davywonder

My computer is infected - Request assistance

35 posts in this topic

Hi there! My computer has recently become infected. It runs slowly, my McAfee keeps being turned off, and many programs will not run at all. I have downloaded malware bytes, and it fixed up my wife's computer nicely. However, it will not run on mine, and neither will Chameleon. I have tried all 12 of the chameleon files a couple of times, many of them run all the way through and say they're done, but Malware Bytes never does run. The process starts, but the application does not open, and then the process disappears. I would really appreciate some help. :)

Here are my logs:

Attach.txt

DDS.txt

Thanks!

-David

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33

Run by DTC at 16:41:46 on 2012-08-02

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4056.2847 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Skype\Updater\Updater.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\igfxsrvc.exe

C:\Users\DTC\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Users\DTC\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Users\DTC\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = about:blank

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mWinlogon: Userinit=userinit.exe

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120623154549.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [googletalk] C:\Users\DTC\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

uRun: [Google Update] "C:\Users\DTC\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [<NO NAME>]

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\DTC\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\DTC\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{691E400C-9E56-4E19-B1E7-DEDF2AC8D073} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{691E400C-9E56-4E19-B1E7-DEDF2AC8D073}\3456E64727F6756494 : DhcpNameServer = 10.0.0.2 192.168.2.1

TCP: Interfaces\{691E400C-9E56-4E19-B1E7-DEDF2AC8D073}\36F627D61636B636C616E6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{691E400C-9E56-4E19-B1E7-DEDF2AC8D073}\45865602D4F6F6275637 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{691E400C-9E56-4E19-B1E7-DEDF2AC8D073}\C4559435D4F42514E4F5E4564777F627B6 : DhcpNameServer = 192.168.2.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120623154549.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [(Default)]

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\DTC\AppData\Roaming\Mozilla\Firefox\Profiles\s5snzdbr.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.lds.org

FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=

FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Musicnotes\npmusicn.dll

FF - plugin: C:\Program Files (x86)\Musicnotes\NPSibelius.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\DTC\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-11 249936]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-11 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-11 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-7 199272]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-7 210584]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-7 162192]

R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

R3 vdmp_vm;VidyoDesktop Media Player Microphone;C:\Windows\system32\drivers\vdmpvm.sys --> C:\Windows\system32\drivers\vdmpvm.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-11 249936]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 250056]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-2-27 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-2-27 79360]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]

S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-2-27 79360]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-26 16:42:57 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-26 16:42:55 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-26 16:42:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-26 02:31:59 -------- d-----w- C:\Users\DTC\AppData\Roaming\McAfee

2012-07-18 19:31:35 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-07-18 19:31:33 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-07-18 19:31:33 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-07-18 19:31:32 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-07-18 19:31:31 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-07-12 04:46:58 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 14:35:39 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-07-11 14:34:36 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-07-11 14:34:36 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-07-11 14:34:35 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-07-11 14:34:35 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2012-07-11 14:34:35 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2012-07-11 14:34:34 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll

2012-07-11 14:34:34 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2012-07-11 14:34:34 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2012-07-11 14:34:32 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll

2012-07-11 14:34:31 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2012-07-11 14:34:31 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll

2012-07-11 14:34:30 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2012-07-11 14:34:29 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-07-06 23:30:24 -------- d-----r- C:\Users\DTC\Dropbox

2012-07-06 23:28:24 -------- d-----w- C:\Users\DTC\AppData\Roaming\Dropbox

2012-07-04 21:30:39 -------- d-----w- C:\Users\DTC\.FamilySearchIndexing

2012-07-04 21:29:59 -------- d-----w- C:\Program Files (x86)\FamilySearch Indexing

.

==================== Find3M ====================

.

2012-07-12 03:05:21 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 03:05:21 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-01 15:19:18 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-07-01 15:19:18 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

.

============= FINISH: 16:43:54.79 ===============

Share this post


Link to post
Share on other sites

Hello David and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please download exeHelper to your desktop.

Double-click on exeHelper.com to run the fix.

A black window should pop up, press any key to close once the fix is completed.

Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • exeHelper log
  • Malwarebytes' Anti-Malware log
  • aswMBR log

Share this post


Link to post
Share on other sites

Hi there Maniac,

So I ran the exehelper, it took about 10 seconds but Malware Bytes still wouldn't run. Here is the log:

exeHelper by Raktor

Build 20100414

Run at 08:33:27 on 08/03/12

Now searching...

Checking for numerical processes...

Checking for sysguard processes...

Checking for bad processes...

Checking for bad files...

Checking for bad registry entries...

Resetting filetype association for .exe

Resetting filetype association for .com

Resetting userinit and shell values...

Resetting policies...

--Finished--

I then tried Chameleon, but the process was interrupted by a power outage that turned my computer off. About 15 minutes after I had already run exehelper and tried MalwareBytes unsuccessfully my McAfee popped up saying that it had detected a trojan from exehelper.exe and quarantined it. The trojan it listed was Artemis!BCA8A954D376

I rebooted my computer, turned off McAfee's real-time scanning and ran exehelper and MalwareBytes again with the same results, exehelper runs quick and MalwareBytes won't run.

Now what?

