djmayes19

Ran AVP - no threats found. The test took over 9 hours to run as well - is that normal???

I also ran Chameleon in Safe Mode - this time it worked!!! Well, the Dos window showed progress and it had a lot of "Done!" -- however after a reboot I could not get malwares to run Will wait for the next step! I dont have the laptop on much - as I am worried I open to hackers/viruses etc!

I also tried to reinstall malwares - it just doesnt run!!!!!! Have you ever seen this before ??

Here is the FSS after the Complete Internet Repair (I have uninstalled Windows LIve Messenger - as it is turning off soon) Farbar Service Scanner Version: 16-01-2013 Ran by Mayes (administrator) on 23-01-2013 at 07:51:29 Running from "C:\Users\Mayes\Downloads" Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Google IP is offline Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****

Farbar Service Scanner Version: 16-01-2013 Ran by Mayes (administrator) on 20-01-2013 at 16:26:46 Running from "C:\Users\Mayes\Downloads" Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Google IP is offline Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** Thanks Deb

Sorry Maniac, i have uninstalled Malwares (as I was just getting frustrated) and I think the files have also been removed. I ran a chkdsk - I had 4 bad sectors!! I have also run a sfc /scannow (instructed by Mcafee) and there are some corrupt files Not sure if this is serious or not - here are the lines indicating the problems from that scan.... 2013-01-10 19:19:55, Info CSI 000001db [sR] Verifying 100 (0x0000000000000064) components 2013-01-10 19:19:55, Info CSI 000001dc [sR] Beginning Verify and Repair transaction 2013-01-10 19:20:01, Info CSI 000001de [sR] Verify complete 2013-01-10 19:20:02, Info CSI 000001df [sR] Verifying 100 (0x0000000000000064) components 2013-01-10 19:20:02, Info CSI 000001e0 [sR] Beginning Verify and Repair transaction 2013-01-10 19:20:07, Info CSI 000001e2 [sR] Cannot repair member file [l:28{14}]"SensorsCpl.dll" of Microsoft-Windows-MobilePC-Sensors-CPL, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2013-01-10 19:20:11, Info CSI 000001e4 [sR] Cannot repair member file [l:28{14}]"SensorsCpl.dll" of Microsoft-Windows-MobilePC-Sensors-CPL, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2013-01-10 19:20:11, Info CSI 000001e5 [sR] This component was referenced by [l:224{112}]"Microsoft-Windows-MobilePC-Client-Sensors-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.MobilePC-Client-Sensors" 2013-01-10 19:20:12, Info CSI 000001e8 [sR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:28{14}]"SensorsCpl.dll"; source file in store is also corrupted 2013-01-10 19:20:14, Info CSI 000001ed [sR] Verify complete ............... 2013-01-10 19:22:16, Info CSI 00000289 [sR] Verifying 100 (0x0000000000000064) components 2013-01-10 19:22:16, Info CSI 0000028a [sR] Beginning Verify and Repair transaction 2013-01-10 19:22:23, Info CSI 0000028e [sR] Verify complete 2013-01-10 19:22:23, Info CSI 0000028f [sR] Verifying 100 (0x0000000000000064) components 2013-01-10 19:22:23, Info CSI 00000290 [sR] Beginning Verify and Repair transaction 2013-01-10 19:22:27, Info CSI 00000292 [sR] Cannot repair member file [l:24{12}]"msvbvm60.dll" of Microsoft-Windows-MSVBVM60, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2013-01-10 19:22:30, Info CSI 000002a7 [sR] Cannot repair member file [l:24{12}]"msvbvm60.dll" of Microsoft-Windows-MSVBVM60, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2013-01-10 19:22:30, Info CSI 000002a8 [sR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery" 2013-01-10 19:22:30, Info CSI 000002ab [sR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:24{12}]"msvbvm60.dll"; source file in store is also corrupted ........................... 2013-01-10 19:24:03, Info CSI 000002f5 [sR] Repairing 2 components 2013-01-10 19:24:03, Info CSI 000002f6 [sR] Beginning Verify and Repair transaction 2013-01-10 19:24:03, Info CSI 000002f8 [sR] Cannot repair member file [l:28{14}]"SensorsCpl.dll" of Microsoft-Windows-MobilePC-Sensors-CPL, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2013-01-10 19:24:03, Info CSI 000002fa [sR] Cannot repair member file [l:24{12}]"msvbvm60.dll" of Microsoft-Windows-MSVBVM60, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2013-01-10 19:24:03, Info CSI 000002fc [sR] Cannot repair member file [l:24{12}]"msvbvm60.dll" of Microsoft-Windows-MSVBVM60, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2013-01-10 19:24:03, Info CSI 000002fd [sR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery" 2013-01-10 19:24:03, Info CSI 00000300 [sR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:24{12}]"msvbvm60.dll"; source file in store is also corrupted 2013-01-10 19:24:03, Info CSI 00000302 [sR] Cannot repair member file [l:28{14}]"SensorsCpl.dll" of Microsoft-Windows-MobilePC-Sensors-CPL, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2013-01-10 19:24:03, Info CSI 00000303 [sR] This component was referenced by [l:224{112}]"Microsoft-Windows-MobilePC-Client-Sensors-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.MobilePC-Client-Sensors" 2013-01-10 19:24:03, Info CSI 00000306 [sR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:28{14}]"SensorsCpl.dll"; source file in store is also corrupted 2013-01-10 19:24:03, Info CSI 00000308 [sR] Repair complete 2013-01-10 19:24:03, Info CSI 00000309 [sR] Committing transaction 2013-01-10 19:24:03, Info CSI 0000030d [sR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired 2013-01-10 19:40:43, Info CSI 00000009 [sR] Verifying 100 (0x0000000000000064) components ..................................... 2013-01-10 19:48:35, Info CSI 000001db [sR] Verifying 100 (0x0000000000000064) components 2013-01-10 19:48:35, Info CSI 000001dc [sR] Beginning Verify and Repair transaction 2013-01-10 19:48:41, Info CSI 000001de [sR] Verify complete 2013-01-10 19:48:41, Info CSI 000001df [sR] Verifying 100 (0x0000000000000064) components 2013-01-10 19:48:41, Info CSI 000001e0 [sR] Beginning Verify and Repair transaction 2013-01-10 19:48:46, Info CSI 000001e2 [sR] Cannot repair member file [l:28{14}]"SensorsCpl.dll" of Microsoft-Windows-MobilePC-Sensors-CPL, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2013-01-10 19:48:50, Info CSI 000001e4 [sR] Cannot repair member file [l:28{14}]"SensorsCpl.dll" of Microsoft-Windows-MobilePC-Sensors-CPL, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2013-01-10 19:48:50, Info CSI 000001e5 [sR] This component was referenced by [l:224{112}]"Microsoft-Windows-MobilePC-Client-Sensors-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.MobilePC-Client-Sensors" 2013-01-10 19:48:50, Info CSI 000001e8 [sR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:28{14}]"SensorsCpl.dll"; source file in store is also corrupted 2013-01-10 19:48:53, Info CSI 000001ed [sR] Verify complete ................................................ 