[Think I am infected - installed but cant run malwarebytes]

Ran AVP - no threats found. The test took over 9 hours to run as well - is that normal???

[Think I am infected - installed but cant run malwarebytes]

I also ran Chameleon in Safe Mode - this time it worked!!! Well, the Dos window showed progress and it had a lot of "Done!" -- however after a reboot I could not get malwares to run

Will wait for the next step! I dont have the laptop on much - as I am worried I open to hackers/viruses etc!

[Think I am infected - installed but cant run malwarebytes]

I also tried to reinstall malwares - it just doesnt run!!!!!!

Have you ever seen this before ??

[Think I am infected - installed but cant run malwarebytes]

Here is the FSS after the Complete Internet Repair (I have uninstalled Windows LIve Messenger - as it is turning off soon)

Farbar Service Scanner Version: 16-01-2013

Ran by Mayes (administrator) on 23-01-2013 at 07:51:29

Running from "C:\Users\Mayes\Downloads"

Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is offline

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

[Think I am infected - installed but cant run malwarebytes]

Farbar Service Scanner Version: 16-01-2013

Ran by Mayes (administrator) on 20-01-2013 at 16:26:46

Running from "C:\Users\Mayes\Downloads"

Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is offline

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Thanks Deb

[Think I am infected - installed but cant run malwarebytes]

Sorry Maniac,

i have uninstalled Malwares (as I was just getting frustrated) and I think the files have also been removed. I ran a chkdsk - I had 4 bad sectors!! I have also run a sfc /scannow (instructed by Mcafee) and there are some corrupt files

Not sure if this is serious or not - here are the lines indicating the problems from that scan....

2013-01-10 19:19:55, Info CSI 000001db [sR] Verifying 100 (0x0000000000000064) components

2013-01-10 19:19:55, Info CSI 000001dc [sR] Beginning Verify and Repair transaction

2013-01-10 19:20:01, Info CSI 000001de [sR] Verify complete

2013-01-10 19:20:02, Info CSI 000001df [sR] Verifying 100 (0x0000000000000064) components

2013-01-10 19:20:02, Info CSI 000001e0 [sR] Beginning Verify and Repair transaction

2013-01-10 19:20:07, Info CSI 000001e2 [sR] Cannot repair member file [l:28{14}]"SensorsCpl.dll" of Microsoft-Windows-MobilePC-Sensors-CPL, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2013-01-10 19:20:11, Info CSI 000001e4 [sR] Cannot repair member file [l:28{14}]"SensorsCpl.dll" of Microsoft-Windows-MobilePC-Sensors-CPL, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2013-01-10 19:20:11, Info CSI 000001e5 [sR] This component was referenced by [l:224{112}]"Microsoft-Windows-MobilePC-Client-Sensors-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.MobilePC-Client-Sensors"

2013-01-10 19:20:12, Info CSI 000001e8 [sR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:28{14}]"SensorsCpl.dll"; source file in store is also corrupted

2013-01-10 19:20:14, Info CSI 000001ed [sR] Verify complete

...............

2013-01-10 19:22:16, Info CSI 00000289 [sR] Verifying 100 (0x0000000000000064) components

2013-01-10 19:22:16, Info CSI 0000028a [sR] Beginning Verify and Repair transaction

2013-01-10 19:22:23, Info CSI 0000028e [sR] Verify complete

2013-01-10 19:22:23, Info CSI 0000028f [sR] Verifying 100 (0x0000000000000064) components

2013-01-10 19:22:23, Info CSI 00000290 [sR] Beginning Verify and Repair transaction

2013-01-10 19:22:27, Info CSI 00000292 [sR] Cannot repair member file [l:24{12}]"msvbvm60.dll" of Microsoft-Windows-MSVBVM60, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2013-01-10 19:22:30, Info CSI 000002a7 [sR] Cannot repair member file [l:24{12}]"msvbvm60.dll" of Microsoft-Windows-MSVBVM60, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2013-01-10 19:22:30, Info CSI 000002a8 [sR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"

2013-01-10 19:22:30, Info CSI 000002ab [sR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:24{12}]"msvbvm60.dll"; source file in store is also corrupted

...........................

