Jump to content


Photo
- - - - -

My computer is infected - Request assistance


  • This topic is locked This topic is locked
34 replies to this topic

#1 davywonder

davywonder

    New Member

  • Members
  • Pip
  • 17 posts

Posted 02 August 2012 - 04:54 PM

Hi there! My computer has recently become infected. It runs slowly, my McAfee keeps being turned off, and many programs will not run at all. I have downloaded malware bytes, and it fixed up my wife's computer nicely. However, it will not run on mine, and neither will Chameleon. I have tried all 12 of the chameleon files a couple of times, many of them run all the way through and say they're done, but Malware Bytes never does run. The process starts, but the application does not open, and then the process disappears. I would really appreciate some help. :)

Here are my logs:
Attached File  Attach.txt   16.2KB   15 downloads
Attached File  DDS.txt   23.33KB   10 downloads

Thanks!
-David


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by DTC at 16:41:46 on 2012-08-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4056.2847 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\DTC\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Users\DTC\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\DTC\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120623154549.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [googletalk] C:\Users\DTC\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [Google Update] "C:\Users\DTC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [<NO NAME>]
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\DTC\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\DTC\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{691E400C-9E56-4E19-B1E7-DEDF2AC8D073} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{691E400C-9E56-4E19-B1E7-DEDF2AC8D073}\3456E64727F6756494 : DhcpNameServer = 10.0.0.2 192.168.2.1
TCP: Interfaces\{691E400C-9E56-4E19-B1E7-DEDF2AC8D073}\36F627D61636B636C616E6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{691E400C-9E56-4E19-B1E7-DEDF2AC8D073}\45865602D4F6F6275637 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{691E400C-9E56-4E19-B1E7-DEDF2AC8D073}\C4559435D4F42514E4F5E4564777F627B6 : DhcpNameServer = 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120623154549.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [(Default)]
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\DTC\AppData\Roaming\Mozilla\Firefox\Profiles\s5snzdbr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.lds.org
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\npmusicn.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\NPSibelius.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\DTC\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-11 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-11 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-11 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-7 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-7 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-7 162192]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 vdmp_vm;VidyoDesktop Media Player Microphone;C:\Windows\system32\drivers\vdmpvm.sys --> C:\Windows\system32\drivers\vdmpvm.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-11 249936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 250056]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-2-27 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-2-27 79360]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-2-27 79360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-26 16:42:57 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-26 16:42:55 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-26 16:42:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-26 02:31:59 -------- d-----w- C:\Users\DTC\AppData\Roaming\McAfee
2012-07-18 19:31:35 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-07-18 19:31:33 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-07-18 19:31:33 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-07-18 19:31:32 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-07-18 19:31:31 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-07-12 04:46:58 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 14:35:39 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 14:34:36 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-11 14:34:36 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 14:34:35 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-07-11 14:34:35 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-07-11 14:34:35 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-07-11 14:34:34 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
2012-07-11 14:34:34 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-07-11 14:34:34 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 14:34:32 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 14:34:31 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 14:34:31 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 14:34:30 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 14:34:29 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-07-06 23:30:24 -------- d-----r- C:\Users\DTC\Dropbox
2012-07-06 23:28:24 -------- d-----w- C:\Users\DTC\AppData\Roaming\Dropbox
2012-07-04 21:30:39 -------- d-----w- C:\Users\DTC\.FamilySearchIndexing
2012-07-04 21:29:59 -------- d-----w- C:\Program Files (x86)\FamilySearch Indexing
.
==================== Find3M ====================
.
2012-07-12 03:05:21 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 03:05:21 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-01 15:19:18 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-07-01 15:19:18 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 16:43:54.79 ===============


#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 03 August 2012 - 06:01 AM

Hello David and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)


Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


In your next reply, post the following log files:

  • exeHelper log
  • Malwarebytes' Anti-Malware log
  • aswMBR log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 davywonder

davywonder

    New Member

  • Members
  • Pip
  • 17 posts

Posted 03 August 2012 - 09:29 AM

Hi there Maniac,

So I ran the exehelper, it took about 10 seconds but Malware Bytes still wouldn't run. Here is the log:

exeHelper by Raktor
Build 20100414
Run at 08:33:27 on 08/03/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

I then tried Chameleon, but the process was interrupted by a power outage that turned my computer off. About 15 minutes after I had already run exehelper and tried MalwareBytes unsuccessfully my McAfee popped up saying that it had detected a trojan from exehelper.exe and quarantined it. The trojan it listed was Artemis!BCA8A954D376

I rebooted my computer, turned off McAfee's real-time scanning and ran exehelper and MalwareBytes again with the same results, exehelper runs quick and MalwareBytes won't run.

Now what?

#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 04 August 2012 - 07:44 AM

Proceed with step 3.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 davywonder

davywonder

    New Member

  • Members
  • Pip
  • 17 posts

Posted 04 August 2012 - 12:16 PM

Okay, so I am currently running aswMBR for the third time. Both of the other times my computer has completely frozen while it was scanning. It's running now, and I will record the entries it has now in case it freezes again and I can't get a log:

(This is after all of the Disk 0 information)
Service Scanning
ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004570060]
3 CLASSPNP.SYS[ffff88001a5143f] -> nt!IofCallDriver ->...
...