2013-01-10 19:50:52, Info CSI 00000290 [sR] Beginning Verify and Repair transaction 2013-01-10 19:50:55, Info CSI 00000292 [sR] Cannot repair member file [l:24{12}]"msvbvm60.dll" of Microsoft-Windows-MSVBVM60, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2013-01-10 19:50:59, Info CSI 000002a7 [sR] Cannot repair member file [l:24{12}]"msvbvm60.dll" of Microsoft-Windows-MSVBVM60, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2013-01-10 19:50:59, Info CSI 000002a8 [sR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery" 2013-01-10 19:50:59, Info CSI 000002ab [sR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:24{12}]"msvbvm60.dll"; source file in store is also corrupted ................................................ 2013-01-10 19:52:18, Info CSI 000002f1 [sR] Verifying 29 (0x000000000000001d) components 2013-01-10 19:52:18, Info CSI 000002f2 [sR] Beginning Verify and Repair transaction 2013-01-10 19:52:19, Info CSI 000002f4 [sR] Verify complete 2013-01-10 19:52:19, Info CSI 000002f5 [sR] Repairing 2 components 2013-01-10 19:52:19, Info CSI 000002f6 [sR] Beginning Verify and Repair transaction 2013-01-10 19:52:19, Info CSI 000002f8 [sR] Cannot repair member file [l:28{14}]"SensorsCpl.dll" of Microsoft-Windows-MobilePC-Sensors-CPL, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2013-01-10 19:52:19, Info CSI 000002fa [sR] Cannot repair member file [l:24{12}]"msvbvm60.dll" of Microsoft-Windows-MSVBVM60, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2013-01-10 19:52:19, Info CSI 000002fc [sR] Cannot repair member file [l:24{12}]"msvbvm60.dll" of Microsoft-Windows-MSVBVM60, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2013-01-10 19:52:19, Info CSI 000002fd [sR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery" 2013-01-10 19:52:19, Info CSI 00000300 [sR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:24{12}]"msvbvm60.dll"; source file in store is also corrupted 2013-01-10 19:52:19, Info CSI 00000302 [sR] Cannot repair member file [l:28{14}]"SensorsCpl.dll" of Microsoft-Windows-MobilePC-Sensors-CPL, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2013-01-10 19:52:19, Info CSI 00000303 [sR] This component was referenced by [l:224{112}]"Microsoft-Windows-MobilePC-Client-Sensors-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.MobilePC-Client-Sensors" 2013-01-10 19:52:19, Info CSI 00000306 [sR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:28{14}]"SensorsCpl.dll"; source file in store is also corrupted 2013-01-10 19:52:19, Info CSI 00000308 [sR] Repair complete 2013-01-10 19:52:19, Info CSI 00000309 [sR] Committing transaction 2013-01-10 19:52:19, Info CSI 0000030d [sR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired 2013-01-10 20:04:57, Info CSI 00000009 [sR] Verifying 100 (0x0000000000000064) components 2013-01-10 20:04:57, Info CSI 0000000a [sR] Beginning Verify and Repair transaction .................................... 2013-01-10 20:13:41, Info CSI 000001df [sR] Verifying 100 (0x0000000000000064) components 2013-01-10 20:13:41, Info CSI 000001e0 [sR] Beginning Verify and Repair transaction 2013-01-10 20:13:45, Info CSI 000001e2 [sR] Cannot repair member file [l:28{14}]"SensorsCpl.dll" of Microsoft-Windows-MobilePC-Sensors-CPL, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2013-01-10 20:13:49, Info CSI 000001e4 [sR] Cannot repair member file [l:28{14}]"SensorsCpl.dll" of Microsoft-Windows-MobilePC-Sensors-CPL, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2013-01-10 20:13:49, Info CSI 000001e5 [sR] This component was referenced by [l:224{112}]"Microsoft-Windows-MobilePC-Client-Sensors-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.MobilePC-Client-Sensors" 2013-01-10 20:13:49, Info CSI 000001e8 [sR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:28{14}]"SensorsCpl.dll"; source file in store is also corrupted ......................................... 2013-01-10 20:15:45, Info CSI 0000028f [sR] Verifying 100 (0x0000000000000064) components 2013-01-10 20:15:45, Info CSI 00000290 [sR] Beginning Verify and Repair transaction 2013-01-10 20:15:48, Info CSI 00000292 [sR] Cannot repair member file [l:24{12}]"msvbvm60.dll" of Microsoft-Windows-MSVBVM60, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2013-01-10 20:15:51, Info CSI 000002a7 [sR] Cannot repair member file [l:24{12}]"msvbvm60.dll" of Microsoft-Windows-MSVBVM60, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2013-01-10 20:15:51, Info CSI 000002a8 [sR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery" 2013-01-10 20:15:51, Info CSI 000002ab [sR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:24{12}]"msvbvm60.dll"; source file in store is also corrupted .................................................................. 2013-01-10 20:17:11, Info CSI 000002f2 [sR] Beginning Verify and Repair transaction 2013-01-10 20:17:12, Info CSI 000002f4 [sR] Verify complete 2013-01-10 20:17:12, Info CSI 000002f5 [sR] Repairing 2 components 2013-01-10 20:17:12, Info CSI 000002f6 [sR] Beginning Verify and Repair transaction 2013-01-10 20:17:12, Info CSI 000002f8 [sR] Cannot repair member file [l:28{14}]"SensorsCpl.dll" of Microsoft-Windows-MobilePC-Sensors-CPL, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2013-01-10 20:17:12, Info CSI 000002fa [sR] Cannot repair member file [l:24{12}]"msvbvm60.dll" of Microsoft-Windows-MSVBVM60, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2013-01-10 20:17:12, Info CSI 000002fc [sR] Cannot repair member file [l:24{12}]"msvbvm60.dll" of Microsoft-Windows-MSVBVM60, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2013-01-10 20:17:12, Info CSI 000002fd [sR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery" 2013-01-10 20:17:12, Info CSI 00000300 [sR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:24{12}]"msvbvm60.dll"; source file in store is also corrupted 2013-01-10 20:17:12, Info CSI 00000302 [sR] Cannot repair member file [l:28{14}]"SensorsCpl.dll" of Microsoft-Windows-MobilePC-Sensors-CPL, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch 2013-01-10 20:17:12, Info CSI 00000303 [sR] This component was referenced by [l:224{112}]"Microsoft-Windows-MobilePC-Client-Sensors-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.MobilePC-Client-Sensors" 2013-01-10 20:17:12, Info CSI 00000306 [sR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:28{14}]"SensorsCpl.dll"; source file in store is also corrupted 2013-01-10 20:17:12, Info CSI 00000308 [sR] Repair complete 2013-01-10 20:17:12, Info CSI 00000309 [sR] Committing transaction 2013-01-10 20:17:12, Info CSI 0000030d [sR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired What are your thoughts? Hope my laptop isn't dying Just so you know - remember how the scan programs were all hanging - these are the file names they would all stick on! So that means something - doesnt it? Deb