2013-01-10 19:24:03, Info CSI 000002f5 [sR] Repairing 2 components

2013-01-10 19:24:03, Info CSI 000002f6 [sR] Beginning Verify and Repair transaction

2013-01-10 19:24:03, Info CSI 000002f8 [sR] Cannot repair member file [l:28{14}]"SensorsCpl.dll" of Microsoft-Windows-MobilePC-Sensors-CPL, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2013-01-10 19:24:03, Info CSI 000002fa [sR] Cannot repair member file [l:24{12}]"msvbvm60.dll" of Microsoft-Windows-MSVBVM60, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2013-01-10 19:24:03, Info CSI 000002fc [sR] Cannot repair member file [l:24{12}]"msvbvm60.dll" of Microsoft-Windows-MSVBVM60, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2013-01-10 19:24:03, Info CSI 000002fd [sR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"

2013-01-10 19:24:03, Info CSI 00000300 [sR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:24{12}]"msvbvm60.dll"; source file in store is also corrupted

2013-01-10 19:24:03, Info CSI 00000302 [sR] Cannot repair member file [l:28{14}]"SensorsCpl.dll" of Microsoft-Windows-MobilePC-Sensors-CPL, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2013-01-10 19:24:03, Info CSI 00000303 [sR] This component was referenced by [l:224{112}]"Microsoft-Windows-MobilePC-Client-Sensors-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.MobilePC-Client-Sensors"

2013-01-10 19:24:03, Info CSI 00000306 [sR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:28{14}]"SensorsCpl.dll"; source file in store is also corrupted

2013-01-10 19:24:03, Info CSI 00000308 [sR] Repair complete

2013-01-10 19:24:03, Info CSI 00000309 [sR] Committing transaction

2013-01-10 19:24:03, Info CSI 0000030d [sR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired

2013-01-10 19:40:43, Info CSI 00000009 [sR] Verifying 100 (0x0000000000000064) components

.....................................

2013-01-10 19:48:35, Info CSI 000001db [sR] Verifying 100 (0x0000000000000064) components

2013-01-10 19:48:35, Info CSI 000001dc [sR] Beginning Verify and Repair transaction

2013-01-10 19:48:41, Info CSI 000001de [sR] Verify complete

2013-01-10 19:48:41, Info CSI 000001df [sR] Verifying 100 (0x0000000000000064) components

2013-01-10 19:48:41, Info CSI 000001e0 [sR] Beginning Verify and Repair transaction

2013-01-10 19:48:46, Info CSI 000001e2 [sR] Cannot repair member file [l:28{14}]"SensorsCpl.dll" of Microsoft-Windows-MobilePC-Sensors-CPL, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2013-01-10 19:48:50, Info CSI 000001e4 [sR] Cannot repair member file [l:28{14}]"SensorsCpl.dll" of Microsoft-Windows-MobilePC-Sensors-CPL, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2013-01-10 19:48:50, Info CSI 000001e5 [sR] This component was referenced by [l:224{112}]"Microsoft-Windows-MobilePC-Client-Sensors-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.MobilePC-Client-Sensors"

2013-01-10 19:48:50, Info CSI 000001e8 [sR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:28{14}]"SensorsCpl.dll"; source file in store is also corrupted

2013-01-10 19:48:53, Info CSI 000001ed [sR] Verify complete

................................................

2013-01-10 19:50:52, Info CSI 00000290 [sR] Beginning Verify and Repair transaction

2013-01-10 19:50:55, Info CSI 00000292 [sR] Cannot repair member file [l:24{12}]"msvbvm60.dll" of Microsoft-Windows-MSVBVM60, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2013-01-10 19:50:59, Info CSI 000002a7 [sR] Cannot repair member file [l:24{12}]"msvbvm60.dll" of Microsoft-Windows-MSVBVM60, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2013-01-10 19:50:59, Info CSI 000002a8 [sR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"

2013-01-10 19:50:59, Info CSI 000002ab [sR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:24{12}]"msvbvm60.dll"; source file in store is also corrupted

................................................