And then I got a blue screen of death. Sorry.. I couldn't type the other couple of lines in time. My computer just rebooted itself.
Let's try this again...


Service Scanning
ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004570060]
3 CLASSPNP.SYS[ffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDe...
AVAST engine scan C:\Windows
AVAST engine scan C:\Windows\System32
Scanning: C:\Windows\system32\MSDvbNP.ax er-events.dll

And now it looks like it has frozen again. I will wait it out, but I'm pretty sure it's done for. The other times it did this I waited 20 minutes to see if it would keep running and nothing ever happened.

I hope this is helpful. I really appreciate your advice. I hope this works out soon, because this is really frustrating.
Thanks again!

#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 04 August 2012 - 04:26 PM

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#7 davywonder

davywonder

    New Member

  • Members
  • Pip
  • 17 posts

Posted 04 August 2012 - 10:56 PM

Combofix worked fine. Here's the log:

ComboFix 12-08-05.02 - DTC 04/08/2012 22:08:50.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4056.2806 [GMT -5:00]
Running from: c:\users\DTC\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 03:27 . 2012-08-05 03:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-03 13:40 . 2012-08-03 13:40 36168 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-07-26 16:42 . 2012-07-26 16:42 -------- d-----w- c:\programdata\Malwarebytes
2012-07-26 16:42 . 2012-07-26 16:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-26 16:42 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-26 02:31 . 2012-07-26 02:31 -------- d-----w- c:\users\DTC\AppData\Roaming\McAfee
2012-07-18 19:31 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-07-18 19:31 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-18 19:31 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-18 19:31 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-07-18 19:31 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-07-12 04:46 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 14:35 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 14:34 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 14:34 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 14:34 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 14:34 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 14:34 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-11 14:34 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 14:34 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 14:34 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 14:34 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 14:34 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 14:34 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 14:34 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 14:34 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-06 23:30 . 2012-08-05 02:59 -------- d-----r- c:\users\DTC\Dropbox
2012-07-06 23:28 . 2012-08-05 02:59 -------- d-----w- c:\users\DTC\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 16:05 . 2012-04-05 01:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-04 16:05 . 2011-08-08 02:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 04:43 . 2010-03-13 05:50 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-01 15:19 . 2012-07-01 15:19 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-01 15:19 . 2010-04-23 15:24 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-19 12:37 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 12:38 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 12:38 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 12:38 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 12:37 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 12:38 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 12:37 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-19 12:37 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-19 12:37 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"googletalk"="c:\users\DTC\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\DTC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\DTC\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-13 27595032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-03-10 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-27 79360]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-08-03 36168]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-02-27 79360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-16 1255736]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
S3 vdmp_vm;VidyoDesktop Media Player Microphone;c:\windows\system32\drivers\vdmpvm.sys [2010-07-30 28744]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 16:05]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2343204259-1990992844-924113905-1000Core.job
- c:\users\DTC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-10 19:06]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2343204259-1990992844-924113905-1000UA.job
- c:\users\DTC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-10 19:06]
.
2012-07-26 c:\windows\Tasks\vtscheduletask.job
- c:\program files (x86)\McAfee\Supportability\MVT\MvtApp.exe [2012-07-26 02:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\DTC\AppData\Roaming\Mozilla\Firefox\Profiles\s5snzdbr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.lds.org
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-08-04 22:52:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-05 03:52
.
Pre-Run: 190,402,306,048 bytes free
Post-Run: 190,662,135,808 bytes free
.
- - End Of File - - EEEE5963372DEA36BBC197EB9FC195B5


I'm glad it worked :)

