repair transaction 2012-08-22 15:32:33, Info CSI 000003cd [sR] Verify complete 2012-08-22 15:32:33, Info CSI 000003ce [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:32:33, Info CSI 000003cf [sR] Beginning Verify and Repair transaction 2012-08-22 15:33:02, Info CSI 000003d1 [sR] Verify complete 2012-08-22 15:33:02, Info CSI 000003d2 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:33:02, Info CSI 000003d3 [sR] Beginning Verify and Repair transaction 2012-08-22 15:33:10, Info CSI 000003d5 [sR] Verify complete 2012-08-22 15:33:10, Info CSI 000003d6 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:33:10, Info CSI 000003d7 [sR] Beginning Verify and Repair transaction 2012-08-22 15:33:18, Info CSI 000003d9 [sR] Verify complete 2012-08-22 15:33:19, Info CSI 000003da [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:33:19, Info CSI 000003db [sR] Beginning Verify and Repair transaction 2012-08-22 15:33:22, Info CSI 000003dd [sR] Verify complete 2012-08-22 15:33:22, Info CSI 000003de [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:33:22, Info CSI 000003df [sR] Beginning Verify and Repair transaction 2012-08-22 15:33:27, Info CSI 000003e1 [sR] Verify complete 2012-08-22 15:33:27, Info CSI 000003e2 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:33:27, Info CSI 000003e3 [sR] Beginning Verify and Repair transaction 2012-08-22 15:33:32, Info CSI 000003e5 [sR] Verify complete 2012-08-22 15:33:32, Info CSI 000003e6 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:33:32, Info CSI 000003e7 [sR] Beginning Verify and Repair transaction 2012-08-22 15:33:41, Info CSI 000003ef [sR] Verify complete 2012-08-22 15:33:41, Info CSI 000003f0 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:33:41, Info CSI 000003f1 [sR] Beginning Verify and Repair transaction 2012-08-22 15:33:46, Info CSI 000003f3 [sR] Verify complete 2012-08-22 15:33:46, Info CSI 000003f4 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:33:46, Info CSI 000003f5 [sR] Beginning Verify and Repair transaction 2012-08-22 15:33:50, Info CSI 000003f7 [sR] Verify complete 2012-08-22 15:33:50, Info CSI 000003f8 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:33:50, Info CSI 000003f9 [sR] Beginning Verify and Repair transaction 2012-08-22 15:37:03, Info CSI 000003fd [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:37:03, Info CSI 000003fe [sR] Beginning Verify and Repair transaction 2012-08-22 15:37:10, Info CSI 00000400 [sR] Verify complete 2012-08-22 15:37:10, Info CSI 00000401 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:37:10, Info CSI 00000402 [sR] Beginning Verify and Repair transaction 2012-08-22 15:37:18, Info CSI 00000405 [sR] Verify complete 2012-08-22 15:37:18, Info CSI 00000406 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:37:18, Info CSI 00000407 [sR] Beginning Verify and Repair transaction 2012-08-22 15:37:22, Info CSI 00000409 [sR] Verify complete 2012-08-22 15:37:22, Info CSI 0000040a [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:37:22, Info CSI 0000040b [sR] Beginning Verify and Repair transaction 2012-08-22 15:37:26, Info CSI 0000040d [sR] Verify complete 2012-08-22 15:37:26, Info CSI 0000040e [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:37:26, Info CSI 0000040f [sR] Beginning Verify and Repair transaction 2012-08-22 15:40:56, Info CSI 00000413 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:40:56, Info CSI 00000414 [sR] Beginning Verify and Repair transaction 2012-08-22 15:41:06, Info CSI 00000417 [sR] Verify complete 2012-08-22 15:41:07, Info CSI 00000418 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:41:07, Info CSI 00000419 [sR] Beginning Verify and Repair transaction 2012-08-22 15:41:14, Info CSI 0000041d [sR] Verify complete 2012-08-22 15:41:14, Info CSI 0000041e [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:41:14, Info CSI 0000041f [sR] Beginning Verify and Repair transaction 2012-08-22 15:41:23, Info CSI 0000042b [sR] Verify complete 2012-08-22 15:41:23, Info CSI 0000042c [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:41:23, Info CSI 0000042d [sR] Beginning Verify and Repair transaction 2012-08-22 15:41:31, Info CSI 00000433 [sR] Verify complete 2012-08-22 15:41:31, Info CSI 00000434 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:41:31, Info CSI 00000435 [sR] Beginning Verify and Repair transaction 2012-08-22 15:41:37, Info CSI 00000437 [sR] Verify complete 2012-08-22 15:41:37, Info CSI 00000438 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:41:37, Info CSI 00000439 [sR] Beginning Verify and Repair transaction 2012-08-22 15:41:42, Info CSI 0000043d [sR] Verify complete 2012-08-22 15:41:42, Info CSI 0000043e [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:41:42, Info CSI 0000043f [sR] Beginning Verify and Repair transaction 2012-08-22 15:41:47, Info CSI 00000441 [sR] Verify complete 2012-08-22 15:41:47, Info CSI 00000442 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:41:47, Info CSI 00000443 [sR] Beginning Verify and Repair transaction 2012-08-22 15:41:54, Info CSI 00000468 [sR] Verify complete 2012-08-22 15:41:54, Info CSI 00000469 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:41:54, Info CSI 0000046a [sR] Beginning Verify and Repair transaction 2012-08-22 15:42:00, Info CSI 0000046c [sR] Verify complete 2012-08-22 15:42:00, Info CSI 0000046d [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:42:00, Info CSI 0000046e [sR] Beginning Verify and Repair transaction 2012-08-22 15:42:06, Info CSI 00000470 [sR] Verify complete 2012-08-22 15:42:06, Info CSI 00000471 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:42:06, Info CSI 00000472 [sR] Beginning Verify and Repair transaction 2012-08-22 15:42:10, Info CSI 00000474 [sR] Verify complete 2012-08-22 15:42:10, Info CSI 00000475 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:42:10, Info CSI 00000476 [sR] Beginning Verify and Repair transaction 2012-08-22 15:42:15, Info CSI 00000484 [sR] Verify complete 2012-08-22 15:42:16, Info CSI 00000485 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:42:16, Info CSI 00000486 [sR] Beginning Verify and Repair transaction 2012-08-22 15:42:23, Info CSI 0000048e [sR] Verify complete 2012-08-22 15:42:23, Info CSI 0000048f [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:42:23, Info CSI 00000490 [sR] Beginning Verify and Repair transaction 2012-08-22 15:42:28, Info CSI 00000498 [sR] Verify complete 2012-08-22 15:42:29, Info CSI 00000499 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:42:29, Info CSI 0000049a [sR] Beginning Verify and Repair transaction 2012-08-22 15:42:32, Info CSI 0000049c [sR] Verify complete 2012-08-22 15:42:32, Info CSI 0000049d [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:42:32, Info CSI 0000049e [sR] Beginning Verify and Repair transaction 2012-08-22 15:42:38, Info CSI 000004a0 [sR] Verify complete 2012-08-22 15:42:38, Info CSI 000004a1 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:42:38, Info CSI 000004a2 [sR] Beginning Verify and Repair transaction 2012-08-22 15:42:41, Info CSI 000004a4 [sR] Verify complete 2012-08-22 15:42:41, Info CSI 000004a5 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:42:41, Info CSI 000004a6 [sR] Beginning Verify and Repair transaction 2012-08-22 15:42:47, Info CSI 000004a8 [sR] Verify complete 2012-08-22 15:42:47, Info CSI 000004a9 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:42:47, Info CSI 000004aa [sR] Beginning Verify and Repair transaction 2012-08-22 15:42:53, Info CSI 000004ac [sR] Verify complete 2012-08-22 15:42:53, Info CSI 000004ad [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:42:53, Info CSI 000004ae [sR] Beginning Verify and Repair transaction 2012-08-22 15:42:58, Info CSI 000004b0 [sR] Verify complete 2012-08-22 15:42:58, Info CSI 000004b1 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:42:58, Info CSI 000004b2 [sR] Beginning Verify and Repair transaction 2012-08-22 15:43:07, Info CSI 000004cc [sR] Verify complete 2012-08-22 15:43:07, Info CSI 000004cd [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:43:07, Info CSI 000004ce [sR] Beginning Verify and Repair transaction 2012-08-22 15:46:56, Info CSI 000004d2 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:46:56, Info CSI 000004d3 [sR] Beginning Verify and Repair transaction 2012-08-22 15:47:01, Info CSI 000004d5 [sR] Verify complete 2012-08-22 15:47:01, Info CSI 000004d6 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:47:01, Info CSI 000004d7 [sR] Beginning Verify and Repair transaction 2012-08-22 15:47:06, Info CSI 000004d9 [sR] Verify complete 2012-08-22 15:47:06, Info CSI 000004da [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:47:06, Info CSI 000004db [sR] Beginning Verify and Repair transaction 2012-08-22 15:47:10, Info CSI 000004df [sR] Verify complete 2012-08-22 15:47:10, Info CSI 000004e0 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:47:10, Info CSI 000004e1 [sR] Beginning Verify and Repair transaction 2012-08-22 15:47:14, Info CSI 000004e3 [sR] Verify complete 2012-08-22 15:47:15, Info CSI 000004e4 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:47:15, Info CSI 000004e5 [sR] Beginning Verify and Repair transaction 2012-08-22 15:47:20, Info CSI 000004e7 [sR] Verify complete 2012-08-22 15:47:20, Info CSI 000004e8 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:47:20, Info CSI 000004e9 [sR] Beginning Verify and Repair transaction 2012-08-22 15:47:25, Info CSI 000004eb [sR] Verify complete 2012-08-22 15:47:25, Info CSI 000004ec [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:47:25, Info CSI 000004ed [sR] Beginning Verify and Repair transaction 2012-08-22 15:47:29, Info CSI 000004f0 [sR] Verify complete 2012-08-22 15:47:30, Info CSI 000004f1 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:47:30, Info CSI 000004f2 [sR] Beginning Verify and Repair transaction 2012-08-22 15:47:34, Info CSI 000004f4 [sR] Verify complete 2012-08-22 15:47:34, Info CSI 000004f5 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:47:34, Info CSI 000004f6 [sR] Beginning Verify and Repair transaction 2012-08-22 15:47:39, Info CSI 000004f8 [sR] Verify complete 2012-08-22 15:47:39, Info CSI 000004f9 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:47:39, Info CSI 000004fa [sR] Beginning Verify and Repair transaction 2012-08-22 15:50:14, Info CSI 000004fe [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:50:14, Info CSI 000004ff [sR] Beginning Verify and Repair transaction 2012-08-22 15:50:19, Info CSI 00000502 [sR] Verify complete 2012-08-22 15:50:19, Info CSI 00000503 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:50:19, Info CSI 00000504 [sR] Beginning Verify and Repair transaction 2012-08-22 15:52:09, Info CSI 00000508 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:52:09, Info CSI 00000509 [sR] Beginning Verify and Repair transaction 2012-08-22 15:52:13, Info CSI 0000050b [sR] Verify complete 2012-08-22 15:52:14, Info CSI 0000050c [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:52:14, Info CSI 0000050d [sR] Beginning Verify and Repair transaction 2012-08-22 15:52:19, Info CSI 0000050f [sR] Verify complete 2012-08-22 15:52:19, Info CSI 00000510 [sR] Verifying 73 (0x0000000000000049) components 2012-08-22 15:52:19, Info CSI 00000511 [sR] Beginning Verify and Repair transaction 2012-08-22 15:52:22, Info CSI 00000513 [sR] Verify complete 2012-08-22 15:57:13, Info CSI 00000514 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:57:13, Info CSI 00000515 [sR] Beginning Verify and Repair transaction 2012-08-22 15:57:15, Info CSI 00000517 [sR] Verify complete 2012-08-22 15:57:16, Info CSI 00000518 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:57:16, Info CSI 00000519 [sR] Beginning Verify and Repair transaction 2012-08-22 15:57:18, Info CSI 0000051b [sR] Verify complete 2012-08-22 15:57:18, Info CSI 0000051c [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:57:18, Info CSI 0000051d [sR] Beginning Verify and Repair transaction 2012-08-22 15:57:21, Info CSI 0000051f [sR] Verify complete 2012-08-22 15:57:21, Info CSI 00000520 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:57:21, Info CSI 00000521 [sR] Beginning Verify and Repair transaction 2012-08-22 15:57:25, Info CSI 00000523 [sR] Verify complete 2012-08-22 15:57:25, Info CSI 00000524 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:57:25, Info CSI 00000525 [sR] Beginning Verify and Repair transaction 2012-08-22 15:57:29, Info CSI 00000527 [sR] Verify complete 2012-08-22 15:57:29, Info CSI 00000528 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:57:29, Info CSI 00000529 [sR] Beginning Verify and Repair transaction 2012-08-22 15:57:32, Info CSI 0000052b [sR] Verify complete 2012-08-22 15:57:33, Info CSI 0000052c [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:57:33, Info CSI 0000052d [sR] Beginning Verify and Repair transaction 2012-08-22 15:57:36, Info CSI 0000052f [sR] Verify complete 2012-08-22 15:57:36, Info CSI 00000530 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:57:36, Info CSI 00000531 [sR] Beginning Verify and Repair transaction 2012-08-22 15:57:40, Info CSI 00000533 [sR] Verify complete 2012-08-22 15:57:40, Info CSI 00000534 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:57:40, Info CSI 00000535 [sR] Beginning Verify and Repair transaction 2012-08-22 15:57:43, Info CSI 00000537 [sR] Verify complete 2012-08-22 15:57:43, Info CSI 00000538 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:57:43, Info CSI 00000539 [sR] Beginning Verify and Repair transaction 2012-08-22 15:57:47, Info CSI 0000053b [sR] Verify complete 2012-08-22 15:57:47, Info CSI 0000053c [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:57:47, Info CSI 0000053d [sR] Beginning Verify and Repair transaction 2012-08-22 15:57:52, Info CSI 00000540 [sR] Verify complete 2012-08-22 15:57:52, Info CSI 00000541 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:57:52, Info CSI 00000542 [sR] Beginning Verify and Repair transaction 2012-08-22 15:57:58, Info CSI 00000547 [sR] Verify complete 2012-08-22 15:57:58, Info CSI 00000548 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:57:58, Info CSI 00000549 [sR] Beginning Verify and Repair transaction 2012-08-22 15:58:02, Info CSI 0000054c [sR] Verify complete 2012-08-22 15:58:02, Info CSI 0000054d [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:58:02, Info CSI 0000054e [sR] Beginning Verify and Repair transaction 2012-08-22 15:58:06, Info CSI 00000550 [sR] Verify complete 2012-08-22 15:58:07, Info CSI 00000551 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:58:07, Info CSI 00000552 [sR] Beginning Verify and Repair transaction 2012-08-22 15:58:13, Info CSI 00000567 [sR] Verify complete 2012-08-22 15:58:13, Info CSI 00000568 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:58:13, Info CSI 00000569 [sR] Beginning Verify and Repair transaction 2012-08-22 15:58:20, Info CSI 0000057b [sR] Verify complete 2012-08-22 15:58:20, Info CSI 0000057c [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:58:20, Info CSI 0000057d [sR] Beginning Verify and Repair transaction 2012-08-22 15:58:25, Info CSI 0000057f [sR] Verify