2013-01-10 19:52:18, Info CSI 000002f1 [sR] Verifying 29 (0x000000000000001d) components

2013-01-10 19:52:18, Info CSI 000002f2 [sR] Beginning Verify and Repair transaction

2013-01-10 19:52:19, Info CSI 000002f4 [sR] Verify complete

2013-01-10 19:52:19, Info CSI 000002f5 [sR] Repairing 2 components

2013-01-10 19:52:19, Info CSI 000002f6 [sR] Beginning Verify and Repair transaction

2013-01-10 19:52:19, Info CSI 000002f8 [sR] Cannot repair member file [l:28{14}]"SensorsCpl.dll" of Microsoft-Windows-MobilePC-Sensors-CPL, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2013-01-10 19:52:19, Info CSI 000002fa [sR] Cannot repair member file [l:24{12}]"msvbvm60.dll" of Microsoft-Windows-MSVBVM60, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2013-01-10 19:52:19, Info CSI 000002fc [sR] Cannot repair member file [l:24{12}]"msvbvm60.dll" of Microsoft-Windows-MSVBVM60, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2013-01-10 19:52:19, Info CSI 000002fd [sR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"

2013-01-10 19:52:19, Info CSI 00000300 [sR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:24{12}]"msvbvm60.dll"; source file in store is also corrupted

2013-01-10 19:52:19, Info CSI 00000302 [sR] Cannot repair member file [l:28{14}]"SensorsCpl.dll" of Microsoft-Windows-MobilePC-Sensors-CPL, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2013-01-10 19:52:19, Info CSI 00000303 [sR] This component was referenced by [l:224{112}]"Microsoft-Windows-MobilePC-Client-Sensors-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.MobilePC-Client-Sensors"

2013-01-10 19:52:19, Info CSI 00000306 [sR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:28{14}]"SensorsCpl.dll"; source file in store is also corrupted

2013-01-10 19:52:19, Info CSI 00000308 [sR] Repair complete

2013-01-10 19:52:19, Info CSI 00000309 [sR] Committing transaction

2013-01-10 19:52:19, Info CSI 0000030d [sR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired

2013-01-10 20:04:57, Info CSI 00000009 [sR] Verifying 100 (0x0000000000000064) components

2013-01-10 20:04:57, Info CSI 0000000a [sR] Beginning Verify and Repair transaction

....................................

2013-01-10 20:13:41, Info CSI 000001df [sR] Verifying 100 (0x0000000000000064) components

2013-01-10 20:13:41, Info CSI 000001e0 [sR] Beginning Verify and Repair transaction

2013-01-10 20:13:45, Info CSI 000001e2 [sR] Cannot repair member file [l:28{14}]"SensorsCpl.dll" of Microsoft-Windows-MobilePC-Sensors-CPL, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2013-01-10 20:13:49, Info CSI 000001e4 [sR] Cannot repair member file [l:28{14}]"SensorsCpl.dll" of Microsoft-Windows-MobilePC-Sensors-CPL, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2013-01-10 20:13:49, Info CSI 000001e5 [sR] This component was referenced by [l:224{112}]"Microsoft-Windows-MobilePC-Client-Sensors-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.MobilePC-Client-Sensors"

2013-01-10 20:13:49, Info CSI 000001e8 [sR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:28{14}]"SensorsCpl.dll"; source file in store is also corrupted

.........................................

2013-01-10 20:15:45, Info CSI 0000028f [sR] Verifying 100 (0x0000000000000064) components

2013-01-10 20:15:45, Info CSI 00000290 [sR] Beginning Verify and Repair transaction

2013-01-10 20:15:48, Info CSI 00000292 [sR] Cannot repair member file [l:24{12}]"msvbvm60.dll" of Microsoft-Windows-MSVBVM60, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2013-01-10 20:15:51, Info CSI 000002a7 [sR] Cannot repair member file [l:24{12}]"msvbvm60.dll" of Microsoft-Windows-MSVBVM60, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2013-01-10 20:15:51, Info CSI 000002a8 [sR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"

2013-01-10 20:15:51, Info CSI 000002ab [sR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:24{12}]"msvbvm60.dll"; source file in store is also corrupted

..................................................................