#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 05 August 2012 - 05:41 AM

Me too. :)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#9 davywonder

davywonder

    New Member

  • Members
  • Pip
  • 17 posts

Posted 05 August 2012 - 11:07 AM

ComboFix 12-08-05.02 - DTC 05/08/2012 10:11:39.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4056.2916 [GMT -5:00]
Running from: c:\users\DTC\Desktop\ComboFix.exe
Command switches used :: c:\users\DTC\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 15:42 . 2012-08-05 15:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-03 13:40 . 2012-08-03 13:40 36168 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-07-26 16:42 . 2012-07-26 16:42 -------- d-----w- c:\programdata\Malwarebytes
2012-07-26 16:42 . 2012-07-26 16:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-26 16:42 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-26 02:31 . 2012-07-26 02:31 -------- d-----w- c:\users\DTC\AppData\Roaming\McAfee
2012-07-18 19:31 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-07-18 19:31 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-18 19:31 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-18 19:31 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-07-18 19:31 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-07-12 04:46 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 14:35 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 14:34 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 14:34 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 14:34 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 14:34 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 14:34 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-11 14:34 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 14:34 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 14:34 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 14:34 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 14:34 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 14:34 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 14:34 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 14:34 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-06 23:30 . 2012-08-05 04:56 -------- d-----r- c:\users\DTC\Dropbox
2012-07-06 23:28 . 2012-08-05 15:06 -------- d-----w- c:\users\DTC\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 16:05 . 2012-04-05 01:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-04 16:05 . 2011-08-08 02:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 04:43 . 2010-03-13 05:50 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-01 15:19 . 2012-07-01 15:19 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-01 15:19 . 2010-04-23 15:24 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-19 12:37 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 12:38 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 12:38 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 12:38 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 12:37 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 12:38 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 12:37 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-19 12:37 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-19 12:37 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-05_03.33.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-27 09:24 . 2012-08-05 15:45 66352 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-05 15:45 45090 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-10 21:48 . 2012-08-05 15:45 24388 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2343204259-1990992844-924113905-1000_UserData.bin
+ 2010-03-10 17:10 . 2012-08-05 15:37 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-10 17:10 . 2012-08-05 03:29 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-10 17:10 . 2012-08-05 15:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-10 17:10 . 2012-08-05 03:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-05 15:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-05 03:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-16 14:26 . 2012-08-05 04:55 4416 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-08-05 03:28 . 2012-08-05 03:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-05 15:43 . 2012-08-05 15:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-05 15:43 . 2012-08-05 15:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-05 03:28 . 2012-08-05 03:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-08-05 03:28 294720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-05 15:43 294720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-02-26 06:10 . 2012-08-05 03:28 1473514 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2343204259-1990992844-924113905-1000-8192.dat
+ 2011-02-26 06:10 . 2012-08-05 15:43 1473514 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2343204259-1990992844-924113905-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"googletalk"="c:\users\DTC\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\DTC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\DTC\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-13 27595032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-03-10 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-27 79360]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-08-03 36168]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-02-27 79360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-16 1255736]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
S3 vdmp_vm;VidyoDesktop Media Player Microphone;c:\windows\system32\drivers\vdmpvm.sys [2010-07-30 28744]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 16:05]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2343204259-1990992844-924113905-1000Core.job
- c:\users\DTC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-10 19:06]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2343204259-1990992844-924113905-1000UA.job
- c:\users\DTC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-10 19:06]
.
2012-07-26 c:\windows\Tasks\vtscheduletask.job
- c:\program files (x86)\McAfee\Supportability\MVT\MvtApp.exe [2012-07-26 02:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\DTC\AppData\Roaming\Mozilla\Firefox\Profiles\s5snzdbr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.lds.org
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-08-05 11:02:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-05 16:02
ComboFix2.txt 2012-08-05 03:52
.
Pre-Run: 190,740,172,800 bytes free
Post-Run: 190,661,804,032 bytes free
.
- - End Of File - - 721D181BFA7729A1B1E128AA0613E45A

#10 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 05 August 2012 - 03:19 PM

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


Step 2

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#11 davywonder

davywonder

    New Member

  • Members
  • Pip
  • 17 posts

Posted 06 August 2012 - 03:18 PM

MalwareBytes still won't run, but here is the log from ESET:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=57cf3982b436244c99139c34f12e7c22
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-06 08:11:48
# local_time=2012-08-06 03:11:48 (-0600, Central Daylight Time)
# country="Canada"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 4310617 8546167 0 0
# compatibility_mode=5893 16776574 66 85 36607235 95810921 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=167307
# found=1
# cleaned=1
# scan_time=16437
C:\Users\DTC\Downloads\musicnotesSuite.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#12 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 07 August 2012 - 05:01 AM

Try to run it on this way:
http://forums.malwar...02

Next, post the log.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#13 davywonder

davywonder

    New Member

  • Members
  • Pip
  • 17 posts

Posted 08 August 2012 - 10:38 AM

MalwareBytes sill isn't running. I used chameleon without any luck. The chameleon files run fine, and they say they've completed each step, but MB never opens. I tried using Rkill, and the random exe as well. Niether helped. The random exe brought up an error saying it's not a real Win32 application. Here is the log from Rkill:

Rkill 2.0.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 08/08/2012 10:12:48 AM in x64 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Users\DTC\AppData\Roaming\Google\Google Talk\googletalk.exe (PID: 3596) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@" was reset to comfile!


Performing miscellaneous checks.

* No issues found.

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/08/2012 10:13:22 AM
Execution time: 0 hours(s), 0 minute(s), and 33 seconds(s)

#14 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 09 August 2012 - 07:16 AM

Please do the following:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#15 davywonder

davywonder

    New Member

  • Members
  • Pip
  • 17 posts

Posted 09 August 2012 - 02:00 PM

It's still the same. It installs fine, but won't open.

#16 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 10 August 2012 - 08:01 AM

Please try to run it in Safe mode:
http://windows.micro...er-in-safe-mode
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#17 davywonder

davywonder

    New Member

  • Members
  • Pip
  • 17 posts

Posted 13 August 2012 - 02:27 PM

I've tried Safe Mode several times. I am in safe mode now and it still won't run.