Share this post


Link to post
Share on other sites

Okay, so I am currently running aswMBR for the third time. Both of the other times my computer has completely frozen while it was scanning. It's running now, and I will record the entries it has now in case it freezes again and I can't get a log:

(This is after all of the Disk 0 information)

Service Scanning

ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004570060]

3 CLASSPNP.SYS[ffff88001a5143f] -> nt!IofCallDriver ->...

...

And then I got a blue screen of death. Sorry.. I couldn't type the other couple of lines in time. My computer just rebooted itself.

Let's try this again...

Service Scanning

ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004570060]

3 CLASSPNP.SYS[ffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDe...

AVAST engine scan C:\Windows

AVAST engine scan C:\Windows\System32

Scanning: C:\Windows\system32\MSDvbNP.ax er-events.dll

And now it looks like it has frozen again. I will wait it out, but I'm pretty sure it's done for. The other times it did this I waited 20 minutes to see if it would keep running and nothing ever happened.

I hope this is helpful. I really appreciate your advice. I hope this works out soon, because this is really frustrating.

Thanks again!

Share this post


Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Share this post


Link to post
Share on other sites

Combofix worked fine. Here's the log:

ComboFix 12-08-05.02 - DTC 04/08/2012 22:08:50.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4056.2806 [GMT -5:00]

Running from: c:\users\DTC\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))

.

.

2012-08-05 03:27 . 2012-08-05 03:27 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-03 13:40 . 2012-08-03 13:40 36168 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-07-26 16:42 . 2012-07-26 16:42 -------- d-----w- c:\programdata\Malwarebytes

2012-07-26 16:42 . 2012-07-26 16:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-26 16:42 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-26 02:31 . 2012-07-26 02:31 -------- d-----w- c:\users\DTC\AppData\Roaming\McAfee

2012-07-18 19:31 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-07-18 19:31 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-07-18 19:31 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-07-18 19:31 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-07-18 19:31 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-07-12 04:46 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 14:35 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 14:34 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-11 14:34 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2012-07-11 14:34 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2012-07-11 14:34 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2012-07-11 14:34 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-07-11 14:34 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2012-07-11 14:34 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll

2012-07-11 14:34 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll

2012-07-11 14:34 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll

2012-07-11 14:34 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll

2012-07-11 14:34 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll

2012-07-11 14:34 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll

2012-07-11 14:34 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-07-06 23:30 . 2012-08-05 02:59 -------- d-----r- c:\users\DTC\Dropbox

2012-07-06 23:28 . 2012-08-05 02:59 -------- d-----w- c:\users\DTC\AppData\Roaming\Dropbox

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-04 16:05 . 2012-04-05 01:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-04 16:05 . 2011-08-08 02:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 04:43 . 2010-03-13 05:50 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-01 15:19 . 2012-07-01 15:19 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-07-01 15:19 . 2010-04-23 15:24 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-06-02 22:19 . 2012-06-19 12:37 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-19 12:38 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-19 12:38 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-19 12:38 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-19 12:37 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-19 12:38 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-19 12:37 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 20:19 . 2012-06-19 12:37 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 20:15 . 2012-06-19 12:37 36864 ----a-w- c:\windows\system32\wuapp.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"googletalk"="c:\users\DTC\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\DTC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\DTC\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-13 27595032]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-03-10 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-27 79360]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-08-03 36168]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-02-27 79360]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-16 1255736]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]

S3 vdmp_vm;VidyoDesktop Media Player Microphone;c:\windows\system32\drivers\vdmpvm.sys [2010-07-30 28744]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 16:05]

.

2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2343204259-1990992844-924113905-1000Core.job

- c:\users\DTC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-10 19:06]

.

2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2343204259-1990992844-924113905-1000UA.job

- c:\users\DTC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-10 19:06]

.

2012-07-26 c:\windows\Tasks\vtscheduletask.job

- c:\program files (x86)\McAfee\Supportability\MVT\MvtApp.exe [2012-07-26 02:05]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\DTC\AppData\Roaming\Mozilla\Firefox\Profiles\s5snzdbr.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.lds.org

FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

.

**************************************************************************

.

Completion time: 2012-08-04 22:52:09 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-05 03:52

.

Pre-Run: 190,402,306,048 bytes free

Post-Run: 190,662,135,808 bytes free

.

- - End Of File - - EEEE5963372DEA36BBC197EB9FC195B5

I'm glad it worked :)

Share this post


Link to post
Share on other sites

Me too. :)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Share this post


Link to post
Share on other sites

ComboFix 12-08-05.02 - DTC 05/08/2012 10:11:39.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4056.2916 [GMT -5:00]

Running from: c:\users\DTC\Desktop\ComboFix.exe

Command switches used :: c:\users\DTC\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))

.

.