2013-01-10 20:17:11, Info CSI 000002f2 [sR] Beginning Verify and Repair transaction

2013-01-10 20:17:12, Info CSI 000002f4 [sR] Verify complete

2013-01-10 20:17:12, Info CSI 000002f5 [sR] Repairing 2 components

2013-01-10 20:17:12, Info CSI 000002f6 [sR] Beginning Verify and Repair transaction

2013-01-10 20:17:12, Info CSI 000002f8 [sR] Cannot repair member file [l:28{14}]"SensorsCpl.dll" of Microsoft-Windows-MobilePC-Sensors-CPL, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2013-01-10 20:17:12, Info CSI 000002fa [sR] Cannot repair member file [l:24{12}]"msvbvm60.dll" of Microsoft-Windows-MSVBVM60, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2013-01-10 20:17:12, Info CSI 000002fc [sR] Cannot repair member file [l:24{12}]"msvbvm60.dll" of Microsoft-Windows-MSVBVM60, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2013-01-10 20:17:12, Info CSI 000002fd [sR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"

2013-01-10 20:17:12, Info CSI 00000300 [sR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:24{12}]"msvbvm60.dll"; source file in store is also corrupted

2013-01-10 20:17:12, Info CSI 00000302 [sR] Cannot repair member file [l:28{14}]"SensorsCpl.dll" of Microsoft-Windows-MobilePC-Sensors-CPL, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2013-01-10 20:17:12, Info CSI 00000303 [sR] This component was referenced by [l:224{112}]"Microsoft-Windows-MobilePC-Client-Sensors-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.MobilePC-Client-Sensors"

2013-01-10 20:17:12, Info CSI 00000306 [sR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\windows\SysWOW64"\[l:28{14}]"SensorsCpl.dll"; source file in store is also corrupted

2013-01-10 20:17:12, Info CSI 00000308 [sR] Repair complete

2013-01-10 20:17:12, Info CSI 00000309 [sR] Committing transaction

2013-01-10 20:17:12, Info CSI 0000030d [sR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired

What are your thoughts? Hope my laptop isn't dying

Just so you know - remember how the scan programs were all hanging - these are the file names they would all stick on! So that means something - doesnt it?

Deb

[Think I am infected - installed but cant run malwarebytes]

I also re-ran the MTV Health Check - and there are the following errors

Product Name : VirusScan - McAfee Total Protection Product Version : 16.1.144

Service 2 service(s) incorrect Expected Service State Incorrect

Expected : running

Existing : stopped

Service : McNaiAnn "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc Expected Service State Incorrect

Expected : running

Existing : stopped

Service : mfecore C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

Product Name : QuickClean and Shredder - McAfee Total Protection Product Version : 12.1.120

Process 1 process(s) incorrect Expected process not running

Expected : running

Existing : not running

C:\Program Files\mcafee\msc\mcapexe.exe Expected process running

C:\Program Files\Common Files\McAfee\Platform\mcsvchost\mcsvhost.exe

Expected process running

C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe

Product Name : SecurityCenter Product Version : 12.1.253

1 service(s) incorrect Expected Service State Incorrect

Expected : running

Existing : stopped

Service : McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe Expected Service Present

Service : McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe Expected Service Startup type Correct

Service : McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

Product Name : AntiSpam - McAfee Total Protection Product Version : 13.1.115

Service 1 service(s) incorrect Expected Service State Incorrect

Expected : running

Existing : stopped

Service : MSK80Service "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc Expected Service Present

Service : MSK80Service "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc Expected Service Startup type Correct

Service : MSK80Service "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc

So I guess there are some services still not running - even though I have done a full uninstall and re-install. Could there be something in this that is impacting the Malware operating correctly?

[Think I am infected - installed but cant run malwarebytes]

Hi Maniac,

this is crazy - there is clearly a prob with the new mcafee system and errors. I still cannot load malwares (and my gut tells me to get this working).

There was a link on a mcafee page to this site http://malwaretips.com/Thread-How-to-completely-remove-ZeroAccess-Sirefef-rootkit-Removal-Guide

Are you aware of this site - do these steps work? I thought I would try them - but I can't even download the first file with mcafee installed = it quarantines the file! Is this a reputable site?

I really want to get Malwares to run - I do think there is something wrong with the laptop. Whether it is just files now corrupt and I need to reinstall?

|Thanks for your pateince and guidance

Deb

[Think I am infected - installed but cant run malwarebytes]

Ok so I have completely deleted all virus stuff.... Rebooted twice (just to be sure) and it still won't run. Is there some thing else I need to do?

[Think I am infected - installed but cant run malwarebytes]

I hadn't heard from you for awhile I logged a call with McAfee, (I have been a loyal customer - so wanted to get this fixed) who have fixed my slowness under the mcafee installation. There is an issue with the new system and IE, so I am now using google chrome, and have re-installed mcafee.