#18 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 14 August 2012 - 05:28 AM

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#19 davywonder

davywonder

    New Member

  • Members
  • Pip
  • 17 posts

Posted 14 August 2012 - 10:17 AM

OTL logfile created on: 8/14/2012 9:11:39 AM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\DTC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.96 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.81% Memory free
7.92 Gb Paging File | 6.40 Gb Available in Paging File | 80.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 177.93 Gb Free Space | 62.78% Space Free | Partition Type: NTFS

Computer Name: DTC-PC | User Name: DTC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 09:00:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\DTC\Desktop\OTL.exe
PRC - [2012/06/13 21:08:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\DTC\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/06/24 17:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 11:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/23 12:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\DTC\AppData\Roaming\Google\Google Talk\googletalk.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/19 08:22:48 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2009/07/16 20:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/28 23:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/09 11:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/08/06 01:06:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/19 09:19:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/10 16:38:05 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/02/27 04:23:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/02/27 04:22:57 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2010/02/27 04:07:52 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/28 23:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2009/02/23 12:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 15:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/06/15 09:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/30 16:38:56 | 000,028,744 | ---- | M] (Vidyo, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vdmpvm.sys -- (vdmp_vm)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/16 20:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 20:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/28 23:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 22:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 03:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/02/05 06:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {73F80270-5CCB-40CE-BBFF-2426D947B544}
IE:64bit: - HKLM\..\SearchScopes\{73F80270-5CCB-40CE-BBFF-2426D947B544}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {50F13F54-A1DE-4AB6-8696-627BAEA85B5C}
IE - HKLM\..\SearchScopes\{50F13F54-A1DE-4AB6-8696-627BAEA85B5C}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\..\SearchScopes,DefaultScope = {805A205A-B33F-41D8-84CC-5EF924D2AFA5}
IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searc}
IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\..\SearchScopes\{805A205A-B33F-41D8-84CC-5EF924D2AFA5}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\..\SearchScopes\{8D2399EF-F733-4584-A823-8A7764C0AA91}: "URL" = http://ca.search.yah...p={SearchTerms}
IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.lds.org"
FF - prefs.js..extensions.enabledItems: en-CA@dictionaries.addons.mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: fr-classique-reforme1990@dictionaries.addons.mozilla.org:4.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}:5.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: foxfilter@inspiredeffect.net:7.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://ca.search.yah...h?fr=mcafee&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DTC\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DTC\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/07 23:37:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/07/18 09:55:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/24 10:55:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 09:19:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/19 17:18:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/07 23:37:50 | 000,000,000 | ---D | M]

[2010/03/13 00:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DTC\AppData\Roaming\Mozilla\Extensions
[2012/08/03 09:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DTC\AppData\Roaming\Mozilla\Firefox\Profiles\s5snzdbr.default\extensions
[2012/08/03 09:27:02 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:\Users\DTC\AppData\Roaming\Mozilla\Firefox\Profiles\s5snzdbr.default\extensions\en-CA@dictionaries.addons.mozilla.org
[2011/10/10 23:22:21 | 000,000,000 | ---D | M] (Dictionnaire français «Classique &amp;amp; Réforme 1990») -- C:\Users\DTC\AppData\Roaming\Mozilla\Firefox\Profiles\s5snzdbr.default\extensions\fr-classique-reforme1990@dictionaries.addons.mozilla.org
[2010/12/16 17:12:51 | 000,012,703 | ---- | M] () -- C:\Users\DTC\AppData\Roaming\Mozilla\Firefox\Profiles\s5snzdbr.default\searchplugins\imdb.xml
[2010/12/16 17:59:15 | 000,002,057 | ---- | M] () -- C:\Users\DTC\AppData\Roaming\Mozilla\Firefox\Profiles\s5snzdbr.default\searchplugins\youtube-video-search.xml
[2012/07/01 10:19:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/30 07:55:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/01 10:19:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/07/18 09:55:15 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2012/08/03 09:27:02 | 000,282,478 | ---- | M] () (No name found) -- C:\USERS\DTC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5SNZDBR.DEFAULT\EXTENSIONS\AZHANG@CLOUDACL.COM.XPI
[2012/05/05 18:50:01 | 000,036,918 | ---- | M] () (No name found) -- C:\USERS\DTC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5SNZDBR.DEFAULT\EXTENSIONS\MOVIERATING@RONAKPATEL.NET.XPI
[2012/07/19 09:19:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/03 12:45:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/12/23 10:10:20 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/11/08 19:13:43 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\DTC\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DTC\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DTC\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files (x86)\Musicnotes\npmusicn.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files (x86)\Musicnotes\npsibelius.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\DTC\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: MetaSurf = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpfbddcgbimoafpgmbbjiliegkfcjkmn\0.5.8_0\
CHR - Extension: SiteAdvisor = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0\
CHR - Extension: Skype Click to Call = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: Gmail = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/05 10:44:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120623154549.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120623154549.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-2343204259-1990992844-924113905-1000..\Run: [googletalk] C:\Users\DTC\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\DTC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\DTC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{691E400C-9E56-4E19-B1E7-DEDF2AC8D073}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 09:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/08/14 09:00:31 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\DTC\Desktop\OTL.exe
[2012/08/09 08:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/09 08:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/09 08:07:21 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/09 08:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/06 10:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/08/05 23:48:11 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\DTC\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/05 11:14:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/05 11:02:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/04 22:02:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/04 22:02:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/04 22:02:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/04 22:02:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/04 22:02:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/04 22:02:00 | 004,725,168 | R--- | C] (Swearware) -- C:\Users\DTC\Desktop\ComboFix.exe
[2012/08/03 08:33:02 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\DTC\Desktop\aswMBR.exe
[2012/08/02 16:41:42 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\DTC\Desktop\dds.com
[2012/07/25 21:31:59 | 000,000,000 | ---D | C] -- C:\Users\DTC\AppData\Roaming\McAfee