complete 2012-08-22 15:58:26, Info CSI 00000580 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:58:26, Info CSI 00000581 [sR] Beginning Verify and Repair transaction 2012-08-22 15:58:30, Info CSI 00000583 [sR] Verify complete 2012-08-22 15:58:30, Info CSI 00000584 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:58:30, Info CSI 00000585 [sR] Beginning Verify and Repair transaction 2012-08-22 15:58:35, Info CSI 00000587 [sR] Verify complete 2012-08-22 15:58:35, Info CSI 00000588 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:58:35, Info CSI 00000589 [sR] Beginning Verify and Repair transaction 2012-08-22 15:58:39, Info CSI 0000058b [sR] Verify complete 2012-08-22 15:58:39, Info CSI 0000058c [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:58:39, Info CSI 0000058d [sR] Beginning Verify and Repair transaction 2012-08-22 15:58:47, Info CSI 00000591 [sR] Verify complete 2012-08-22 15:58:47, Info CSI 00000592 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:58:47, Info CSI 00000593 [sR] Beginning Verify and Repair transaction 2012-08-22 15:58:56, Info CSI 000005b4 [sR] Verify complete 2012-08-22 15:58:56, Info CSI 000005b5 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:58:56, Info CSI 000005b6 [sR] Beginning Verify and Repair transaction 2012-08-22 15:59:06, Info CSI 000005b8 [sR] Verify complete 2012-08-22 15:59:06, Info CSI 000005b9 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:59:06, Info CSI 000005ba [sR] Beginning Verify and Repair transaction 2012-08-22 15:59:15, Info CSI 000005be [sR] Verify complete 2012-08-22 15:59:15, Info CSI 000005bf [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:59:15, Info CSI 000005c0 [sR] Beginning Verify and Repair transaction 2012-08-22 15:59:18, Info CSI 000005c2 [sR] Verify complete 2012-08-22 15:59:18, Info CSI 000005c3 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:59:18, Info CSI 000005c4 [sR] Beginning Verify and Repair transaction 2012-08-22 15:59:20, Info CSI 000005c6 [sR] Verify complete 2012-08-22 15:59:20, Info CSI 000005c7 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:59:20, Info CSI 000005c8 [sR] Beginning Verify and Repair transaction 2012-08-22 15:59:23, Info CSI 000005ca [sR] Verify complete 2012-08-22 15:59:23, Info CSI 000005cb [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:59:23, Info CSI 000005cc [sR] Beginning Verify and Repair transaction 2012-08-22 15:59:32, Info CSI 000005df [sR] Verify complete 2012-08-22 15:59:32, Info CSI 000005e0 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:59:32, Info CSI 000005e1 [sR] Beginning Verify and Repair transaction 2012-08-22 15:59:35, Info CSI 000005e3 [sR] Verify complete 2012-08-22 15:59:35, Info CSI 000005e4 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:59:35, Info CSI 000005e5 [sR] Beginning Verify and Repair transaction 2012-08-22 15:59:39, Info CSI 000005e7 [sR] Verify complete 2012-08-22 15:59:39, Info CSI 000005e8 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:59:39, Info CSI 000005e9 [sR] Beginning Verify and Repair transaction 2012-08-22 15:59:42, Info CSI 000005eb [sR] Verify complete 2012-08-22 15:59:42, Info CSI 000005ec [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:59:42, Info CSI 000005ed [sR] Beginning Verify and Repair transaction 2012-08-22 15:59:47, Info CSI 000005f0 [sR] Verify complete 2012-08-22 15:59:48, Info CSI 000005f1 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:59:48, Info CSI 000005f2 [sR] Beginning Verify and Repair transaction 2012-08-22 15:59:55, Info CSI 000005f4 [sR] Verify complete 2012-08-22 15:59:56, Info CSI 000005f5 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:59:56, Info CSI 000005f6 [sR] Beginning Verify and Repair transaction 2012-08-22 15:59:58, Info CSI 000005f8 [sR] Verify complete 2012-08-22 15:59:59, Info CSI 000005f9 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 15:59:59, Info CSI 000005fa [sR] Beginning Verify and Repair transaction 2012-08-22 16:00:01, Info CSI 000005fc [sR] Verify complete 2012-08-22 16:00:01, Info CSI 000005fd [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 16:00:01, Info CSI 000005fe [sR] Beginning Verify and Repair transaction 2012-08-22 16:00:09, Info CSI 00000600 [sR] Verify complete 2012-08-22 16:00:09, Info CSI 00000601 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 16:00:09, Info CSI 00000602 [sR] Beginning Verify and Repair transaction 2012-08-22 16:00:15, Info CSI 00000604 [sR] Verify complete 2012-08-22 16:00:15, Info CSI 00000605 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 16:00:15, Info CSI 00000606 [sR] Beginning Verify and Repair transaction 2012-08-22 16:00:22, Info CSI 00000608 [sR] Verify complete 2012-08-22 16:00:22, Info CSI 00000609 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 16:00:22, Info CSI 0000060a [sR] Beginning Verify and Repair transaction 2012-08-22 16:00:31, Info CSI 00000622 [sR] Verify complete 2012-08-22 16:00:32, Info CSI 00000623 [sR] Verifying 100 (0x0000000000000064) components 2012-08-22 16:00:32, Info CSI 00000624 [sR] Beginning Verify and Repair transaction 2012-08-22 16:06:56, Info CSI 00000009 [sR] Verifying 1 components 2012-08-22 16:06:56, Info CSI 0000000a [sR] Beginning Verify and Repair transaction 2012-08-22 16:11:28, Info CSI 0000000e [sR] Verifying 1 components 2012-08-22 16:11:28, Info CSI 0000000f [sR] Beginning Verify and Repair transaction 2012-08-22 16:12:33, Info CSI 00000013 [sR] Verifying 1 components 2012-08-22 16:12:33, Info CSI 00000014 [sR] Beginning Verify and Repair transaction There is only one file I see that needs to be replaced, but I'm not sure how to do that on my own since I cannot locate my original Windows 7 CD. I don't really remember receiving one, and I've moved at least 4 times since I got my laptop, so the Windows CD could be anywhere. Can you help me find another way to fix this file? Thanks so much
  5. Disabling McAfee didn't help. I'm in safe mode right now, and in event viewer there are thousands of errors reported within the past week. Here is one that applies: Windows cannot access the file C:\Windows\SysWOW64\msvbvm60.dll for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Malwarebytes Anti-Malware because of this error. Program: Malwarebytes Anti-Malware File: C:\Windows\SysWOW64\msvbvm60.dll The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 ------ So I am about to run chkdsk when the system restarts, maybe that will help. My computer seems to be getting worse though, it takes a looooong time to do anything because programs constantly freeze for 5-10 minutes at a time, over and over again. Everytime you push a button it takes minutes to register. This is getting very frustrating, and I'm starting to wonder if I'll ever get my PC back. I appreciate your efforts.
  6. Hi there again. Sorry, my mother in law was in town last week so I didn't bother to keep up with this forum. No, there are no error messages that present themselves when I try to run MalwareBytes. The only reason I know the mbam.exe process runs is because I've started monitoring what my computer is doing with Task Manager. There was no error message when I ran sfc either. I hope this helps.
  7. I ran sfc /scannow on my Windows 7 and it opened a small DOS window that closed after a split-second. I ran it twice just to make sure it did something, but it definitely opened, if only briefly. I restarted, uninstalled Malware Bytes, restarted again, installed it and got the same response. mbam.exe *32 runs as a process for a few minutes, then disappears without the program ever opening.