I have used the above two links - one to remove and then disabled mcafee. Malware does the same thing still - that is it looks like it installs, I get the files in the directory and I get the last screen where the 3 options, one being launch Malwares. I then get the thinking icon (spinning?) then the pointer. I see a setup icon on the taskbar - then nothing!

If I purchase the licence is there a gurantee that it will install? Can I run both mcafee and malwares?

Thanks

Deb

[Think I am infected - installed but cant run malwarebytes]

Maniac,

Malware still doesnt run. I have deleted Java 6 and Adobe Reader- I was not going to install anything else until I heard back from you.

Do I need to get a new version of Windows 7 and do a complete re-install?

I am now worried about safety - like internet banking etc.

Deb

[Think I am infected - installed but cant run malwarebytes]

OK - so the systems seems better. It isnt hanging like it was, but IE stills takes about 20 - 30 secs to open and display a page. It was about 10-15 secs. I still cant run Malware - and this does bother me!

I have unistalled nearly every program not used. I uninstalled Malware and re-installed. I just get the setup box sitting at the bottom. I am leaving it for about 10 mins, but I assum it would not take that long to show the box and start the app. Is there something else I should do? I bought this Toshiba about 6 months ago - I dont have a Windows 7 disk. I dont mind re-installing if I have to - but not sure how to (as I dont have any original disks).

A perplexed

Deb

[Think I am infected - installed but cant run malwarebytes]

After all that testin, and the laptop is runniong better, I still cant get Malware to run!!!

I have uninstalled and reinstalled - leaving the launch ticked, and the setup icon just stays at the bottom tray - but nothing opens. If I ctl alt del - it says that setup is running!

Ah, gotta love this

Deb

[Think I am infected - installed but cant run malwarebytes]

Had the one hiccup with the registry optimizer (which was expected). Cleaner ran. I rebooted, IE only took 7 secs to open. Then ran ATF Cleaner, I only it never opened. I get the turning circle near the pointer, but nothing opens. Task Manager shows no application. This us what happened with Malwarebytes! I haven't tried that as you have not asked me to again.

The system restore setting on my laptop was 2%, I changed it to 3

I ran chkdsk, there were 4 bad sectors.

Disk defrag currently running.

Thanks so much for your help. Hopefully it will behave now, and I will regularly run the defrag and reg checks.

Deb

[Think I am infected - installed but cant run malwarebytes]

Running and got

Error optimizing registry hive

HKEY_LOCAL_MACHINE\BCD00000000 !

Continue with the next hive? (I clicked yes)

[Think I am infected - installed but cant run malwarebytes]

Ok, things are better. I tried to reinstall mcafee and it all died again. So there must be some conflicts with my win 7 setup and the mcafee. What anti virus do you recommend in the short term?

[Think I am infected - installed but cant run malwarebytes]

OK, it took awhile but McAfee uninstalled. The laptop seems to back to normal, though still a bit slow. It took about 18 secs to open IE, it should be about 10. But I can navigate to different pages easily, it wasn't doing that.

I can open control panel and Windows Explorer, but this is very slow! It shows the icons as white pages, and then the URL line builds green as it "thinks" about that to display. The white pages slowly show as the icons. That is not normal, it normally just goes to show all the contents. Been on a few minutes, and now ctl alt del is slow to bring up the menu, and no task manager comes after selecting it. Finally got task manager up, performance all over the plce, and only up for 10 mins.

Here are the processes if that helps (not sure it worked)

Are we on the way to recovery? Thank you for your help, hope we get it all better,

Deb

[Think I am infected - installed but cant run malwarebytes]

So frustrating!!! It got to 3 h 40 something and 99% done. I did find one threat something Open Camdy (which doesn't appear too bad). It did freeze a fees times, and seemed to wake up when I clicked back to the download page. Then it is topped, so I clicked to the download page thinking it would go again, only it disappeared and now I have the ie screen not respnding cannot curl alt del, so I have to manually stud own.

Next suggestion?

Deb

[Think I am infected - installed but cant run malwarebytes]

Not sure I'd this is related, but after running that, I rebooted back to safe mode with networking. I was waiting for the next step, then the pc flashed a mcafee warning, the pc is at risk and real time scanning is now turned off. I will turn off the pc and monitor your next step via my iPad. I do note that the shut down is now much quicker, so hopefully this is getting better.