2012-08-05 15:42 . 2012-08-05 15:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-03 13:40 . 2012-08-03 13:40 36168 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-07-26 16:42 . 2012-07-26 16:42 -------- d-----w- c:\programdata\Malwarebytes

2012-07-26 16:42 . 2012-07-26 16:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-26 16:42 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-26 02:31 . 2012-07-26 02:31 -------- d-----w- c:\users\DTC\AppData\Roaming\McAfee

2012-07-18 19:31 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-07-18 19:31 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-07-18 19:31 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-07-18 19:31 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-07-18 19:31 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-07-12 04:46 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 14:35 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 14:34 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-11 14:34 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2012-07-11 14:34 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2012-07-11 14:34 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2012-07-11 14:34 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-07-11 14:34 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2012-07-11 14:34 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll

2012-07-11 14:34 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll

2012-07-11 14:34 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll

2012-07-11 14:34 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll

2012-07-11 14:34 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll

2012-07-11 14:34 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll

2012-07-11 14:34 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-07-06 23:30 . 2012-08-05 04:56 -------- d-----r- c:\users\DTC\Dropbox

2012-07-06 23:28 . 2012-08-05 15:06 -------- d-----w- c:\users\DTC\AppData\Roaming\Dropbox

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-04 16:05 . 2012-04-05 01:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-04 16:05 . 2011-08-08 02:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 04:43 . 2010-03-13 05:50 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-01 15:19 . 2012-07-01 15:19 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-07-01 15:19 . 2010-04-23 15:24 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-06-02 22:19 . 2012-06-19 12:37 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-19 12:38 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-19 12:38 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-19 12:38 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-19 12:37 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-19 12:38 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-19 12:37 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 20:19 . 2012-06-19 12:37 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 20:15 . 2012-06-19 12:37 36864 ----a-w- c:\windows\system32\wuapp.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-08-05_03.33.53 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-02-27 09:24 . 2012-08-05 15:45 66352 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-08-05 15:45 45090 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-03-10 21:48 . 2012-08-05 15:45 24388 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2343204259-1990992844-924113905-1000_UserData.bin

+ 2010-03-10 17:10 . 2012-08-05 15:37 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-03-10 17:10 . 2012-08-05 03:29 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-03-10 17:10 . 2012-08-05 15:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-03-10 17:10 . 2012-08-05 03:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-05 15:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-08-05 03:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-03-16 14:26 . 2012-08-05 04:55 4416 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2012-08-05 03:28 . 2012-08-05 03:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-05 15:43 . 2012-08-05 15:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-05 15:43 . 2012-08-05 15:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-08-05 03:28 . 2012-08-05 03:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2012-08-05 03:28 294720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-08-05 15:43 294720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-02-26 06:10 . 2012-08-05 03:28 1473514 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2343204259-1990992844-924113905-1000-8192.dat

+ 2011-02-26 06:10 . 2012-08-05 15:43 1473514 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2343204259-1990992844-924113905-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"googletalk"="c:\users\DTC\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\DTC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\DTC\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-13 27595032]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-03-10 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-27 79360]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-08-03 36168]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-02-27 79360]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-16 1255736]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]

S3 vdmp_vm;VidyoDesktop Media Player Microphone;c:\windows\system32\drivers\vdmpvm.sys [2010-07-30 28744]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 16:05]

.

2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2343204259-1990992844-924113905-1000Core.job

- c:\users\DTC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-10 19:06]

.

2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2343204259-1990992844-924113905-1000UA.job

- c:\users\DTC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-10 19:06]

.

2012-07-26 c:\windows\Tasks\vtscheduletask.job

- c:\program files (x86)\McAfee\Supportability\MVT\MvtApp.exe [2012-07-26 02:05]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\DTC\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\DTC\AppData\Roaming\Mozilla\Firefox\Profiles\s5snzdbr.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.lds.org

FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

.

**************************************************************************

.

Completion time: 2012-08-05 11:02:35 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-05 16:02

ComboFix2.txt 2012-08-05 03:52

.

Pre-Run: 190,740,172,800 bytes free

Post-Run: 190,661,804,032 bytes free

.

- - End Of File - - 721D181BFA7729A1B1E128AA0613E45A

Share this post


Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Share this post


Link to post
Share on other sites

MalwareBytes still won't run, but here is the log from ESET:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=57cf3982b436244c99139c34f12e7c22

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-08-06 08:11:48

# local_time=2012-08-06 03:11:48 (-0600, Central Daylight Time)

# country="Canada"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5121 16777213 100 75 4310617 8546167 0 0

# compatibility_mode=5893 16776574 66 85 36607235 95810921 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=167307

# found=1

# cleaned=1

# scan_time=16437

C:\Users\DTC\Downloads\musicnotesSuite.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Share this post


Link to post
Share on other sites

MalwareBytes sill isn't running. I used chameleon without any luck. The chameleon files run fine, and they say they've completed each step, but MB never opens. I tried using Rkill, and the random exe as well. Niether helped. The random exe brought up an error saying it's not a real Win32 application. Here is the log from Rkill:

Rkill 2.0.3 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/08/2012 10:12:48 AM in x64 mode.

Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Users\DTC\AppData\Roaming\Google\Google Talk\googletalk.exe (PID: 3596) [uP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

* HKLM\Software\Classes\.com "@" has been changed to ComFile!

* HKLM\Software\Classes\.com "@" was reset to comfile!

Performing miscellaneous checks.

* No issues found.

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/08/2012 10:13:22 AM

Execution time: 0 hours(s), 0 minute(s), and 33 seconds(s)

Share this post


Link to post
Share on other sites

Please do the following:


  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here

    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Share this post


Link to post
Share on other sites

I've tried Safe Mode several times. I am in safe mode now and it still won't run.