  8. OTL logfile created on: 8/14/2012 9:11:39 AM - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\DTC\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 3.96 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.81% Memory free 7.92 Gb Paging File | 6.40 Gb Available in Paging File | 80.76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283.40 Gb Total Space | 177.93 Gb Free Space | 62.78% Space Free | Partition Type: NTFS Computer Name: DTC-PC | User Name: DTC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/14 09:00:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\DTC\Desktop\OTL.exe PRC - [2012/06/13 21:08:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\DTC\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/06/24 17:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2009/06/09 11:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009/02/23 12:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\DTC\AppData\Roaming\Google\Google Talk\googletalk.exe ========== Modules (No Company Name) ========== MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/04/19 08:22:48 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV:64bit: - [2009/07/16 20:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/06/28 23:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV) SRV:64bit: - [2009/06/09 11:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2012/08/06 01:06:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/19 09:19:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/03/10 16:38:05 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2010/02/27 04:23:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010/02/27 04:22:57 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service) SRV - [2010/02/27 04:07:52 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009/06/28 23:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SRV - [2009/02/23 12:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk) DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011/08/01 15:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2011/06/15 09:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/07/30 16:38:56 | 000,028,744 | ---- | M] (Vidyo, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vdmpvm.sys -- (vdmp_vm) DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/07/16 20:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2009/07/16 20:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/28 23:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/02 22:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/05/08 03:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/02/05 06:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {73F80270-5CCB-40CE-BBFF-2426D947B544} IE:64bit: - HKLM\..\SearchScopes\{73F80270-5CCB-40CE-BBFF-2426D947B544}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {50F13F54-A1DE-4AB6-8696-627BAEA85B5C} IE - HKLM\..\SearchScopes\{50F13F54-A1DE-4AB6-8696-627BAEA85B5C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\..\SearchScopes,DefaultScope = {805A205A-B33F-41D8-84CC-5EF924D2AFA5} IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searc}'>http://www.google.com/search?q={searc} IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\..\SearchScopes\{805A205A-B33F-41D8-84CC-5EF924D2AFA5}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8'>http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\..\SearchScopes\{8D2399EF-F733-4584-A823-8A7764C0AA91}: "URL" = http://ca.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Secure Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.lds.org" FF - prefs.js..extensions.enabledItems: en-CA@dictionaries.addons.mozilla.org:2.0.0 FF - prefs.js..extensions.enabledItems: fr-classique-reforme1990@dictionaries.addons.mozilla.org:4.0.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}:5.0.15 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: foxfilter@inspiredeffect.net:7.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "http://ca.search.yahoo.com/search?fr=mcafee&p=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files (x86)\Musicnotes\npsibelius.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DTC\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DTC\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/07 23:37:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/07/18 09:55:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/24 10:55:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 09:19:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/19 17:18:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/07 23:37:50 | 000,000,000 | ---D | M] [2010/03/13 00:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DTC\AppData\Roaming\Mozilla\Extensions [2012/08/03 09:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DTC\AppData\Roaming\Mozilla\Firefox\Profiles\s5snzdbr.default\extensions [2012/08/03 09:27:02 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:\Users\DTC\AppData\Roaming\Mozilla\Firefox\Profiles\s5snzdbr.default\extensions\en-CA@dictionaries.addons.mozilla.org [2011/10/10 23:22:21 | 000,000,000 | ---D | M] (Dictionnaire français «Classique &amp; Réforme 1990») -- C:\Users\DTC\AppData\Roaming\Mozilla\Firefox\Profiles\s5snzdbr.default\extensions\fr-classique-reforme1990@dictionaries.addons.mozilla.org [2010/12/16 17:12:51 | 000,012,703 | ---- | M] () -- C:\Users\DTC\AppData\Roaming\Mozilla\Firefox\Profiles\s5snzdbr.default\searchplugins\imdb.xml [2010/12/16 17:59:15 | 000,002,057 | ---- | M] () -- C:\Users\DTC\AppData\Roaming\Mozilla\Firefox\Profiles\s5snzdbr.default\searchplugins\youtube-video-search.xml [2012/07/01 10:19:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/05/30 07:55:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/07/01 10:19:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012/07/18 09:55:15 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR [2012/08/03 09:27:02 | 000,282,478 | ---- | M] () (No name found) -- C:\USERS\DTC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5SNZDBR.DEFAULT\EXTENSIONS\AZHANG@CLOUDACL.COM.XPI [2012/05/05 18:50:01 | 000,036,918 | ---- | M] () (No name found) -- C:\USERS\DTC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5SNZDBR.DEFAULT\EXTENSIONS\MOVIERATING@RONAKPATEL.NET.XPI [2012/07/19 09:19:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll [2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2011/10/03 12:45:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010/12/23 10:10:20 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2011/11/08 19:13:43 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\DTC\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DTC\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DTC\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Musicnotes (Enabled) = C:\Program Files (x86)\Musicnotes\npmusicn.dll CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files (x86)\Musicnotes\npsibelius.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Google Update (Enabled) = C:\Users\DTC\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: YouTube = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: MetaSurf = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpfbddcgbimoafpgmbbjiliegkfcjkmn\0.5.8_0\ CHR - Extension: SiteAdvisor = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0\ CHR - Extension: Skype Click to Call = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\ CHR - Extension: Gmail = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/08/05 10:44:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120623154549.dll (McAfee, Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll () O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120623154549.dll (McAfee, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKU\S-1-5-21-2343204259-1990992844-924113905-1000..\Run: [googletalk] C:\Users\DTC\AppData\Roaming\Google\Google Talk\googletalk.exe (Google) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\DTC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\DTC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{691E400C-9E56-4E19-B1E7-DEDF2AC8D073}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\cozi - No CLSID value found O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/14 09:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012/08/14 09:00:31 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\DTC\Desktop\OTL.exe [2012/08/09 08:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/08/09 08:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/08/09 08:07:21 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/08/09 08:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/08/06 10:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/08/05 23:48:11 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\DTC\Desktop\mbam-setup-1.62.0.1300.exe [2012/08/05 11:14:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/08/05 11:02:55 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/08/04 22:02:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/08/04 22:02:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/08/04 22:02:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/08/04 22:02:26 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/08/04 22:02:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/08/04 22:02:00 | 004,725,168 | R--- | C] (Swearware) -- C:\Users\DTC\Desktop\ComboFix.exe [2012/08/03 08:33:02 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\DTC\Desktop\aswMBR.exe [2012/08/02 16:41:42 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\DTC\Desktop\dds.com [2012/07/25 21:31:59 | 000,000,000 | ---D | C] -- C:\Users\DTC\AppData\Roaming\McAfee ========== Files - Modified Within 30 Days ========== [2012/08/14 09:42:49 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2343204259-1990992844-924113905-1000UA.job [2012/08/14 09:15:37 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/14 09:15:37 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/14 09:07:36 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/14 09:00:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\DTC\Desktop\OTL.exe [2012/08/14 08:58:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/14 08:58:27 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys [2012/08/11 21:34:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2343204259-1990992844-924113905-1000Core.job [2012/08/09 08:07:23 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/08/08 10:58:30 | 405,195,659 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/08/08 10:18:18 | 000,000,055 | ---- | M] () -- C:\Users\DTC\AppData\Roaming\mbam.context.scan [2012/08/06 10:33:16 | 000,000,134 | ---- | M] () -- C:\Users\DTC\Desktop\Internet Explorer Troubleshooting.url [2012/08/05 10:44:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/08/04 21:55:20 | 004,725,168 | R--- | M] (Swearware) -- C:\Users\DTC\Desktop\ComboFix.exe [2012/08/03 08:29:46 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\DTC\Desktop\aswMBR.exe [2012/08/02 16:31:50 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\DTC\Desktop\dds.com [2012/07/26 11:25:48 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\DTC\Desktop\mbam-setup-1.62.0.1300.exe [2012/07/25 21:35:07 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\vtscheduletask.job [2012/07/25 21:31:59 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk [2012/07/19 09:19:35 | 000,002,046 | -H-- | M] () -- C:\Users\DTC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk ========== Files Created - No Company Name ========== [2012/08/09 08:07:23 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/08/06 00:51:16 | 000,000,134 | ---- | C] () -- C:\Users\DTC\Desktop\Internet Explorer Troubleshooting.url [2012/08/04 22:02:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/08/04 22:02:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/08/04 22:02:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/08/04 22:02:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/08/04 22:02:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/08/04 12:05:02 | 405,195,659 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/07/28 00:18:16 | 000,000,055 | ---- | C] () -- C:\Users\DTC\AppData\Roaming\mbam.context.scan [2012/07/25 21:31:59 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk [2012/07/25 21:31:58 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\vtscheduletask.job [2012/07/25 21:31:11 | 000,002,124 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Virtual Technician.lnk [2011/05/07 23:32:22 | 000,171,985 | ---- | C] () -- C:\Windows\hpoins37.dat [2010/06/25 21:32:39 | 000,003,584 | ---- | C] () -- C:\Users\DTC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/03/13 01:20:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2012/08/14 08:59:24 | 000,000,000 | ---D | M] -- C:\Users\DTC\AppData\Roaming\Dropbox [2010/03/13 22:52:54 | 000,000,000 | ---D | M] -- C:\Users\DTC\AppData\Roaming\iWin [2011/03/13 19:08:16 | 000,000,000 | ---D | M] -- C:\Users\DTC\AppData\Roaming\PCDr [2010/03/10 15:32:00 | 000,000,000 | ---D | M] -- C:\Users\DTC\AppData\Roaming\PlayFirst [2012/04/24 14:59:26 | 000,000,000 | ---D | M] -- C:\Users\DTC\AppData\Roaming\SSH [2012/03/04 11:39:02 | 000,000,000 | ---D | M] -- C:\Users\DTC\AppData\Roaming\Vidyo [2010/04/20 11:41:45 | 000,000,000 | ---D | M] -- C:\Users\DTC\AppData\Roaming\Worksimaging [2012/07/10 07:03:23 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/07/25 21:35:07 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\vtscheduletask.job ========== Purity Check ========== < End of report > OTL Extras logfile created on: 8/14/2012 9:11:39 AM - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\DTC\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 3.96 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.81% Memory free 7.92 Gb Paging File | 6.40 Gb Available in Paging File | 80.76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283.40 Gb Total Space | 177.93 Gb Free Space | 62.78% Space Free | Partition Type: NTFS Computer Name: DTC-PC | User Name: DTC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2343204259-1990992844-924113905-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{028B1558-C69B-4053-88E5-DE60C18489EB}" = rport=139 | protocol=6 | dir=out | app=system | "{08C0348D-E6D6-43B7-8C78-03499FDF3018}" = lport=138 | protocol=17 | dir=in | app=system | "{18ED430D-171B-4401-A13F-1D780E95DFFE}" = rport=138 | protocol=17 | dir=out | app=system | "{3EAB9D70-523B-460F-81A3-D56DF48BD6E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4A9034D6-8C32-478C-B202-B4E6F4F52DAD}" = lport=445 | protocol=6 | dir=in | app=system | "{4F347F90-7380-4F7C-827F-8F788C3B4322}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{721F379D-7BF3-47E9-96BE-7B0EE0E62D38}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{750E12E4-5E15-492B-9421-9F515D952455}" = lport=139 | protocol=6 | dir=in | app=system | "{904B024D-0381-44F4-BB03-2A8F0A081D8C}" = lport=137 | protocol=17 | dir=in | app=system | "{905DA224-D826-4D2F-AD1C-78CBBFB2F0F4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{965C7D58-A6EA-4F9B-9295-4E423E747A98}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AC54377C-96EE-43BB-A1E5-D94D3CA6729D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B4494734-D26C-41B5-A8AB-73559F5BAB46}" = rport=10243 | protocol=6 | dir=out | app=system | "{B73DD011-4CA4-4D35-BD49-ED40D58AA8FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CABEB738-1C45-4F1E-8870-A64FEDBED3E3}" = lport=2869 | protocol=6 | dir=in | app=system | "{CD057E92-A0A8-4CB2-B950-E93380642239}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D2BCAAD9-DDA6-4AFF-9110-647437BC479B}" = lport=10243 | protocol=6 | dir=in | app=system | "{D40F0462-0DE7-40B7-9FF9-95CB8383A0B0}" = rport=445 | protocol=6 | dir=out | app=system | "{D6F3BD1F-407C-443D-B6AE-F903F8F9CA18}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EF80F5B1-89D6-4B74-9764-4D2BBB87C1DB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F41BBAA0-E96C-4F91-B426-D720E6687634}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06BE04D4-1082-4326-B77F-A855A3156B02}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2556AE2D-EB26-4589-93EC-2525A4333BC8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{261068F6-53D8-45D1-A1E8-569C3957B85D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2BD8E8DF-D01A-4979-899C-9BE7DE48F5F8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{355C1828-E920-4822-8B31-499C19136970}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | "{42512C7C-1428-462A-A57D-94BB759795BC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe | "{44CB450B-E1DF-45E8-BB32-C7753B722AFE}" = protocol=17 | dir=in | app=c:\users\dtc\appdata\roaming\dropbox\bin\dropbox.exe | "{45F9FEAC-4024-45B9-B0D0-D8F52F74E19C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{48E77EC1-219F-4ACD-B2CA-017A5C99DE65}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{4997FA90-4CE8-4602-A3F1-0530B8B9CCAD}" = protocol=6 | dir=out | app=system | "{4BDE97F3-38E1-44D3-945F-DA614E1CEBFF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{4C79C297-D994-4C51-B2FA-BA5115A1E4A3}" = protocol=6 | dir=in | app=c:\users\dtc\appdata\roaming\dropbox\bin\dropbox.exe | "{5B1BE4CC-63D0-4D78-90F0-4139F78EA624}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5F189FE9-8331-414E-B8BC-1F5DCF3E2A97}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{6686C6B8-8DA0-4E9F-8A5E-BE78F2AC4A0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{69113634-7214-441E-904F-A05802A09B83}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{74FDCC89-05D3-47A7-BCDE-D0E75F4F3AFE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{83142290-8BC6-49A0-A27E-D100D51ADBCB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{95DC3FD9-612F-4163-A136-671952D2E7E6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{9E45C867-8493-4ADB-A0EA-77F028A295D7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{A8C437DC-C9DF-4EE8-9AAB-6A9299905AEF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{A95FEFFE-A089-4EE4-B31C-BB837202DC02}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{ABCE95B6-C4BA-4693-B824-434EE1C2DB5F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{AC470F5F-A11F-4440-A4EE-1C270819D739}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{AFB13461-94AC-4BDA-8A05-7E5997F55FC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B0E47C7D-EB56-4036-AB4E-81B9FEFEBB40}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{B1CDA942-2806-41F3-A262-E95311532F39}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe | "{B44B495C-17C2-4373-A026-906418511AA1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B7833016-8D82-444B-8580-30AD0AB297AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B96612DA-E5F0-4A69-99A4-08ABE3EA20BA}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{B9E3CA6D-50AF-4B72-B1B3-C2A3403FC6DF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | "{BA3E3DFF-3FE0-43C3-AD38-9B7033F7A65A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BCCE2459-443E-4E5D-B07D-ECDA9244B6D9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{BFCBF412-633D-4F59-9E80-476D1A0B659D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{BFCCED1B-1692-4FF1-92B1-181331762ADF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D504CA47-D27C-4386-869C-07790A4D928D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D5AF30C7-179B-4940-8733-5B86E1956268}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E034A40B-1B5E-485B-AD80-C9A530E0770A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{E424020B-4FD8-4036-9385-A13ADDB0FE40}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{E54D5F96-D8C4-48EE-B093-7E212D3A9B50}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{E9F384FF-03DF-48F8-814A-0AF9CAC8FA1C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EA742E88-27DA-473A-B9B5-D2041FCBA0D2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{F0F460FE-E68B-4ECA-B2E8-163409F61274}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F3A7F2B9-DC71-4E72-825B-09897B1D219A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{F5FFBB5C-2BCF-43E1-892C-1E7A699C6807}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{F696CBCF-E0B7-4C5A-AC58-B37CDA2381F6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{F9397C98-A7D7-4587-9EC4-6D49FCE7CBFC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FA95DEBA-8785-4D7D-BD0B-6BFDCC2C7ACB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{FE3AE35F-407B-4FFE-933A-FB75ECDF2A59}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FF8FBE79-AB34-46ED-830A-E0BA9FA0447D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java 6 Update 17 (64-bit) "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A800FCC9-8E1E-4D84-9CED-47870701FDE1}" = HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5 "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP) "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility "HDMI" = Intel® Graphics Media Accelerator Driver "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "Shop for HP Supplies" = Shop for HP Supplies [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{08067AFD-4ECE-4454-80B4-31C859D4EDC1}" = F4400 "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 33 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status "{3248F0A8-6813-11D6-A77B-00B0D0150150}" = J2SE Runtime Environment 5.0 Update 15 "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell "{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{839011A6-DF28-4E21-00AE-83482775212B}" = NBA LIVE 07 "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8BCC69EA-B1A4-4845-B95E-CFF335A9F548}" = JMP 8 "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1F7C120-80F4-48B1-00B8-4E278AED8779}" = NHL07 "{A835C187-691C-4827-BCEA-1611179C96B9}" = DJ_AIO_05_F4400_Software_Min "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{B489944B-AB25-43B2-BC5C-B32687FE88DE}" = Vidyo Desktop Media Player "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "0591-8077-9297-0833" = FamilySearch