Thanks for your help, a very worried

Deb

[Think I am infected - installed but cant run malwarebytes]

Took awhile to reboot -sorry.\I disabled McAfee (virus and firwall) - but the ComboFix told me they were running. I doubled checked, but it was all red ad turned off. the log is as follows:

ComboFix 13-01-05.01 - Mayes 05/01/2013 8:40.1.4 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6056.5189 [GMT -7:00]

Running from: c:\users\Mayes\Downloads\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Mayes\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe

.

----- File Replicators -----

.

c:\programdata\Adobe\Reader\9.3\ARM\11597\AcrobatUpdater.exe

c:\programdata\Adobe\Reader\9.3\ARM\11597\AdobeARMHelper.exe

c:\programdata\Adobe\Reader\9.3\ARM\11597\ReaderUpdater.exe

c:\programdata\Adobe\Reader\9.3\ARM\12051\AcrobatUpdater.exe

c:\programdata\Adobe\Reader\9.3\ARM\12051\AdobeARMHelper.exe

c:\programdata\Adobe\Reader\9.3\ARM\12051\ReaderUpdater.exe

c:\programdata\Adobe\Reader\9.3\ARM\2450\AcrobatUpdater.exe

c:\programdata\Adobe\Reader\9.3\ARM\2450\AdobeARMHelper.exe

c:\programdata\Adobe\Reader\9.3\ARM\2450\ReaderUpdater.exe

c:\programdata\Adobe\Reader\9.3\ARM\24662\AcrobatUpdater.exe

c:\programdata\Adobe\Reader\9.3\ARM\24662\AdobeARMHelper.exe

c:\programdata\Adobe\Reader\9.3\ARM\24662\ReaderUpdater.exe

c:\programdata\Adobe\Reader\9.3\ARM\25414\AcrobatUpdater.exe

c:\programdata\Adobe\Reader\9.3\ARM\25414\AdobeARMHelper.exe

c:\programdata\Adobe\Reader\9.3\ARM\25414\ReaderUpdater.exe

c:\programdata\Adobe\Reader\9.3\ARM\26049\AcrobatUpdater.exe

c:\programdata\Adobe\Reader\9.3\ARM\26049\AdobeARMHelper.exe

c:\programdata\Adobe\Reader\9.3\ARM\26049\ReaderUpdater.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\11597\AcrobatUpdater.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\11597\AdobeARMHelper.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\11597\ReaderUpdater.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\12051\AcrobatUpdater.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\12051\AdobeARMHelper.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\12051\ReaderUpdater.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\2450\AcrobatUpdater.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\2450\AdobeARMHelper.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\2450\ReaderUpdater.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\24662\AcrobatUpdater.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\24662\AdobeARMHelper.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\24662\ReaderUpdater.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\25414\AcrobatUpdater.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\25414\AdobeARMHelper.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\25414\ReaderUpdater.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\26049\AcrobatUpdater.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\26049\AdobeARMHelper.exe

c:\users\All Users\Adobe\Reader\9.3\ARM\26049\ReaderUpdater.exe

c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\adobearmhelper.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-12-05 to 2013-01-05 )))))))))))))))))))))))))))))))

.

.

2013-01-05 15:46 . 2013-01-05 15:46 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C45AC485-C15C-4BA6-AFF1-75055510B802}\offreg.dll

2013-01-05 15:46 . 2013-01-05 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-05 03:28 . 2013-01-05 03:28 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-01-05 03:28 . 2013-01-05 03:28 150640 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-01-04 23:36 . 2012-11-19 08:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C45AC485-C15C-4BA6-AFF1-75055510B802}\mpengine.dll

2013-01-04 21:00 . 2012-12-14 23:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-04 05:28 . 2013-01-04 05:29 -------- d-----w- c:\users\Mayes\AppData\Local\adawarebp

2013-01-04 03:37 . 2013-01-04 03:38 -------- d-----w- c:\users\Mayes\AppData\Roaming\EurekaLog

2013-01-04 03:24 . 2013-01-04 03:24 -------- d-sh--w- c:\windows\system32\%APPDATA%

2013-01-04 02:35 . 2013-01-04 22:26 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware

2013-01-04 02:30 . 2013-01-04 17:34 -------- d-----w- c:\program files (x86)\stinger

2013-01-04 00:38 . 2013-01-04 03:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-01-04 00:38 . 2009-01-25 19:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe

2013-01-04 00:38 . 2013-01-04 00:38 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2