========== Files - Modified Within 30 Days ==========

[2012/08/14 09:42:49 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2343204259-1990992844-924113905-1000UA.job
[2012/08/14 09:15:37 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 09:15:37 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 09:07:36 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/14 09:00:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\DTC\Desktop\OTL.exe
[2012/08/14 08:58:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/14 08:58:27 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/11 21:34:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2343204259-1990992844-924113905-1000Core.job
[2012/08/09 08:07:23 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/08 10:58:30 | 405,195,659 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/08 10:18:18 | 000,000,055 | ---- | M] () -- C:\Users\DTC\AppData\Roaming\mbam.context.scan
[2012/08/06 10:33:16 | 000,000,134 | ---- | M] () -- C:\Users\DTC\Desktop\Internet Explorer Troubleshooting.url
[2012/08/05 10:44:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/04 21:55:20 | 004,725,168 | R--- | M] (Swearware) -- C:\Users\DTC\Desktop\ComboFix.exe
[2012/08/03 08:29:46 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\DTC\Desktop\aswMBR.exe
[2012/08/02 16:31:50 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\DTC\Desktop\dds.com
[2012/07/26 11:25:48 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\DTC\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/25 21:35:07 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\vtscheduletask.job
[2012/07/25 21:31:59 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk
[2012/07/19 09:19:35 | 000,002,046 | -H-- | M] () -- C:\Users\DTC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2012/08/09 08:07:23 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/06 00:51:16 | 000,000,134 | ---- | C] () -- C:\Users\DTC\Desktop\Internet Explorer Troubleshooting.url
[2012/08/04 22:02:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/04 22:02:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/04 22:02:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/04 22:02:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/04 22:02:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/04 12:05:02 | 405,195,659 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/28 00:18:16 | 000,000,055 | ---- | C] () -- C:\Users\DTC\AppData\Roaming\mbam.context.scan
[2012/07/25 21:31:59 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk
[2012/07/25 21:31:58 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\vtscheduletask.job
[2012/07/25 21:31:11 | 000,002,124 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/05/07 23:32:22 | 000,171,985 | ---- | C] () -- C:\Windows\hpoins37.dat
[2010/06/25 21:32:39 | 000,003,584 | ---- | C] () -- C:\Users\DTC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/13 01:20:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== LOP Check ==========

[2012/08/14 08:59:24 | 000,000,000 | ---D | M] -- C:\Users\DTC\AppData\Roaming\Dropbox
[2010/03/13 22:52:54 | 000,000,000 | ---D | M] -- C:\Users\DTC\AppData\Roaming\iWin
[2011/03/13 19:08:16 | 000,000,000 | ---D | M] -- C:\Users\DTC\AppData\Roaming\PCDr
[2010/03/10 15:32:00 | 000,000,000 | ---D | M] -- C:\Users\DTC\AppData\Roaming\PlayFirst
[2012/04/24 14:59:26 | 000,000,000 | ---D | M] -- C:\Users\DTC\AppData\Roaming\SSH
[2012/03/04 11:39:02 | 000,000,000 | ---D | M] -- C:\Users\DTC\AppData\Roaming\Vidyo
[2010/04/20 11:41:45 | 000,000,000 | ---D | M] -- C:\Users\DTC\AppData\Roaming\Worksimaging
[2012/07/10 07:03:23 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/25 21:35:07 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\vtscheduletask.job

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 8/14/2012 9:11:39 AM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\DTC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.96 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.81% Memory free
7.92 Gb Paging File | 6.40 Gb Available in Paging File | 80.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 177.93 Gb Free Space | 62.78% Space Free | Partition Type: NTFS