I also re-ran the MTV Health Check - and there are the following errors Product Name : VirusScan - McAfee Total Protection Product Version : 16.1.144 Service 2 service(s) incorrect Expected Service State Incorrect Expected : running Existing : stopped Service : McNaiAnn "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc Expected Service State Incorrect Expected : running Existing : stopped Service : mfecore C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe Product Name : QuickClean and Shredder - McAfee Total Protection Product Version : 12.1.120 Process 1 process(s) incorrect Expected process not running Expected : running Existing : not running C:\Program Files\mcafee\msc\mcapexe.exe Expected process running C:\Program Files\Common Files\McAfee\Platform\mcsvchost\mcsvhost.exe Expected process running C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe Product Name : SecurityCenter Product Version : 12.1.253 1 service(s) incorrect Expected Service State Incorrect Expected : running Existing : stopped Service : McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe Expected Service Present Service : McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe Expected Service Startup type Correct Service : McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe Product Name : AntiSpam - McAfee Total Protection Product Version : 13.1.115 Service 1 service(s) incorrect Expected Service State Incorrect Expected : running Existing : stopped Service : MSK80Service "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc Expected Service Present Service : MSK80Service "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc Expected Service Startup type Correct Service : MSK80Service "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc So I guess there are some services still not running - even though I have done a full uninstall and re-install. Could there be something in this that is impacting the Malware operating correctly?