2013-01-04 00:37 . 2013-01-04 00:37 -------- d-----w- c:\users\Mayes\AppData\Roaming\LavasoftStatistics

2013-01-04 00:37 . 2013-01-04 04:09 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys

2013-01-04 00:36 . 2013-01-04 05:27 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection

2013-01-04 00:36 . 2013-01-04 00:36 -------- d-----w- c:\program files (x86)\Toolbar Cleaner

2013-01-03 21:51 . 2013-01-03 21:52 -------- d-----w- c:\program files (x86)\Hope Malwarebytes' Anti-Malware

2013-01-03 04:27 . 2013-01-03 04:27 -------- d-----w- c:\programdata\Malwarebytes

2013-01-03 04:27 . 2013-01-04 21:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-01-03 04:27 . 2013-01-03 04:27 -------- d-----w- c:\users\Mayes\AppData\Local\Programs

2013-01-03 03:37 . 2012-11-28 22:58 67413224 ----a-w- c:\windows\system32\MRT.exe

2013-01-03 03:30 . 2013-01-03 03:30 -------- d-----w- C:\perflogs

2013-01-02 21:56 . 2013-01-02 21:56 -------- d-----w- c:\users\Mayes\AppData\Local\Amazon

2013-01-02 03:34 . 2013-01-02 03:34 -------- d-----w- c:\users\Mayes\AppData\Roaming\McAfee

2013-01-01 01:47 . 2013-01-01 12:12 460888 ----a-w- c:\windows\system32\drivers\21932562.sys

2012-12-31 22:06 . 2012-08-21 20:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-12-31 22:05 . 2012-12-31 22:06 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-31 22:05 . 2012-12-31 22:06 -------- d-----w- c:\program files\iTunes

2012-12-31 22:05 . 2012-12-31 22:06 -------- d-----w- c:\program files (x86)\iTunes

2012-12-31 22:05 . 2012-12-31 22:05 -------- d-----w- c:\program files\iPod

2012-12-31 22:04 . 2012-12-31 22:04 -------- d-----w- c:\program files\Common Files\Apple

2012-12-31 20:11 . 2012-12-31 22:22 -------- d-----w- c:\programdata\SecTaskMan

2012-12-31 20:11 . 2012-12-31 20:11 -------- d-----w- c:\program files (x86)\Security Task Manager

2012-12-31 14:19 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-31 14:19 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-31 14:19 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-31 14:19 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-12 19:54 . 2012-11-14 05:59 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-12-12 19:53 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-12-12 19:50 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-12-12 19:50 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

2012-12-08 20:14 . 2010-04-14 03:10 66040 ----a-w- c:\windows\system32\drivers\MOBK.sys

2012-12-08 20:14 . 2012-05-28 17:28 197264 ----a-w- c:\windows\system32\drivers\HipShieldK.sys

2012-12-08 20:14 . 2012-12-08 20:14 -------- d-----w- c:\users\Mayes\AppData\Local\McAfee File Lock

2012-12-08 20:14 . 2012-10-19 16:51 74120 ----a-w- c:\windows\system32\drivers\McPvDrv.sys

2012-12-08 20:13 . 2012-12-08 20:13 -------- d-----w- c:\program files (x86)\Common Files\McAfee

2012-12-08 20:13 . 2012-11-09 13:37 177680 ----a-w- c:\windows\system32\mfevtps.exe

2012-12-08 20:13 . 2012-12-31 14:33 -------- d-----w- c:\program files\McAfee

2012-12-08 20:13 . 2013-01-02 03:33 -------- d-----w- c:\program files (x86)\McAfee

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-11 21:06 . 2012-06-22 23:54 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-11 21:06 . 2012-06-22 23:54 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-09 13:40 . 2012-10-29 15:30 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys

2012-11-09 13:37 . 2012-10-29 15:27 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2012-11-09 13:35 . 2012-10-29 15:25 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-11-09 13:34 . 2012-10-29 15:24 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2012-11-09 13:34 . 2012-10-29 15:23 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-11-09 13:33 . 2012-10-29 15:23 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-11-02 08:46 . 2012-11-02 08:46 97208 ----a-w- c:\windows\system32\drivers\mfencrk.sys

2012-11-02 08:46 . 2012-11-02 08:46 328976 ----a-w- c:\windows\system32\drivers\mfencbdc.sys