Share this post


Link to post
Share on other sites

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Share this post


Link to post
Share on other sites

OTL logfile created on: 8/14/2012 9:11:39 AM - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\DTC\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.96 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.81% Memory free

7.92 Gb Paging File | 6.40 Gb Available in Paging File | 80.76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 283.40 Gb Total Space | 177.93 Gb Free Space | 62.78% Space Free | Partition Type: NTFS

Computer Name: DTC-PC | User Name: DTC | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 09:00:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\DTC\Desktop\OTL.exe

PRC - [2012/06/13 21:08:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\DTC\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/06/24 17:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

PRC - [2009/06/09 11:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009/02/23 12:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

PRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\DTC\AppData\Roaming\Google\Google Talk\googletalk.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/19 08:22:48 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)

SRV:64bit: - [2009/07/16 20:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/06/28 23:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009/06/09 11:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV - [2012/08/06 01:06:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/19 09:19:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010/03/10 16:38:05 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2010/02/27 04:23:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2010/02/27 04:22:57 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)

SRV - [2010/02/27 04:07:52 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/06/28 23:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)

SRV - [2009/02/23 12:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)

DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)

DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)

DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/08/01 15:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)

DRV:64bit: - [2011/06/15 09:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/07/30 16:38:56 | 000,028,744 | ---- | M] (Vidyo, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vdmpvm.sys -- (vdmp_vm)

DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/07/16 20:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)

DRV:64bit: - [2009/07/16 20:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/28 23:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/02 22:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/05/08 03:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/02/05 06:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {73F80270-5CCB-40CE-BBFF-2426D947B544}

IE:64bit: - HKLM\..\SearchScopes\{73F80270-5CCB-40CE-BBFF-2426D947B544}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {50F13F54-A1DE-4AB6-8696-627BAEA85B5C}

IE - HKLM\..\SearchScopes\{50F13F54-A1DE-4AB6-8696-627BAEA85B5C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\..\SearchScopes,DefaultScope = {805A205A-B33F-41D8-84CC-5EF924D2AFA5}

IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searc}'>http://www.google.com/search?q={searc}

IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\..\SearchScopes\{805A205A-B33F-41D8-84CC-5EF924D2AFA5}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8'>http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\..\SearchScopes\{8D2399EF-F733-4584-A823-8A7764C0AA91}: "URL" = http://ca.search.yahoo.com/search?fr=mcafee&p={SearchTerms}

IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.lds.org"

FF - prefs.js..extensions.enabledItems: en-CA@dictionaries.addons.mozilla.org:2.0.0

FF - prefs.js..extensions.enabledItems: fr-classique-reforme1990@dictionaries.addons.mozilla.org:4.0.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}:5.0.15

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: foxfilter@inspiredeffect.net:7.6.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..keyword.URL: "http://ca.search.yahoo.com/search?fr=mcafee&p="

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files (x86)\Musicnotes\npsibelius.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DTC\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DTC\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/07 23:37:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/07/18 09:55:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/24 10:55:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 09:19:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/19 17:18:55 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/07 23:37:50 | 000,000,000 | ---D | M]

[2010/03/13 00:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DTC\AppData\Roaming\Mozilla\Extensions

[2012/08/03 09:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DTC\AppData\Roaming\Mozilla\Firefox\Profiles\s5snzdbr.default\extensions

[2012/08/03 09:27:02 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:\Users\DTC\AppData\Roaming\Mozilla\Firefox\Profiles\s5snzdbr.default\extensions\en-CA@dictionaries.addons.mozilla.org

[2011/10/10 23:22:21 | 000,000,000 | ---D | M] (Dictionnaire français «Classique &amp; Réforme 1990») -- C:\Users\DTC\AppData\Roaming\Mozilla\Firefox\Profiles\s5snzdbr.default\extensions\fr-classique-reforme1990@dictionaries.addons.mozilla.org

[2010/12/16 17:12:51 | 000,012,703 | ---- | M] () -- C:\Users\DTC\AppData\Roaming\Mozilla\Firefox\Profiles\s5snzdbr.default\searchplugins\imdb.xml

[2010/12/16 17:59:15 | 000,002,057 | ---- | M] () -- C:\Users\DTC\AppData\Roaming\Mozilla\Firefox\Profiles\s5snzdbr.default\searchplugins\youtube-video-search.xml

[2012/07/01 10:19:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/05/30 07:55:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/07/01 10:19:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2012/07/18 09:55:15 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR

[2012/08/03 09:27:02 | 000,282,478 | ---- | M] () (No name found) -- C:\USERS\DTC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5SNZDBR.DEFAULT\EXTENSIONS\AZHANG@CLOUDACL.COM.XPI

[2012/05/05 18:50:01 | 000,036,918 | ---- | M] () (No name found) -- C:\USERS\DTC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5SNZDBR.DEFAULT\EXTENSIONS\MOVIERATING@RONAKPATEL.NET.XPI

[2012/07/19 09:19:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll

[2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll

[2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

[2011/10/03 12:45:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2010/12/23 10:10:20 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml

[2011/11/08 19:13:43 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\DTC\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DTC\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DTC\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

CHR - plugin: Musicnotes (Enabled) = C:\Program Files (x86)\Musicnotes\npmusicn.dll

CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files (x86)\Musicnotes\npsibelius.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: Google Update (Enabled) = C:\Users\DTC\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll

CHR - Extension: YouTube = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: MetaSurf = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpfbddcgbimoafpgmbbjiliegkfcjkmn\0.5.8_0\

CHR - Extension: SiteAdvisor = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0\

CHR - Extension: Skype Click to Call = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\

CHR - Extension: Gmail = C:\Users\DTC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/05 10:44:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120623154549.dll (McAfee, Inc.)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120623154549.dll (McAfee, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

O4 - HKU\S-1-5-21-2343204259-1990992844-924113905-1000..\Run: [googletalk] C:\Users\DTC\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\DTC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\DTC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2343204259-1990992844-924113905-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{691E400C-9E56-4E19-B1E7-DEDF2AC8D073}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\cozi - No CLSID value found

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 09:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2012/08/14 09:00:31 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\DTC\Desktop\OTL.exe

[2012/08/09 08:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/08/09 08:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/08/09 08:07:21 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/08/09 08:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/08/06 10:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/08/05 23:48:11 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\DTC\Desktop\mbam-setup-1.62.0.1300.exe

[2012/08/05 11:14:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/08/05 11:02:55 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/08/04 22:02:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/08/04 22:02:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/08/04 22:02:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/08/04 22:02:26 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/08/04 22:02:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/08/04 22:02:00 | 004,725,168 | R--- | C] (Swearware) -- C:\Users\DTC\Desktop\ComboFix.exe

[2012/08/03 08:33:02 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\DTC\Desktop\aswMBR.exe

[2012/08/02 16:41:42 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\DTC\Desktop\dds.com

[2012/07/25 21:31:59 | 000,000,000 | ---D | C] -- C:\Users\DTC\AppData\Roaming\McAfee

========== Files - Modified Within 30 Days ==========

[2012/08/14 09:42:49 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2343204259-1990992844-924113905-1000UA.job

[2012/08/14 09:15:37 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/14 09:15:37 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/14 09:07:36 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/14 09:00:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\DTC\Desktop\OTL.exe

[2012/08/14 08:58:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/14 08:58:27 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/11 21:34:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2343204259-1990992844-924113905-1000Core.job

[2012/08/09 08:07:23 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/08 10:58:30 | 405,195,659 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/08/08 10:18:18 | 000,000,055 | ---- | M] () -- C:\Users\DTC\AppData\Roaming\mbam.context.scan

[2012/08/06 10:33:16 | 000,000,134 | ---- | M] () -- C:\Users\DTC\Desktop\Internet Explorer Troubleshooting.url

[2012/08/05 10:44:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/08/04 21:55:20 | 004,725,168 | R--- | M] (Swearware) -- C:\Users\DTC\Desktop\ComboFix.exe

[2012/08/03 08:29:46 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\DTC\Desktop\aswMBR.exe

[2012/08/02 16:31:50 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\DTC\Desktop\dds.com

[2012/07/26 11:25:48 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\DTC\Desktop\mbam-setup-1.62.0.1300.exe

[2012/07/25 21:35:07 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\vtscheduletask.job

[2012/07/25 21:31:59 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk

[2012/07/19 09:19:35 | 000,002,046 | -H-- | M] () -- C:\Users\DTC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2012/08/09 08:07:23 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/06 00:51:16 | 000,000,134 | ---- | C] () -- C:\Users\DTC\Desktop\Internet Explorer Troubleshooting.url

[2012/08/04 22:02:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/08/04 22:02:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/08/04 22:02:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/08/04 22:02:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/08/04 22:02:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/08/04 12:05:02 | 405,195,659 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/07/28 00:18:16 | 000,000,055 | ---- | C] () -- C:\Users\DTC\AppData\Roaming\mbam.context.scan

[2012/07/25 21:31:59 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Virtual Technician.lnk

[2012/07/25 21:31:58 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\vtscheduletask.job

[2012/07/25 21:31:11 | 000,002,124 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Virtual Technician.lnk

[2011/05/07 23:32:22 | 000,171,985 | ---- | C] () -- C:\Windows\hpoins37.dat

[2010/06/25 21:32:39 | 000,003,584 | ---- | C] () -- C:\Users\DTC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/03/13 01:20:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== LOP Check ==========

[2012/08/14 08:59:24 | 000,000,000 | ---D | M] -- C:\Users\DTC\AppData\Roaming\Dropbox

[2010/03/13 22:52:54 | 000,000,000 | ---D | M] -- C:\Users\DTC\AppData\Roaming\iWin

[2011/03/13 19:08:16 | 000,000,000 | ---D | M] -- C:\Users\DTC\AppData\Roaming\PCDr

[2010/03/10 15:32:00 | 000,000,000 | ---D | M] -- C:\Users\DTC\AppData\Roaming\PlayFirst

[2012/04/24 14:59:26 | 000,000,000 | ---D | M] -- C:\Users\DTC\AppData\Roaming\SSH

[2012/03/04 11:39:02 | 000,000,000 | ---D | M] -- C:\Users\DTC\AppData\Roaming\Vidyo

[2010/04/20 11:41:45 | 000,000,000 | ---D | M] -- C:\Users\DTC\AppData\Roaming\Worksimaging