Hi Maniac, this is crazy - there is clearly a prob with the new mcafee system and errors. I still cannot load malwares (and my gut tells me to get this working). There was a link on a mcafee page to this site http://malwaretips.com/Thread-How-to-completely-remove-ZeroAccess-Sirefef-rootkit-Removal-Guide Are you aware of this site - do these steps work? I thought I would try them - but I can't even download the first file with mcafee installed = it quarantines the file! Is this a reputable site? I really want to get Malwares to run - I do think there is something wrong with the laptop. Whether it is just files now corrupt and I need to reinstall? |Thanks for your pateince and guidance Deb

Ok so I have completely deleted all virus stuff.... Rebooted twice (just to be sure) and it still won't run. Is there some thing else I need to do?

I hadn't heard from you for awhile I logged a call with McAfee, (I have been a loyal customer - so wanted to get this fixed) who have fixed my slowness under the mcafee installation. There is an issue with the new system and IE, so I am now using google chrome, and have re-installed mcafee. I have used the above two links - one to remove and then disabled mcafee. Malware does the same thing still - that is it looks like it installs, I get the files in the directory and I get the last screen where the 3 options, one being launch Malwares. I then get the thinking icon (spinning?) then the pointer. I see a setup icon on the taskbar - then nothing! If I purchase the licence is there a gurantee that it will install? Can I run both mcafee and malwares? Thanks Deb

Maniac, Malware still doesnt run. I have deleted Java 6 and Adobe Reader- I was not going to install anything else until I heard back from you. Do I need to get a new version of Windows 7 and do a complete re-install? I am now worried about safety - like internet banking etc. Deb