2012-11-02 08:46 . 2012-11-02 08:46 10544 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys

2012-10-20 19:25 . 2012-08-27 00:01 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-10-20 19:25 . 2011-02-18 08:19 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-16 08:38 . 2012-11-28 13:57 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 13:57 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 13:57 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 18:17 . 2012-11-15 14:05 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-15 14:05 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-15 14:05 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-15 14:05 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-08 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]

"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-12-11 542104]

"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]

"emsisoft anti-malware"="c:\program files (x86)\Emsisoft Anti-Malware\a2guard.exe" [2012-10-18 3364264]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Z1"="c:\users\Mayes\Downloads\mbar-1.01.0.1011\mbar\mbar.exe" [2012-12-04 1342312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

@=""

.

R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]

R1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 66040]

R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-12-13 3084688]

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-29 249200]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

R2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-10 162824]

R2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-12-04 103472]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]

R2 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2012-10-19 74120]

R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [2012-10-06 1007288]

R2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-07-26 92632]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-12-08 267192]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-05-01 66320]

R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-05-28 197264]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-01-05 36680]

R3 mbamswissarmy;mbamswissarmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-01-05 150640]

R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [2012-11-02 328976]

R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [2012-11-02 97208]

R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-21 822704]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-17 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 21932562;21932562;c:\windows\system32\DRIVERS\21932562.sys [2013-01-01 460888]

S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-01-04 14456]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]

S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]

S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-14 413800]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-11-03 1103464]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 21:06]

.

2013-01-04 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job

- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-01-04 21:08]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-15 23:44]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-15 23:44]

.

2013-01-04 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-01-04 21:07]

.

2013-01-04 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job

- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-01-04 21:07]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]

@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"

[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]

2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]

@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"

[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]

2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]

@="{b4caf489-1eec-c617-49ad-8d7088598c06}"

[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]

2010-04-14 03:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-13 11775592]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-10 2186856]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://go.bigpond.com/home/index.jsp

uLocal Page = c:\windows\system32\blank.htm

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files (x86)\TurboTax 2011\ic2011pp.dll

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-WeatherEye - c:\users\Mayes\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe

Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Notify-SDWinLogon - SDWinLogon.dll

Toolbar-Locked - (no file)

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

AddRemove-The Weather Network - c:\users\Mayes\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-05 08:48:34

ComboFix-quarantined-files.txt 2013-01-05 15:48

.

Pre-Run: 482,851,115,008 bytes free

Post-Run: 482,219,859,968 bytes free

.

- - End Of File - - C8353CE314639D6C283F30A7301FAA9C

thanks Deb

[Think I am infected - installed but cant run malwarebytes]

Oh no - finally got a response back and the CPU usage is all over the place!! Huge up and downs. Yet I can't do anything. The memory is showing a solid 2.32 Gig and now Task Manager is not responding. Do I reboot?

Deb

[Think I am infected - installed but cant run malwarebytes]

Hi maniac,

I left it running over night. Woke up to see it still sitting on C:\ windows\syswow64\com\comempty.dat. I tried ctl + alt +del to open task mgr to check processes, it was very slow to go to the windows, and again slow to,open task manager. When I look at performance, the CPU was not running, until I opened task manager. There is nothing to see on the graphs. I see mbam.exe is at 113k ink the memory, I tried to use the snipping tool to get the processes for you - it just froze.

Any ideas?

Deb

[Think I am infected - installed but cant run malwarebytes]

Hi maniac,

I am not able to run in normal windows!! I can do Drivers and Sectors as separate runs, and they are clean. But when I do Ysytem, it just seems to freeze. And I can't do anything, if I try to open explorer, it gets a green build bar along the top and does not open. Even ctl+alt+del don't work! I have to manually power down. I am now truing to run the System scan again in safe mode - just to see if it will rok. I really don't know what to do!

Deb

[Think I am infected - installed but cant run malwarebytes]

Maniac,

The system crashed. Got a blue screen with dos text, but by the time I got a pen it was rebooting. I am informal mode, turned off Internet and am trying to run again. I note there a bit of a delay between clicking run as admin and the actual program opening.

[Think I am infected - installed but cant run malwarebytes]

Maniac,

How can I tell if the scan is hung? Is has seat on scanning C:\windows\system32\hpzisn12.dll for over 10 mins.

Deb