Computer Name: DTC-PC | User Name: DTC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2343204259-1990992844-924113905-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{028B1558-C69B-4053-88E5-DE60C18489EB}" = rport=139 | protocol=6 | dir=out | app=system |
"{08C0348D-E6D6-43B7-8C78-03499FDF3018}" = lport=138 | protocol=17 | dir=in | app=system |
"{18ED430D-171B-4401-A13F-1D780E95DFFE}" = rport=138 | protocol=17 | dir=out | app=system |
"{3EAB9D70-523B-460F-81A3-D56DF48BD6E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A9034D6-8C32-478C-B202-B4E6F4F52DAD}" = lport=445 | protocol=6 | dir=in | app=system |
"{4F347F90-7380-4F7C-827F-8F788C3B4322}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{721F379D-7BF3-47E9-96BE-7B0EE0E62D38}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{750E12E4-5E15-492B-9421-9F515D952455}" = lport=139 | protocol=6 | dir=in | app=system |
"{904B024D-0381-44F4-BB03-2A8F0A081D8C}" = lport=137 | protocol=17 | dir=in | app=system |
"{905DA224-D826-4D2F-AD1C-78CBBFB2F0F4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{965C7D58-A6EA-4F9B-9295-4E423E747A98}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC54377C-96EE-43BB-A1E5-D94D3CA6729D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B4494734-D26C-41B5-A8AB-73559F5BAB46}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B73DD011-4CA4-4D35-BD49-ED40D58AA8FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CABEB738-1C45-4F1E-8870-A64FEDBED3E3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CD057E92-A0A8-4CB2-B950-E93380642239}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2BCAAD9-DDA6-4AFF-9110-647437BC479B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D40F0462-0DE7-40B7-9FF9-95CB8383A0B0}" = rport=445 | protocol=6 | dir=out | app=system |
"{D6F3BD1F-407C-443D-B6AE-F903F8F9CA18}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF80F5B1-89D6-4B74-9764-4D2BBB87C1DB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F41BBAA0-E96C-4F91-B426-D720E6687634}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06BE04D4-1082-4326-B77F-A855A3156B02}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2556AE2D-EB26-4589-93EC-2525A4333BC8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{261068F6-53D8-45D1-A1E8-569C3957B85D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2BD8E8DF-D01A-4979-899C-9BE7DE48F5F8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{355C1828-E920-4822-8B31-499C19136970}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{42512C7C-1428-462A-A57D-94BB759795BC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{44CB450B-E1DF-45E8-BB32-C7753B722AFE}" = protocol=17 | dir=in | app=c:\users\dtc\appdata\roaming\dropbox\bin\dropbox.exe |
"{45F9FEAC-4024-45B9-B0D0-D8F52F74E19C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{48E77EC1-219F-4ACD-B2CA-017A5C99DE65}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{4997FA90-4CE8-4602-A3F1-0530B8B9CCAD}" = protocol=6 | dir=out | app=system |
"{4BDE97F3-38E1-44D3-945F-DA614E1CEBFF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{4C79C297-D994-4C51-B2FA-BA5115A1E4A3}" = protocol=6 | dir=in | app=c:\users\dtc\appdata\roaming\dropbox\bin\dropbox.exe |
"{5B1BE4CC-63D0-4D78-90F0-4139F78EA624}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F189FE9-8331-414E-B8BC-1F5DCF3E2A97}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{6686C6B8-8DA0-4E9F-8A5E-BE78F2AC4A0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69113634-7214-441E-904F-A05802A09B83}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{74FDCC89-05D3-47A7-BCDE-D0E75F4F3AFE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{83142290-8BC6-49A0-A27E-D100D51ADBCB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{95DC3FD9-612F-4163-A136-671952D2E7E6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9E45C867-8493-4ADB-A0EA-77F028A295D7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{A8C437DC-C9DF-4EE8-9AAB-6A9299905AEF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A95FEFFE-A089-4EE4-B31C-BB837202DC02}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ABCE95B6-C4BA-4693-B824-434EE1C2DB5F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{AC470F5F-A11F-4440-A4EE-1C270819D739}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{AFB13461-94AC-4BDA-8A05-7E5997F55FC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B0E47C7D-EB56-4036-AB4E-81B9FEFEBB40}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{B1CDA942-2806-41F3-A262-E95311532F39}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{B44B495C-17C2-4373-A026-906418511AA1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B7833016-8D82-444B-8580-30AD0AB297AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B96612DA-E5F0-4A69-99A4-08ABE3EA20BA}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{B9E3CA6D-50AF-4B72-B1B3-C2A3403FC6DF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{BA3E3DFF-3FE0-43C3-AD38-9B7033F7A65A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BCCE2459-443E-4E5D-B07D-ECDA9244B6D9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{BFCBF412-633D-4F59-9E80-476D1A0B659D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{BFCCED1B-1692-4FF1-92B1-181331762ADF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D504CA47-D27C-4386-869C-07790A4D928D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D5AF30C7-179B-4940-8733-5B86E1956268}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E034A40B-1B5E-485B-AD80-C9A530E0770A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E424020B-4FD8-4036-9385-A13ADDB0FE40}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{E54D5F96-D8C4-48EE-B093-7E212D3A9B50}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{E9F384FF-03DF-48F8-814A-0AF9CAC8FA1C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EA742E88-27DA-473A-B9B5-D2041FCBA0D2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{F0F460FE-E68B-4ECA-B2E8-163409F61274}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F3A7F2B9-DC71-4E72-825B-09897B1D219A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{F5FFBB5C-2BCF-43E1-892C-1E7A699C6807}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F696CBCF-E0B7-4C5A-AC58-B37CDA2381F6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F9397C98-A7D7-4587-9EC4-6D49FCE7CBFC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FA95DEBA-8785-4D7D-BD0B-6BFDCC2C7ACB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FE3AE35F-407B-4FFE-933A-FB75ECDF2A59}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FF8FBE79-AB34-46ED-830A-E0BA9FA0447D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A800FCC9-8E1E-4D84-9CED-47870701FDE1}" = HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08067AFD-4ECE-4454-80B4-31C859D4EDC1}" = F4400
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3248F0A8-6813-11D6-A77B-00B0D0150150}" = J2SE Runtime Environment 5.0 Update 15
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{839011A6-DF28-4E21-00AE-83482775212B}" = NBA LIVE 07
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8BCC69EA-B1A4-4845-B95E-CFF335A9F548}" = JMP 8
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F7C120-80F4-48B1-00B8-4E278AED8779}" = NHL07
"{A835C187-691C-4827-BCEA-1611179C96B9}" = DJ_AIO_05_F4400_Software_Min
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B489944B-AB25-43B2-BC5C-B32687FE88DE}" = Vidyo Desktop Media Player
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"0591-8077-9297-0833" = FamilySearch Indexing 3.13.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dell Webcam Central" = Dell Webcam Central
"ESET Online Scanner" = ESET Online Scanner v3
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"McAfee Virtual Technician" = McAfee Virtual Technician
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.5
"Picasa 3" = Picasa 3
"RealPlayer 15.0" = RealPlayer
"ST6UNST #1" = Resampling
"Vidyo Desktop" = Vidyo Desktop 2.1
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2343204259-1990992844-924113905-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/14/2012 10:25:54 AM | Computer Name = DTC-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Windows\System32\NlsData0018.dll
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Microsoft Windows Search Indexer
because of this error. Program: Microsoft Windows Search Indexer File: C:\Windows\System32\NlsData0018.dll