[2012/07/10 07:03:23 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/07/25 21:35:07 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\vtscheduletask.job

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 8/14/2012 9:11:39 AM - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\DTC\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.96 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.81% Memory free

7.92 Gb Paging File | 6.40 Gb Available in Paging File | 80.76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 283.40 Gb Total Space | 177.93 Gb Free Space | 62.78% Space Free | Partition Type: NTFS

Computer Name: DTC-PC | User Name: DTC | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2343204259-1990992844-924113905-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{028B1558-C69B-4053-88E5-DE60C18489EB}" = rport=139 | protocol=6 | dir=out | app=system |

"{08C0348D-E6D6-43B7-8C78-03499FDF3018}" = lport=138 | protocol=17 | dir=in | app=system |

"{18ED430D-171B-4401-A13F-1D780E95DFFE}" = rport=138 | protocol=17 | dir=out | app=system |

"{3EAB9D70-523B-460F-81A3-D56DF48BD6E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{4A9034D6-8C32-478C-B202-B4E6F4F52DAD}" = lport=445 | protocol=6 | dir=in | app=system |

"{4F347F90-7380-4F7C-827F-8F788C3B4322}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{721F379D-7BF3-47E9-96BE-7B0EE0E62D38}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{750E12E4-5E15-492B-9421-9F515D952455}" = lport=139 | protocol=6 | dir=in | app=system |

"{904B024D-0381-44F4-BB03-2A8F0A081D8C}" = lport=137 | protocol=17 | dir=in | app=system |

"{905DA224-D826-4D2F-AD1C-78CBBFB2F0F4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{965C7D58-A6EA-4F9B-9295-4E423E747A98}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{AC54377C-96EE-43BB-A1E5-D94D3CA6729D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{B4494734-D26C-41B5-A8AB-73559F5BAB46}" = rport=10243 | protocol=6 | dir=out | app=system |

"{B73DD011-4CA4-4D35-BD49-ED40D58AA8FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{CABEB738-1C45-4F1E-8870-A64FEDBED3E3}" = lport=2869 | protocol=6 | dir=in | app=system |

"{CD057E92-A0A8-4CB2-B950-E93380642239}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D2BCAAD9-DDA6-4AFF-9110-647437BC479B}" = lport=10243 | protocol=6 | dir=in | app=system |

"{D40F0462-0DE7-40B7-9FF9-95CB8383A0B0}" = rport=445 | protocol=6 | dir=out | app=system |

"{D6F3BD1F-407C-443D-B6AE-F903F8F9CA18}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{EF80F5B1-89D6-4B74-9764-4D2BBB87C1DB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F41BBAA0-E96C-4F91-B426-D720E6687634}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{06BE04D4-1082-4326-B77F-A855A3156B02}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{2556AE2D-EB26-4589-93EC-2525A4333BC8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |

"{261068F6-53D8-45D1-A1E8-569C3957B85D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{2BD8E8DF-D01A-4979-899C-9BE7DE48F5F8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{355C1828-E920-4822-8B31-499C19136970}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |

"{42512C7C-1428-462A-A57D-94BB759795BC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |

"{44CB450B-E1DF-45E8-BB32-C7753B722AFE}" = protocol=17 | dir=in | app=c:\users\dtc\appdata\roaming\dropbox\bin\dropbox.exe |

"{45F9FEAC-4024-45B9-B0D0-D8F52F74E19C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{48E77EC1-219F-4ACD-B2CA-017A5C99DE65}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |

"{4997FA90-4CE8-4602-A3F1-0530B8B9CCAD}" = protocol=6 | dir=out | app=system |

"{4BDE97F3-38E1-44D3-945F-DA614E1CEBFF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |

"{4C79C297-D994-4C51-B2FA-BA5115A1E4A3}" = protocol=6 | dir=in | app=c:\users\dtc\appdata\roaming\dropbox\bin\dropbox.exe |

"{5B1BE4CC-63D0-4D78-90F0-4139F78EA624}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{5F189FE9-8331-414E-B8BC-1F5DCF3E2A97}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |

"{6686C6B8-8DA0-4E9F-8A5E-BE78F2AC4A0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{69113634-7214-441E-904F-A05802A09B83}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |

"{74FDCC89-05D3-47A7-BCDE-D0E75F4F3AFE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{83142290-8BC6-49A0-A27E-D100D51ADBCB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |

"{95DC3FD9-612F-4163-A136-671952D2E7E6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{9E45C867-8493-4ADB-A0EA-77F028A295D7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{A8C437DC-C9DF-4EE8-9AAB-6A9299905AEF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{A95FEFFE-A089-4EE4-B31C-BB837202DC02}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{ABCE95B6-C4BA-4693-B824-434EE1C2DB5F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |

"{AC470F5F-A11F-4440-A4EE-1C270819D739}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |

"{AFB13461-94AC-4BDA-8A05-7E5997F55FC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{B0E47C7D-EB56-4036-AB4E-81B9FEFEBB40}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |

"{B1CDA942-2806-41F3-A262-E95311532F39}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |

"{B44B495C-17C2-4373-A026-906418511AA1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{B7833016-8D82-444B-8580-30AD0AB297AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{B96612DA-E5F0-4A69-99A4-08ABE3EA20BA}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |

"{B9E3CA6D-50AF-4B72-B1B3-C2A3403FC6DF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |

"{BA3E3DFF-3FE0-43C3-AD38-9B7033F7A65A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{BCCE2459-443E-4E5D-B07D-ECDA9244B6D9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{BFCBF412-633D-4F59-9E80-476D1A0B659D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{BFCCED1B-1692-4FF1-92B1-181331762ADF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{D504CA47-D27C-4386-869C-07790A4D928D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{D5AF30C7-179B-4940-8733-5B86E1956268}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E034A40B-1B5E-485B-AD80-C9A530E0770A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{E424020B-4FD8-4036-9385-A13ADDB0FE40}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |

"{E54D5F96-D8C4-48EE-B093-7E212D3A9B50}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{E9F384FF-03DF-48F8-814A-0AF9CAC8FA1C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{EA742E88-27DA-473A-B9B5-D2041FCBA0D2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |

"{F0F460FE-E68B-4ECA-B2E8-163409F61274}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{F3A7F2B9-DC71-4E72-825B-09897B1D219A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{F5FFBB5C-2BCF-43E1-892C-1E7A699C6807}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{F696CBCF-E0B7-4C5A-AC58-B37CDA2381F6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{F9397C98-A7D7-4587-9EC4-6D49FCE7CBFC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{FA95DEBA-8785-4D7D-BD0B-6BFDCC2C7ACB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{FE3AE35F-407B-4FFE-933A-FB75ECDF2A59}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{FF8FBE79-AB34-46ED-830A-E0BA9FA0447D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java 6 Update 17 (64-bit)

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2

"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{A800FCC9-8E1E-4D84-9CED-47870701FDE1}" = HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5

"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer

"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Imaging Device Functions" = HP Imaging Device Functions 14.0

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0

"HPExtendedCapabilities" = HP Customer Participation Program 14.0

"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{08067AFD-4ECE-4454-80B4-31C859D4EDC1}" = F4400

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support

"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery

"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 33

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status

"{3248F0A8-6813-11D6-A77B-00B0D0150150}" = J2SE Runtime Environment 5.0 Update 15

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell

"{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{839011A6-DF28-4E21-00AE-83482775212B}" = NBA LIVE 07

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8BCC69EA-B1A4-4845-B95E-CFF335A9F548}" = JMP 8

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A1F7C120-80F4-48B1-00B8-4E278AED8779}" = NHL07

"{A835C187-691C-4827-BCEA-1611179C96B9}" = DJ_AIO_05_F4400_Software_Min

"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{B489944B-AB25-43B2-BC5C-B32687FE88DE}" = Vidyo Desktop Media Player

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp

"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"0591-8077-9297-0833" = FamilySearch Indexing 3.13.1

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"Dell Webcam Central" = Dell Webcam Central

"ESET Online Scanner" = ESET Online Scanner v3

"GoToAssist" = GoToAssist 8.0.0.514

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Photo Creations" = HP Photo Creations

"LastFM_is1" = Last.fm 1.5.4.27091

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"McAfee Security Scan" = McAfee Security Scan Plus

"McAfee Virtual Technician" = McAfee Virtual Technician

"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MSC" = McAfee SecurityCenter

"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.5

"Picasa 3" = Picasa 3

"RealPlayer 15.0" = RealPlayer

"ST6UNST #1" = Resampling

"Vidyo Desktop" = Vidyo Desktop 2.1

"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2343204259-1990992844-924113905-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

"Dropbox" = Dropbox

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 8/14/2012 10:25:54 AM | Computer Name = DTC-PC | Source = Application Error | ID = 1005

Description = Windows cannot access the file C:\Windows\System32\NlsData0018.dll

for one of the following reasons: there is a problem with the network connection,

the disk that the file is stored on, or the storage drivers installed on this computer;

or the disk is missing. Windows closed the program Microsoft Windows Search Indexer

because of this error. Program: Microsoft Windows Search Indexer File: C:\Windows\System32\NlsData0018.dll

The

error value is listed in the Additional Data section. User Action 1. Open the file

again. This situation might be a temporary problem that corrects itself when the

program runs again. 2. If the file still cannot be accessed and - It is on the network,

your

network administrator should verify that there is not a problem with the network

and that the server can be contacted. - It is on a removable disk, for example,

a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.

3.

Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,

click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,

and then press ENTER. 4. If the problem persists, restore the file from a backup

copy. 5. Determine whether other files on the same disk can be opened. If not, the

disk might be damaged. If it is a hard disk, contact your administrator or computer

hardware vendor for further assistance. Additional Data Error value: C0000185 Disk

type: 3

Error - 8/14/2012 10:27:53 AM | Computer Name = DTC-PC | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

took longer than 90000 ms to complete a request. The process will be terminated.