OK - so the systems seems better. It isnt hanging like it was, but IE stills takes about 20 - 30 secs to open and display a page. It was about 10-15 secs. I still cant run Malware - and this does bother me! I have unistalled nearly every program not used. I uninstalled Malware and re-installed. I just get the setup box sitting at the bottom. I am leaving it for about 10 mins, but I assum it would not take that long to show the box and start the app. Is there something else I should do? I bought this Toshiba about 6 months ago - I dont have a Windows 7 disk. I dont mind re-installing if I have to - but not sure how to (as I dont have any original disks). A perplexed Deb

After all that testin, and the laptop is runniong better, I still cant get Malware to run!!! I have uninstalled and reinstalled - leaving the launch ticked, and the setup icon just stays at the bottom tray - but nothing opens. If I ctl alt del - it says that setup is running! Ah, gotta love this Deb

Had the one hiccup with the registry optimizer (which was expected). Cleaner ran. I rebooted, IE only took 7 secs to open. Then ran ATF Cleaner, I only it never opened. I get the turning circle near the pointer, but nothing opens. Task Manager shows no application. This us what happened with Malwarebytes! I haven't tried that as you have not asked me to again. The system restore setting on my laptop was 2%, I changed it to 3 I ran chkdsk, there were 4 bad sectors. Disk defrag currently running. Thanks so much for your help. Hopefully it will behave now, and I will regularly run the defrag and reg checks. Deb

Running and got Error optimizing registry hive HKEY_LOCAL_MACHINE\BCD00000000 ! Continue with the next hive? (I clicked yes)

Ok, things are better. I tried to reinstall mcafee and it all died again. So there must be some conflicts with my win 7 setup and the mcafee. What anti virus do you recommend in the short term?

OK, it took awhile but McAfee uninstalled. The laptop seems to back to normal, though still a bit slow. It took about 18 secs to open IE, it should be about 10. But I can navigate to different pages easily, it wasn't doing that. I can open control panel and Windows Explorer, but this is very slow! It shows the icons as white pages, and then the URL line builds green as it "thinks" about that to display. The white pages slowly show as the icons. That is not normal, it normally just goes to show all the contents. Been on a few minutes, and now ctl alt del is slow to bring up the menu, and no task manager comes after selecting it. Finally got task manager up, performance all over the plce, and only up for 10 mins. Here are the processes if that helps (not sure it worked) Are we on the way to recovery? Thank you for your help, hope we get it all better, Deb

So frustrating!!! It got to 3 h 40 something and 99% done. I did find one threat something Open Camdy (which doesn't appear too bad). It did freeze a fees times, and seemed to wake up when I clicked back to the download page. Then it is topped, so I clicked to the download page thinking it would go again, only it disappeared and now I have the ie screen not respnding cannot curl alt del, so I have to manually stud own. Next suggestion? Deb

Not sure I'd this is related, but after running that, I rebooted back to safe mode with networking. I was waiting for the next step, then the pc flashed a mcafee warning, the pc is at risk and real time scanning is now turned off. I will turn off the pc and monitor your next step via my iPad. I do note that the shut down is now much quicker, so hopefully this is getting better. Thanks for your help, a very worried Deb