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C0000185 Disk
type: 3

Error - 8/14/2012 10:27:53 AM | Computer Name = DTC-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 4268 (0x10ac) Thread address : 0x000000007776138A Thread message : Build VSCORE.14.4.0.387
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Windows\System32\NlsData0018.dll

by C:\Windows\system32\WerFault.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 8/14/2012 10:33:17 AM | Computer Name = DTC-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610,
time stamp: 0x4dc0d019 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e21213c Exception code: 0xc0000006 Fault offset: 0x000000000000cacd
Faulting
process id: 0x14b0 Faulting application start time: 0x01cd7a2928fb34e2 Faulting application
path: C:\Windows\system32\SearchIndexer.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: fc623feb-e61c-11e1-8e79-a4badba72b83

Error - 8/14/2012 10:33:17 AM | Computer Name = DTC-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Windows\System32\NlsData0018.dll
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Microsoft Windows Search Indexer
because of this error. Program: Microsoft Windows Search Indexer File: C:\Windows\System32\NlsData0018.dll

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C0000185 Disk
type: 3

Error - 8/14/2012 10:34:59 AM | Computer Name = DTC-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 5260 (0x148c) Thread address : 0x000000007776138A Thread message : Build VSCORE.14.4.0.387
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Windows\System32\NlsData0018.dll

by C:\Windows\system32\WerFault.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 8/14/2012 10:41:15 AM | Computer Name = DTC-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610,
time stamp: 0x4dc0d019 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e21213c Exception code: 0xc0000006 Fault offset: 0x000000000000cacd
Faulting
process id: 0xd98 Faulting application start time: 0x01cd7a2a43de8286 Faulting application
path: C:\Windows\system32\SearchIndexer.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 19322285-e61e-11e1-8e79-a4badba72b83

Error - 8/14/2012 10:41:15 AM | Computer Name = DTC-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Windows\System32\NlsData0018.dll
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Microsoft Windows Search Indexer
because of this error. Program: Microsoft Windows Search Indexer File: C:\Windows\System32\NlsData0018.dll

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C0000185 Disk
type: 3

Error - 8/14/2012 10:42:47 AM | Computer Name = DTC-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 996 (0x3e4) Thread address : 0x000000007776138A Thread message : Build VSCORE.14.4.0.387
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Windows\System32\NlsData0018.dll

by C:\Windows\system32\WerFault.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 8/14/2012 10:46:47 AM | Computer Name = DTC-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610,
time stamp: 0x4dc0d019 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
time stamp: 0x4e21213c Exception code: 0xc0000006 Fault offset: 0x000000000000cacd
Faulting
process id: 0xf88 Faulting application start time: 0x01cd7a2b13258ade Faulting application
path: C:\Windows\system32\SearchIndexer.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: df1a593d-e61e-11e1-8e79-a4badba72b83

Error - 8/14/2012 10:46:47 AM | Computer Name = DTC-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Windows\System32\NlsData0018.dll
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Microsoft Windows Search Indexer
because of this error. Program: Microsoft Windows Search Indexer File: C:\Windows\System32\NlsData0018.dll