Indexing 3.13.1 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced Audio FX Engine" = Advanced Audio FX Engine "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "Dell Webcam Central" = Dell Webcam Central "ESET Online Scanner" = ESET Online Scanner v3 "GoToAssist" = GoToAssist 8.0.0.514 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Photo Creations" = HP Photo Creations "LastFM_is1" = Last.fm 1.5.4.27091 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "McAfee Security Scan" = McAfee Security Scan Plus "McAfee Virtual Technician" = McAfee Virtual Technician "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSC" = McAfee SecurityCenter "Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.5 "Picasa 3" = Picasa 3 "RealPlayer 15.0" = RealPlayer "ST6UNST #1" = Resampling "Vidyo Desktop" = Vidyo Desktop 2.1 "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2343204259-1990992844-924113905-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "Dropbox" = Dropbox "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 8/14/2012 10:25:54 AM | Computer Name = DTC-PC | Source = Application Error | ID = 1005 Description = Windows cannot access the file C:\Windows\System32\NlsData0018.dll for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Microsoft Windows Search Indexer because of this error. Program: Microsoft Windows Search Indexer File: C:\Windows\System32\NlsData0018.dll The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 Error - 8/14/2012 10:27:53 AM | Computer Name = DTC-PC | Source = McLogEvent | ID = 5051 Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated. Thread id : 4268 (0x10ac) Thread address : 0x000000007776138A Thread message : Build VSCORE.14.4.0.387 / 5400.1158 Object being scanned = \Device\HarddiskVolume3\Windows\System32\NlsData0018.dll by C:\Windows\system32\WerFault.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error - 8/14/2012 10:33:17 AM | Computer Name = DTC-PC | Source = Application Error | ID = 1000 Description = Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0d019 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e21213c Exception code: 0xc0000006 Fault offset: 0x000000000000cacd Faulting process id: 0x14b0 Faulting application start time: 0x01cd7a2928fb34e2 Faulting application path: C:\Windows\system32\SearchIndexer.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: fc623feb-e61c-11e1-8e79-a4badba72b83 Error - 8/14/2012 10:33:17 AM | Computer Name = DTC-PC | Source = Application Error | ID = 1005 Description = Windows cannot access the file C:\Windows\System32\NlsData0018.dll for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Microsoft Windows Search Indexer because of this error. Program: Microsoft Windows Search Indexer File: C:\Windows\System32\NlsData0018.dll The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 Error - 8/14/2012 10:34:59 AM | Computer Name = DTC-PC | Source = McLogEvent | ID = 5051 Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated. Thread id : 5260 (0x148c) Thread address : 0x000000007776138A Thread message : Build VSCORE.14.4.0.387 / 5400.1158 Object being scanned = \Device\HarddiskVolume3\Windows\System32\NlsData0018.dll by C:\Windows\system32\WerFault.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error - 8/14/2012 10:41:15 AM | Computer Name = DTC-PC | Source = Application Error | ID = 1000 Description = Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0d019 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e21213c Exception code: 0xc0000006 Fault offset: 0x000000000000cacd Faulting process id: 0xd98 Faulting application start time: 0x01cd7a2a43de8286 Faulting application path: C:\Windows\system32\SearchIndexer.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: 19322285-e61e-11e1-8e79-a4badba72b83 Error - 8/14/2012 10:41:15 AM | Computer Name = DTC-PC | Source = Application Error | ID = 1005 Description = Windows cannot access the file C:\Windows\System32\NlsData0018.dll for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Microsoft Windows Search Indexer because of this error. Program: Microsoft Windows Search Indexer File: C:\Windows\System32\NlsData0018.dll The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 Error - 8/14/2012 10:42:47 AM | Computer Name = DTC-PC | Source = McLogEvent | ID = 5051 Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated. Thread id : 996 (0x3e4) Thread address : 0x000000007776138A Thread message : Build VSCORE.14.4.0.387 / 5400.1158 Object being scanned = \Device\HarddiskVolume3\Windows\System32\NlsData0018.dll by C:\Windows\system32\WerFault.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error - 8/14/2012 10:46:47 AM | Computer Name = DTC-PC | Source = Application Error | ID = 1000 Description = Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0d019 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e21213c Exception code: 0xc0000006 Fault offset: 0x000000000000cacd Faulting process id: 0xf88 Faulting application start time: 0x01cd7a2b13258ade Faulting application path: C:\Windows\system32\SearchIndexer.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: df1a593d-e61e-11e1-8e79-a4badba72b83 Error - 8/14/2012 10:46:47 AM | Computer Name = DTC-PC | Source = Application Error | ID = 1005 Description = Windows cannot access the file C:\Windows\System32\NlsData0018.dll for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Microsoft Windows Search Indexer because of this error. Program: Microsoft Windows Search Indexer File: C:\Windows\System32\NlsData0018.dll The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 [ Broadcom Wireless LAN Events ] Error - 7/23/2012 9:10:42 AM | Computer Name = DTC-PC | Source = WLAN-Tray | ID = 0 Description = 08:10:42, Mon, Jul 23, 12 Error - Unable to gain access to user store Error - 7/25/2012 11:05:04 PM | Computer Name = DTC-PC | Source = WLAN-Tray | ID = 0 Description = 22:05:04, Wed, Jul 25, 12 Error - Unable to gain access to user store Error - 7/26/2012 4:57:29 PM | Computer Name = DTC-PC | Source = WLAN-Tray | ID = 0 Description = 15:57:29, Thu, Jul 26, 12 Error - Unable to decode string, error 87 Error - 7/28/2012 12:47:22 AM | Computer Name = DTC-PC | Source = WLAN-Tray | ID = 0 Description = 23:44:37, Fri, Jul 27, 12 Error - Unable to gain access to user store Error - 8/4/2012 10:56:04 PM | Computer Name = DTC-PC | Source = WLAN-Tray | ID = 0 Description = 21:56:04, Sat, Aug 04, 12 Error - Unable to gain access to user store [ Media Center Events ] Error - 2/1/2012 6:30:29 PM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0 Description = 4:30:18 PM - Failed to retrieve SportsV2 (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) Error - 5/19/2012 11:01:43 PM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0 Description = 10:01:43 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/20/2012 10:49:52 AM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0 Description = 9:49:38 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/20/2012 11:14:37 PM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0 Description = 10:14:37 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/21/2012 12:14:56 AM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0 Description = 11:14:55 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/21/2012 6:18:54 PM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0 Description = 5:18:54 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/22/2012 7:26:00 AM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0 Description = 6:25:54 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/22/2012 6:16:00 PM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0 Description = 5:16:00 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 5/23/2012 8:35:56 AM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0 Description = 7:35:52 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 6/9/2012 7:00:33 AM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0 Description = 6:00:32 AM - Error connecting to the internet. 6:00:32 AM - Unable to contact server.. [ System Events ] Error - 8/14/2012 10:29:05 AM | Computer Name = DTC-PC | Source = Service Control Manager | ID = 7034 Description = The Windows Search service terminated unexpectedly. It has done this 3 time(s). Error - 8/14/2012 10:33:16 AM | Computer Name = DTC-PC | Source = Microsoft-Windows-CorruptedFileRecovery-Server | ID = 10 Description = The system file C:\Windows\System32\NlsData0018.dll may be corrupted, but Windows could not determine if the file was actually damaged (error code 2147943517). No repair action was taken. Run the command "sfc /scannow" at an administrative command prompt to check for errors and to repair the file if necessary. Error - 8/14/2012 10:36:58 AM | Computer Name = DTC-PC | Source = Service Control Manager | ID = 7031 Description = The McAfee McShield service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error - 8/14/2012 10:36:59 AM | Computer Name = DTC-PC | Source = Service Control Manager | ID = 7034 Description = The Windows Search service terminated unexpectedly. It has done this 4 time(s). Error - 8/14/2012 10:41:14 AM | Computer Name = DTC-PC | Source = Microsoft-Windows-CorruptedFileRecovery-Server | ID = 10 Description = The system file C:\Windows\System32\NlsData0018.dll may be corrupted, but Windows could not determine if the file was actually damaged (error code 2147943517). No repair action was taken. Run the command "sfc /scannow" at an administrative command prompt to check for errors and to repair the file if necessary. Error - 8/14/2012 10:42:47 AM | Computer Name = DTC-PC | Source = Service Control Manager | ID = 7034 Description = The McAfee McShield service terminated unexpectedly. It has done this 6 time(s). Error - 8/14/2012 10:42:48 AM | Computer Name = DTC-PC | Source = Service Control Manager | ID = 7034 Description = The Windows Search service terminated unexpectedly. It has done this 5 time(s). Error - 8/14/2012 10:46:46 AM | Computer Name = DTC-PC | Source = Microsoft-Windows-CorruptedFileRecovery-Server | ID = 10 Description = The system file C:\Windows\System32\NlsData0018.dll may be corrupted, but Windows could not determine if the file was actually damaged (error code 2147943517). No repair action was taken. Run the command "sfc /scannow" at an administrative command prompt to check for errors and to repair the file if necessary. Error - 8/14/2012 10:46:47 AM | Computer Name = DTC-PC | Source = Service Control Manager | ID = 7034 Description = The Windows Search service terminated unexpectedly. It has done this 6 time(s). Error - 8/14/2012 10:50:15 AM | Computer Name = DTC-PC | Source = Microsoft-Windows-CorruptedFileRecovery-Server | ID = 10 Description = The system file C:\Windows\System32\NlsData0018.dll may be corrupted, but Windows could not determine if the file was actually damaged (error code 2147943517). No repair action was taken. Run the command "sfc /scannow" at an administrative command prompt to check for errors and to repair the file if necessary. < End of report >