Took awhile to reboot -sorry.\I disabled McAfee (virus and firwall) - but the ComboFix told me they were running. I doubled checked, but it was all red ad turned off. the log is as follows: ComboFix 13-01-05.01 - Mayes 05/01/2013 8:40.1.4 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6056.5189 [GMT -7:00] Running from: c:\users\Mayes\Downloads\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Mayes\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe . ----- File Replicators ----- . c:\programdata\Adobe\Reader\9.3\ARM\11597\AcrobatUpdater.exe c:\programdata\Adobe\Reader\9.3\ARM\11597\AdobeARMHelper.exe c:\programdata\Adobe\Reader\9.3\ARM\11597\ReaderUpdater.exe c:\programdata\Adobe\Reader\9.3\ARM\12051\AcrobatUpdater.exe c:\programdata\Adobe\Reader\9.3\ARM\12051\AdobeARMHelper.exe c:\programdata\Adobe\Reader\9.3\ARM\12051\ReaderUpdater.exe c:\programdata\Adobe\Reader\9.3\ARM\2450\AcrobatUpdater.exe c:\programdata\Adobe\Reader\9.3\ARM\2450\AdobeARMHelper.exe c:\programdata\Adobe\Reader\9.3\ARM\2450\ReaderUpdater.exe c:\programdata\Adobe\Reader\9.3\ARM\24662\AcrobatUpdater.exe c:\programdata\Adobe\Reader\9.3\ARM\24662\AdobeARMHelper.exe c:\programdata\Adobe\Reader\9.3\ARM\24662\ReaderUpdater.exe c:\programdata\Adobe\Reader\9.3\ARM\25414\AcrobatUpdater.exe c:\programdata\Adobe\Reader\9.3\ARM\25414\AdobeARMHelper.exe c:\programdata\Adobe\Reader\9.3\ARM\25414\ReaderUpdater.exe c:\programdata\Adobe\Reader\9.3\ARM\26049\AcrobatUpdater.exe c:\programdata\Adobe\Reader\9.3\ARM\26049\AdobeARMHelper.exe c:\programdata\Adobe\Reader\9.3\ARM\26049\ReaderUpdater.exe c:\users\All Users\Adobe\Reader\9.3\ARM\11597\AcrobatUpdater.exe c:\users\All Users\Adobe\Reader\9.3\ARM\11597\AdobeARMHelper.exe c:\users\All Users\Adobe\Reader\9.3\ARM\11597\ReaderUpdater.exe c:\users\All Users\Adobe\Reader\9.3\ARM\12051\AcrobatUpdater.exe c:\users\All Users\Adobe\Reader\9.3\ARM\12051\AdobeARMHelper.exe c:\users\All Users\Adobe\Reader\9.3\ARM\12051\ReaderUpdater.exe c:\users\All Users\Adobe\Reader\9.3\ARM\2450\AcrobatUpdater.exe c:\users\All Users\Adobe\Reader\9.3\ARM\2450\AdobeARMHelper.exe c:\users\All Users\Adobe\Reader\9.3\ARM\2450\ReaderUpdater.exe c:\users\All Users\Adobe\Reader\9.3\ARM\24662\AcrobatUpdater.exe c:\users\All Users\Adobe\Reader\9.3\ARM\24662\AdobeARMHelper.exe c:\users\All Users\Adobe\Reader\9.3\ARM\24662\ReaderUpdater.exe c:\users\All Users\Adobe\Reader\9.3\ARM\25414\AcrobatUpdater.exe c:\users\All Users\Adobe\Reader\9.3\ARM\25414\AdobeARMHelper.exe c:\users\All Users\Adobe\Reader\9.3\ARM\25414\ReaderUpdater.exe c:\users\All Users\Adobe\Reader\9.3\ARM\26049\AcrobatUpdater.exe c:\users\All Users\Adobe\Reader\9.3\ARM\26049\AdobeARMHelper.exe c:\users\All Users\Adobe\Reader\9.3\ARM\26049\ReaderUpdater.exe c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\adobearmhelper.exe . . ((((((((((((((((((((((((( Files Created from 2012-12-05 to 2013-01-05 ))))))))))))))))))))))))))))))) . . 2013-01-05 15:46 . 2013-01-05 15:46 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C45AC485-C15C-4BA6-AFF1-75055510B802}\offreg.dll 2013-01-05 15:46 . 2013-01-05 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-05 03:28 . 2013-01-05 03:28 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-01-05 03:28 . 2013-01-05 03:28 150640 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-01-04 23:36 . 2012-11-19 08:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C45AC485-C15C-4BA6-AFF1-75055510B802}\mpengine.dll 2013-01-04 21:00 . 2012-12-14 23:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-04 05:28 . 2013-01-04 05:29 -------- d-----w- c:\users\Mayes\AppData\Local\adawarebp 2013-01-04 03:37 . 2013-01-04 03:38 -------- d-----w- c:\users\Mayes\AppData\Roaming\EurekaLog 2013-01-04 03:24 . 2013-01-04 03:24 -------- d-sh--w- c:\windows\system32\%APPDATA% 2013-01-04 02:35 . 2013-01-04 22:26 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware 2013-01-04 02:30 . 2013-01-04 17:34 -------- d-----w- c:\program files (x86)\stinger 2013-01-04 00:38 . 2013-01-04 03:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-01-04 00:38 . 2009-01-25 19:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe 2013-01-04 00:38 . 2013-01-04 00:38 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2 2013-01-04 00:37 . 2013-01-04 00:37 -------- d-----w- c:\users\Mayes\AppData\Roaming\LavasoftStatistics 2013-01-04 00:37 . 2013-01-04 04:09 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys 2013-01-04 00:36 . 2013-01-04 05:27 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2013-01-04 00:36 . 2013-01-04 00:36 -------- d-----w- c:\program files (x86)\Toolbar Cleaner 2013-01-03 21:51 . 2013-01-03 21:52 -------- d-----w- c:\program files (x86)\Hope Malwarebytes' Anti-Malware 2013-01-03 04:27 . 2013-01-03 04:27 -------- d-----w- c:\programdata\Malwarebytes 2013-01-03 04:27 . 2013-01-04 21:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-03 04:27 . 2013-01-03 04:27 -------- d-----w- c:\users\Mayes\AppData\Local\Programs 2013-01-03 03:37 . 2012-11-28 22:58 67413224 ----a-w- c:\windows\system32\MRT.exe 2013-01-03 03:30 . 2013-01-03 03:30 -------- d-----w- C:\perflogs 2013-01-02 21:56 . 2013-01-02 21:56 -------- d-----w- c:\users\Mayes\AppData\Local\Amazon 2013-01-02 03:34 . 2013-01-02 03:34 -------- d-----w- c:\users\Mayes\AppData\Roaming\McAfee 2013-01-01 01:47 . 2013-01-01 12:12 460888 ----a-w- c:\windows\system32\drivers\21932562.sys 2012-12-31 22:06 . 2012-08-21 20:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-12-31 22:05 . 2012-12-31 22:06 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-31 22:05 . 2012-12-31 22:06 -------- d-----w- c:\program files\iTunes 2012-12-31 22:05 . 2012-12-31 22:06 -------- d-----w- c:\program files (x86)\iTunes 2012-12-31 22:05 . 2012-12-31 22:05 -------- d-----w- c:\program files\iPod 2012-12-31 22:04 . 2012-12-31 22:04 -------- d-----w- c:\program files\Common Files\Apple 2012-12-31 20:11 . 2012-12-31 22:22 -------- d-----w- c:\programdata\SecTaskMan 2012-12-31 20:11 . 2012-12-31 20:11 -------- d-----w- c:\program files (x86)\Security Task Manager 2012-12-31 14:19 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-31 14:19 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-31 14:19 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-31 14:19 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-12 19:54 . 2012-11-14 05:59 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-12-12 19:53 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-12-12 19:50 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-12 19:50 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-12-08 20:14 . 2010-04-14 03:10 66040 ----a-w- c:\windows\system32\drivers\MOBK.sys 2012-12-08 20:14 . 2012-05-28 17:28 197264 ----a-w- c:\windows\system32\drivers\HipShieldK.sys 2012-12-08 20:14 . 