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C0000185 Disk
type: 3

[ Broadcom Wireless LAN Events ]
Error - 7/23/2012 9:10:42 AM | Computer Name = DTC-PC | Source = WLAN-Tray | ID = 0
Description = 08:10:42, Mon, Jul 23, 12 Error - Unable to gain access to user store


Error - 7/25/2012 11:05:04 PM | Computer Name = DTC-PC | Source = WLAN-Tray | ID = 0
Description = 22:05:04, Wed, Jul 25, 12 Error - Unable to gain access to user store


Error - 7/26/2012 4:57:29 PM | Computer Name = DTC-PC | Source = WLAN-Tray | ID = 0
Description = 15:57:29, Thu, Jul 26, 12 Error - Unable to decode string, error 87


Error - 7/28/2012 12:47:22 AM | Computer Name = DTC-PC | Source = WLAN-Tray | ID = 0
Description = 23:44:37, Fri, Jul 27, 12 Error - Unable to gain access to user store


Error - 8/4/2012 10:56:04 PM | Computer Name = DTC-PC | Source = WLAN-Tray | ID = 0
Description = 21:56:04, Sat, Aug 04, 12 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 2/1/2012 6:30:29 PM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0
Description = 4:30:18 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


Error - 5/19/2012 11:01:43 PM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0
Description = 10:01:43 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/20/2012 10:49:52 AM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0
Description = 9:49:38 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/20/2012 11:14:37 PM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0
Description = 10:14:37 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/21/2012 12:14:56 AM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0
Description = 11:14:55 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/21/2012 6:18:54 PM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0
Description = 5:18:54 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/22/2012 7:26:00 AM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0
Description = 6:25:54 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/22/2012 6:16:00 PM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0
Description = 5:16:00 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/23/2012 8:35:56 AM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0
Description = 7:35:52 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 6/9/2012 7:00:33 AM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0
Description = 6:00:32 AM - Error connecting to the internet. 6:00:32 AM - Unable
to contact server..

[ System Events ]
Error - 8/14/2012 10:29:05 AM | Computer Name = DTC-PC | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly. It has done this
3 time(s).

Error - 8/14/2012 10:33:16 AM | Computer Name = DTC-PC | Source = Microsoft-Windows-CorruptedFileRecovery-Server | ID = 10
Description = The system file C:\Windows\System32\NlsData0018.dll may be corrupted,
but Windows could not determine if the file was actually damaged (error code 2147943517).
No repair action was taken. Run the command "sfc /scannow" at an administrative
command prompt to check for errors and to repair the file if necessary.

Error - 8/14/2012 10:36:58 AM | Computer Name = DTC-PC | Source = Service Control Manager | ID = 7031
Description = The McAfee McShield service terminated unexpectedly. It has done
this 5 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 8/14/2012 10:36:59 AM | Computer Name = DTC-PC | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly. It has done this
4 time(s).

Error - 8/14/2012 10:41:14 AM | Computer Name = DTC-PC | Source = Microsoft-Windows-CorruptedFileRecovery-Server | ID = 10
Description = The system file C:\Windows\System32\NlsData0018.dll may be corrupted,
but Windows could not determine if the file was actually damaged (error code 2147943517).
No repair action was taken. Run the command "sfc /scannow" at an administrative
command prompt to check for errors and to repair the file if necessary.

Error - 8/14/2012 10:42:47 AM | Computer Name = DTC-PC | Source = Service Control Manager | ID = 7034
Description = The McAfee McShield service terminated unexpectedly. It has done
this 6 time(s).

Error - 8/14/2012 10:42:48 AM | Computer Name = DTC-PC | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly. It has done this
5 time(s).

Error - 8/14/2012 10:46:46 AM | Computer Name = DTC-PC | Source = Microsoft-Windows-CorruptedFileRecovery-Server | ID = 10
Description = The system file C:\Windows\System32\NlsData0018.dll may be corrupted,
but Windows could not determine if the file was actually damaged (error code 2147943517).
No repair action was taken. Run the command "sfc /scannow" at an administrative
command prompt to check for errors and to repair the file if necessary.

Error - 8/14/2012 10:46:47 AM | Computer Name = DTC-PC | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly. It has done this
6 time(s).

Error - 8/14/2012 10:50:15 AM | Computer Name = DTC-PC | Source = Microsoft-Windows-CorruptedFileRecovery-Server | ID = 10
Description = The system file C:\Windows\System32\NlsData0018.dll may be corrupted,
but Windows could not determine if the file was actually damaged (error code 2147943517).
No repair action was taken. Run the command "sfc /scannow" at an administrative
command prompt to check for errors and to repair the file if necessary.


< End of report >

#20 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 15 August 2012 - 03:40 AM

Please follow the instructions here:
http://www.bleepingc...topic43051.html

Then reboot your PC and try to re-install Malwarebytes' Anti-Malware and let me know.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users