  9. I've tried Safe Mode several times. I am in safe mode now and it still won't run.
  10. MalwareBytes sill isn't running. I used chameleon without any luck. The chameleon files run fine, and they say they've completed each step, but MB never opens. I tried using Rkill, and the random exe as well. Niether helped. The random exe brought up an error saying it's not a real Win32 application. Here is the log from Rkill: Rkill 2.0.3 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 08/08/2012 10:12:48 AM in x64 mode. Windows Version: Windows 7 Checking for Windows services to stop. * No malware services found to stop. Checking for processes to terminate. * C:\Users\DTC\AppData\Roaming\Google\Google Talk\googletalk.exe (PID: 3596) [uP-HEUR] 1 proccess terminated! Checking Registry for malware related settings. * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. * HKLM\Software\Classes\.com "@" has been changed to ComFile! * HKLM\Software\Classes\.com "@" was reset to comfile! Performing miscellaneous checks. * No issues found. Restarting Explorer.exe in order to apply changes. Program finished at: 08/08/2012 10:13:22 AM Execution time: 0 hours(s), 0 minute(s), and 33 seconds(s)
  11. MalwareBytes still won't run, but here is the log from ESET: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=57cf3982b436244c99139c34f12e7c22 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-08-06 08:11:48 # local_time=2012-08-06 03:11:48 (-0600, Central Daylight Time) # country="Canada" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5121 16777213 100 75 4310617 8546167 0 0 # compatibility_mode=5893 16776574 66 85 36607235 95810921 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=167307 # found=1 # cleaned=1 # scan_time=16437 C:\Users\DTC\Downloads\musicnotesSuite.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  12. ComboFix 12-08-05.02 - DTC 05/08/2012 10:11:39.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4056.2916 [GMT -5:00] Running from: c:\users\DTC\Desktop\ComboFix.exe Command switches used :: c:\users\DTC\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 ))))))))))))))))))))))))))))))) . . 2012-08-05 15:42 . 2012-08-05 15:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-03 13:40 . 2012-08-03 13:40 36168 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-07-26 16:42 . 2012-07-26 16:42 -------- d-----w- c:\programdata\Malwarebytes 2012-07-26 16:42 . 2012-07-26 16:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-26 16:42 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-26 02:31 . 2012-07-26 02:31 -------- d-----w- c:\users\DTC\AppData\Roaming\McAfee 2012-07-18 19:31 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-07-18 19:31 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-07-18 19:31 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-07-18 19:31 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-07-18 19:31 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-07-12 04:46 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 14:35 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 14:34 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-11 14:34 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2012-07-11 14:34 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2012-07-11 14:34 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2012-07-11 14:34 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-07-11 14:34 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2012-07-11 14:34 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll 2012-07-11 14:34 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll 2012-07-11 14:34 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll 2012-07-11 14:34 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll 2012-07-11 14:34 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll 2012-07-11 14:34 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll 2012-07-11 14:34 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-07-06 23:30 . 2012-08-05 04:56 -------- d-----r- c:\users\DTC\Dropbox 2012-07-06 23:28 . 2012-08-05 15:06 -------- d-----w- c:\users\DTC\AppData\Roaming\Dropbox . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-04 16:05 . 2012-04-05 01:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-04 16:05 . 2011-08-08 02:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 04:43 . 2010-03-13 05:50 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-01 15:19 . 2012-07-01 15:19 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-07-01 15:19 . 2010-04-23 15:24 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-06-02 22:19 . 2012-06-19 12:37 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-19 12:38 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-19 12:38 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-19 12:38 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-19 12:37 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-19 12:38 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-19 12:37 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 20:19 . 2012-06-19 12:37 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 20:15 . 2012-06-19 12:37 36864 ----a-w- c:\windows\system32\wuapp.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-08-05_03.33.53 ))))))))))))))))))))))))))))))))))))))))) . + 2010-02-27 09:24 . 2012-08-05 15:45 66352 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-05 15:45 45090 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-03-10 21:48 . 2012-08-05 15:45 24388 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2343204259-1990992844-924113905-1000_UserData.bin + 2010-03-10 17:10 . 2012-08-05 15:37 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-03-10 17:10 . 2012-08-05 03:29 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-03-10 17:10 . 2012-08-05 15:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-03-10 17:10 . 2012-08-05 03:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-08-05 15:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-08-05 03:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-03-16 14:26 . 2012-08-05 04:55 4416 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2012-08-05 03:28 . 2012-08-05 03:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-05 15:43 . 2012-08-05 15:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-05 15:43 . 2012-08-05 15:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-08-05 03:28 . 2012-08-05 03:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-08-05 03:28 294720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-08-05 15:43 294720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-02-26 06:10 . 2012-08-05 03:28 1473514 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2343204259-1990992844-924113905-1000-8192.dat + 2011-02-26 06:10 . 2012-08-05 15:43 1473514 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2343204259-1990992844-924113905-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "googletalk"="c:\users\DTC\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\users\DTC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\DTC\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-13 27595032] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-03-10 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-27 79360] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-08-03 36168] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-02-27 79360] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-16 1255736] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552] S3 vdmp_vm;VidyoDesktop Media Player Microphone;c:\windows\system32\drivers\vdmpvm.sys [2010-07-30 28744] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 16:05] . 2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2343204259-1990992844-924113905-1000Core.job - c:\users\DTC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-10 19:06] . 2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2343204259-1990992844-924113905-1000UA.job - c:\users\DTC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-10 19:06] . 2012-07-26 c:\windows\Tasks\vtscheduletask.job - c:\program files (x86)\McAfee\Supportability\MVT\MvtApp.exe [2012-07-26 02:05] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080] "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\DTC\AppData\Roaming\Mozilla\Firefox\Profiles\s5snzdbr.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.lds.org FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p= . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe . ************************************************************************** . Completion time: 2012-08-05 11:02:35 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-05 16:02 ComboFix2.txt 2012-08-05 03:52 . Pre-Run: 190,740,172,800 bytes free Post-Run: 190,661,804,032 bytes free . - - End Of File - - 721D181BFA7729A1B1E128AA0613E45A
  13. Combofix worked fine. Here's the log: ComboFix 12-08-05.02 - DTC 04/08/2012 22:08:50.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4056.2806 [GMT -5:00] Running from: c:\users\DTC\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe . . ((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 ))))))))))))))))))))))))))))))) . . 2012-08-05 03:27 . 2012-08-05 03:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-03 13:40 . 2012-08-03 13:40 36168 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-07-26 16:42 . 2012-07-26 16:42 -------- d-----w- c:\programdata\Malwarebytes 2012-07-26 16:42 . 2012-07-26 16:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-26 16:42 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-26 02:31 . 2012-07-26 02:31 -------- d-----w- c:\users\DTC\AppData\Roaming\McAfee 2012-07-18 19:31 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-07-18 19:31 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-07-18 19:31 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-07-18 19:31 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-07-18 19:31 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-07-12 04:46 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 14:35 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 14:34 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-11 14:34 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2012-07-11 14:34 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2012-07-11 14:34 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2012-07-11 14:34 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-07-11 14:34 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2012-07-11 14:34 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll 2012-07-11 14:34 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll 2012-07-11 14:34 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll 2012-07-11 14:34 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll 2012-07-11 14:34 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll 2012-07-11 14:34 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll 2012-07-11 14:34 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-07-06 23:30 . 2012-08-05 02:59 -------- d-----r- c:\users\DTC\Dropbox 2012-07-06 23:28 . 2012-08-05 02:59 -------- d-----w- c:\users\DTC\AppData\Roaming\Dropbox . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-04 16:05 . 2012-04-05 01:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-04 16:05 . 