2012-12-08 20:14 -------- d-----w- c:\users\Mayes\AppData\Local\McAfee File Lock 2012-12-08 20:14 . 2012-10-19 16:51 74120 ----a-w- c:\windows\system32\drivers\McPvDrv.sys 2012-12-08 20:13 . 2012-12-08 20:13 -------- d-----w- c:\program files (x86)\Common Files\McAfee 2012-12-08 20:13 . 2012-11-09 13:37 177680 ----a-w- c:\windows\system32\mfevtps.exe 2012-12-08 20:13 . 2012-12-31 14:33 -------- d-----w- c:\program files\McAfee 2012-12-08 20:13 . 2013-01-02 03:33 -------- d-----w- c:\program files (x86)\McAfee . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-11 21:06 . 2012-06-22 23:54 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-11 21:06 . 2012-06-22 23:54 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-09 13:40 . 2012-10-29 15:30 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-11-09 13:37 . 2012-10-29 15:27 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-11-09 13:35 . 2012-10-29 15:25 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-11-09 13:34 . 2012-10-29 15:24 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-11-09 13:34 . 2012-10-29 15:23 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-11-09 13:33 . 2012-10-29 15:23 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-11-02 08:46 . 2012-11-02 08:46 97208 ----a-w- c:\windows\system32\drivers\mfencrk.sys 2012-11-02 08:46 . 2012-11-02 08:46 328976 ----a-w- c:\windows\system32\drivers\mfencbdc.sys 2012-11-02 08:46 . 2012-11-02 08:46 10544 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys 2012-10-20 19:25 . 2012-08-27 00:01 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-10-20 19:25 . 2011-02-18 08:19 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-16 08:38 . 2012-11-28 13:57 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 13:57 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 13:57 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 18:17 . 2012-11-15 14:05 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-15 14:05 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-15 14:05 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-15 14:05 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-08 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360] "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-12-11 542104] "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176] "emsisoft anti-malware"="c:\program files (x86)\Emsisoft Anti-Malware\a2guard.exe" [2012-10-18 3364264] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Z1"="c:\users\Mayes\Downloads\mbar-1.01.0.1011\mbar\mbar.exe" [2012-12-04 1342312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] @="" . R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208] R1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 66040] R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-12-13 3084688] R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-29 249200] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448] R2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-10 162824] R2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-12-04 103472] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856] R2 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2012-10-19 74120] R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [2012-10-06 1007288] R2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224] R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392] R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624] R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944] R2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-07-26 92632] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-12-08 267192] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-05-01 66320] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-05-28 197264] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-01-05 36680] R3 mbamswissarmy;mbamswissarmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-01-05 150640] R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [2012-11-02 328976] R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [2012-11-02 97208] R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632] R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-21 822704] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-17 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 21932562;21932562;c:\windows\system32\DRIVERS\21932562.sys [2013-01-01 460888] S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-01-04 14456] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384] S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856] S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-14 413800] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-11-03 1103464] . . Contents of the 'Scheduled Tasks' folder . 2013-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 21:06] . 2013-01-04 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job - c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-01-04 21:08] . 2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-15 23:44] . 2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-15 23:44] . 2013-01-04 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job - c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-01-04 21:07] . 2013-01-04 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job - c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-01-04 21:07] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK] @="{3c3f3c1a-9153-7c05-f938-622e7003894d}" [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}] 2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2] @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}" [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}] 2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3] @="{b4caf489-1eec-c617-49ad-8d7088598c06}" [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}] 2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-13 11775592] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-10 2186856] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368] . ------- Supplementary Scan ------- . uStart Page = hxxp://go.bigpond.com/home/index.jsp uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files (x86)\TurboTax 2011\ic2011pp.dll . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-WeatherEye - c:\users\Mayes\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) Notify-SDWinLogon - SDWinLogon.dll Toolbar-Locked - (no file) HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe AddRemove-The Weather Network - c:\users\Mayes\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-05 08:48:34 ComboFix-quarantined-files.txt 2013-01-05 15:48 . Pre-Run: 482,851,115,008 bytes free Post-Run: 482,219,859,968 bytes free . - - End Of File - - C8353CE314639D6C283F30A7301FAA9C thanks Deb

Oh no - finally got a response back and the CPU usage is all over the place!! Huge up and downs. Yet I can't do anything. The memory is showing a solid 2.32 Gig and now Task Manager is not responding. Do I reboot? Deb

Hi maniac, I left it running over night. Woke up to see it still sitting on C:\ windows\syswow64\com\comempty.dat. I tried ctl + alt +del to open task mgr to check processes, it was very slow to go to the windows, and again slow to,open task manager. When I look at performance, the CPU was not running, until I opened task manager. There is nothing to see on the graphs. I see mbam.exe is at 113k ink the memory, I tried to use the snipping tool to get the processes for you - it just froze. Any ideas? Deb

Hi maniac, I am not able to run in normal windows!! I can do Drivers and Sectors as separate runs, and they are clean. But when I do Ysytem, it just seems to freeze. And I can't do anything, if I try to open explorer, it gets a green build bar along the top and does not open. Even ctl+alt+del don't work! I have to manually power down. I am now truing to run the System scan again in safe mode - just to see if it will rok. I really don't know what to do! Deb

Maniac, The system crashed. Got a blue screen with dos text, but by the time I got a pen it was rebooting. I am informal mode, turned off Internet and am trying to run again. I note there a bit of a delay between clicking run as admin and the actual program opening.

Maniac, How can I tell if the scan is hung? Is has seat on scanning C:\windows\system32\hpzisn12.dll for over 10 mins. Deb