2011-08-08 02:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 04:43 . 2010-03-13 05:50 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-01 15:19 . 2012-07-01 15:19 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-07-01 15:19 . 2010-04-23 15:24 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-06-02 22:19 . 2012-06-19 12:37 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-19 12:38 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-19 12:38 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-19 12:38 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-19 12:37 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-19 12:38 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-19 12:37 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 20:19 . 2012-06-19 12:37 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 20:15 . 2012-06-19 12:37 36864 ----a-w- c:\windows\system32\wuapp.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "googletalk"="c:\users\DTC\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\users\DTC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\DTC\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-13 27595032] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-03-10 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-27 79360] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-08-03 36168] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-02-27 79360] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-16 1255736] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552] S3 vdmp_vm;VidyoDesktop Media Player Microphone;c:\windows\system32\drivers\vdmpvm.sys [2010-07-30 28744] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 16:05] . 2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2343204259-1990992844-924113905-1000Core.job - c:\users\DTC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-10 19:06] . 2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2343204259-1990992844-924113905-1000UA.job - c:\users\DTC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-10 19:06] . 2012-07-26 c:\windows\Tasks\vtscheduletask.job - c:\program files (x86)\McAfee\Supportability\MVT\MvtApp.exe [2012-07-26 02:05] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080] "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\DTC\AppData\Roaming\Mozilla\Firefox\Profiles\s5snzdbr.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.lds.org FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p= . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe . ************************************************************************** . Completion time: 2012-08-04 22:52:09 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-05 03:52 . Pre-Run: 190,402,306,048 bytes free Post-Run: 190,662,135,808 bytes free . - - End Of File - - EEEE5963372DEA36BBC197EB9FC195B5 I'm glad it worked
  14. Okay, so I am currently running aswMBR for the third time. Both of the other times my computer has completely frozen while it was scanning. It's running now, and I will record the entries it has now in case it freezes again and I can't get a log: (This is after all of the Disk 0 information) Service Scanning ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004570060] 3 CLASSPNP.SYS[ffff88001a5143f] -> nt!IofCallDriver ->... ... And then I got a blue screen of death. Sorry.. I couldn't type the other couple of lines in time. My computer just rebooted itself. Let's try this again... Service Scanning ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004570060] 3 CLASSPNP.SYS[ffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDe... AVAST engine scan C:\Windows AVAST engine scan C:\Windows\System32 Scanning: C:\Windows\system32\MSDvbNP.ax er-events.dll And now it looks like it has frozen again. I will wait it out, but I'm pretty sure it's done for. The other times it did this I waited 20 minutes to see if it would keep running and nothing ever happened. I hope this is helpful. I really appreciate your advice. I hope this works out soon, because this is really frustrating. Thanks again!
  15. Hi there Maniac, So I ran the exehelper, it took about 10 seconds but Malware Bytes still wouldn't run. Here is the log: exeHelper by Raktor Build 20100414 Run at 08:33:27 on 08/03/12 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- I then tried Chameleon, but the process was interrupted by a power outage that turned my computer off. About 15 minutes after I had already run exehelper and tried MalwareBytes unsuccessfully my McAfee popped up saying that it had detected a trojan from exehelper.exe and quarantined it. The trojan it listed was Artemis!BCA8A954D376 I rebooted my computer, turned off McAfee's real-time scanning and ran exehelper and MalwareBytes again with the same results, exehelper runs quick and MalwareBytes won't run. Now what?
  16. Hi there! My computer has recently become infected. It runs slowly, my McAfee keeps being turned off, and many programs will not run at all. I have downloaded malware bytes, and it fixed up my wife's computer nicely. However, it will not run on mine, and neither will Chameleon. I have tried all 12 of the chameleon files a couple of times, many of them run all the way through and say they're done, but Malware Bytes never does run. The process starts, but the application does not open, and then the process disappears. I would really appreciate some help. Here are my logs: Attach.txt DDS.txt Thanks! -David . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33 Run by DTC at 16:41:46 on 2012-08-02 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4056.2847 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Skype\Updater\Updater.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\rundll32.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\igfxsrvc.exe C:\Users\DTC\AppData\Roaming\Google\Google Talk\googletalk.exe C:\Users\DTC\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Users\DTC\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uStart Page = about:blank uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll mWinlogon: Userinit=userinit.exe BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120623154549.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [googletalk] C:\Users\DTC\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart uRun: [Google Update] "C:\Users\DTC\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [<NO NAME>] mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\DTC\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\DTC\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{691E400C-9E56-4E19-B1E7-DEDF2AC8D073} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{691E400C-9E56-4E19-B1E7-DEDF2AC8D073}\3456E64727F6756494 : DhcpNameServer = 10.0.0.2 192.168.2.1 TCP: Interfaces\{691E400C-9E56-4E19-B1E7-DEDF2AC8D073}\36F627D61636B636C616E6 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{691E400C-9E56-4E19-B1E7-DEDF2AC8D073}\45865602D4F6F6275637 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{691E400C-9E56-4E19-B1E7-DEDF2AC8D073}\C4559435D4F42514E4F5E4564777F627B6 : DhcpNameServer = 192.168.2.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll BHO-X64: McAfee Phishing Filter - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120623154549.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [updReg] C:\Windows\UpdReg.EXE mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [(Default)] mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\DTC\AppData\Roaming\Mozilla\Firefox\Profiles\s5snzdbr.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.lds.org FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p= FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Musicnotes\npmusicn.dll FF - plugin: C:\Program Files (x86)\Musicnotes\NPSibelius.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\DTC\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-11 249936] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-11 249936] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-11 249936] R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-7 199272] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-7 210584] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-7 162192] R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856] R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] R3 vdmp_vm;VidyoDesktop Media Player Microphone;C:\Windows\system32\drivers\vdmpvm.sys --> C:\Windows\system32\drivers\vdmpvm.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-11 249936] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 250056] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-2-27 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-2-27 79360] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120] S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-2-27 79360] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-07-26 16:42:57 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-26 16:42:55 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-26 16:42:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-26 02:31:59 -------- d-----w- C:\Users\DTC\AppData\Roaming\McAfee 2012-07-18 19:31:35 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-07-18 19:31:33 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-07-18 19:31:33 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-07-18 19:31:32 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-07-18 19:31:31 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-07-12 04:46:58 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 14:35:39 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-07-11 14:34:36 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll 2012-07-11 14:34:36 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll 2012-07-11 14:34:35 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-07-11 14:34:35 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll 2012-07-11 14:34:35 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll 2012-07-11 14:34:34 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll 2012-07-11 14:34:34 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll 2012-07-11 14:34:34 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll 2012-07-11 14:34:32 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll 2012-07-11 14:34:31 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll 2012-07-11 14:34:31 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll 2012-07-11 14:34:30 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll 2012-07-11 14:34:29 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-07-06 23:30:24 -------- d-----r- C:\Users\DTC\Dropbox 2012-07-06 23:28:24 -------- d-----w- C:\Users\DTC\AppData\Roaming\Dropbox 2012-07-04 21:30:39 -------- d-----w- C:\Users\DTC\.FamilySearchIndexing 2012-07-04 21:29:59 -------- d-----w- C:\Program Files (x86)\FamilySearch Indexing . ==================== Find3M ==================== . 2012-07-12 03:05:21 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 03:05:21 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-01 15:19:18 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-07-01 15:19:18 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll . ============= FINISH: 16:43:54.79 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.