Thread

id : 4268 (0x10ac) Thread address : 0x000000007776138A Thread message : Build VSCORE.14.4.0.387

/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Windows\System32\NlsData0018.dll

by C:\Windows\system32\WerFault.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 8/14/2012 10:33:17 AM | Computer Name = DTC-PC | Source = Application Error | ID = 1000

Description = Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610,

time stamp: 0x4dc0d019 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,

time stamp: 0x4e21213c Exception code: 0xc0000006 Fault offset: 0x000000000000cacd

Faulting

process id: 0x14b0 Faulting application start time: 0x01cd7a2928fb34e2 Faulting application

path: C:\Windows\system32\SearchIndexer.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll

Report

Id: fc623feb-e61c-11e1-8e79-a4badba72b83

Error - 8/14/2012 10:33:17 AM | Computer Name = DTC-PC | Source = Application Error | ID = 1005

Description = Windows cannot access the file C:\Windows\System32\NlsData0018.dll

for one of the following reasons: there is a problem with the network connection,

the disk that the file is stored on, or the storage drivers installed on this computer;

or the disk is missing. Windows closed the program Microsoft Windows Search Indexer

because of this error. Program: Microsoft Windows Search Indexer File: C:\Windows\System32\NlsData0018.dll

The

error value is listed in the Additional Data section. User Action 1. Open the file

again. This situation might be a temporary problem that corrects itself when the

program runs again. 2. If the file still cannot be accessed and - It is on the network,

your

network administrator should verify that there is not a problem with the network

and that the server can be contacted. - It is on a removable disk, for example,

a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.

3.

Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,

click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,

and then press ENTER. 4. If the problem persists, restore the file from a backup

copy. 5. Determine whether other files on the same disk can be opened. If not, the

disk might be damaged. If it is a hard disk, contact your administrator or computer

hardware vendor for further assistance. Additional Data Error value: C0000185 Disk

type: 3

Error - 8/14/2012 10:34:59 AM | Computer Name = DTC-PC | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

took longer than 90000 ms to complete a request. The process will be terminated.

Thread

id : 5260 (0x148c) Thread address : 0x000000007776138A Thread message : Build VSCORE.14.4.0.387

/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Windows\System32\NlsData0018.dll

by C:\Windows\system32\WerFault.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 8/14/2012 10:41:15 AM | Computer Name = DTC-PC | Source = Application Error | ID = 1000

Description = Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610,

time stamp: 0x4dc0d019 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,

time stamp: 0x4e21213c Exception code: 0xc0000006 Fault offset: 0x000000000000cacd

Faulting

process id: 0xd98 Faulting application start time: 0x01cd7a2a43de8286 Faulting application

path: C:\Windows\system32\SearchIndexer.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll

Report

Id: 19322285-e61e-11e1-8e79-a4badba72b83

Error - 8/14/2012 10:41:15 AM | Computer Name = DTC-PC | Source = Application Error | ID = 1005

Description = Windows cannot access the file C:\Windows\System32\NlsData0018.dll

for one of the following reasons: there is a problem with the network connection,

the disk that the file is stored on, or the storage drivers installed on this computer;

or the disk is missing. Windows closed the program Microsoft Windows Search Indexer

because of this error. Program: Microsoft Windows Search Indexer File: C:\Windows\System32\NlsData0018.dll

The

error value is listed in the Additional Data section. User Action 1. Open the file

again. This situation might be a temporary problem that corrects itself when the

program runs again. 2. If the file still cannot be accessed and - It is on the network,

your

network administrator should verify that there is not a problem with the network

and that the server can be contacted. - It is on a removable disk, for example,

a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.

3.

Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,

click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,

and then press ENTER. 4. If the problem persists, restore the file from a backup

copy. 5. Determine whether other files on the same disk can be opened. If not, the

disk might be damaged. If it is a hard disk, contact your administrator or computer

hardware vendor for further assistance. Additional Data Error value: C0000185 Disk

type: 3

Error - 8/14/2012 10:42:47 AM | Computer Name = DTC-PC | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

took longer than 90000 ms to complete a request. The process will be terminated.

Thread

id : 996 (0x3e4) Thread address : 0x000000007776138A Thread message : Build VSCORE.14.4.0.387

/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Windows\System32\NlsData0018.dll

by C:\Windows\system32\WerFault.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 8/14/2012 10:46:47 AM | Computer Name = DTC-PC | Source = Application Error | ID = 1000

Description = Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610,

time stamp: 0x4dc0d019 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,

time stamp: 0x4e21213c Exception code: 0xc0000006 Fault offset: 0x000000000000cacd

Faulting

process id: 0xf88 Faulting application start time: 0x01cd7a2b13258ade Faulting application

path: C:\Windows\system32\SearchIndexer.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll

Report

Id: df1a593d-e61e-11e1-8e79-a4badba72b83

Error - 8/14/2012 10:46:47 AM | Computer Name = DTC-PC | Source = Application Error | ID = 1005

Description = Windows cannot access the file C:\Windows\System32\NlsData0018.dll

for one of the following reasons: there is a problem with the network connection,

the disk that the file is stored on, or the storage drivers installed on this computer;

or the disk is missing. Windows closed the program Microsoft Windows Search Indexer

because of this error. Program: Microsoft Windows Search Indexer File: C:\Windows\System32\NlsData0018.dll

The

error value is listed in the Additional Data section. User Action 1. Open the file

again. This situation might be a temporary problem that corrects itself when the

program runs again. 2. If the file still cannot be accessed and - It is on the network,

your

network administrator should verify that there is not a problem with the network

and that the server can be contacted. - It is on a removable disk, for example,

a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.

3.

Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,

click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,

and then press ENTER. 4. If the problem persists, restore the file from a backup

copy. 5. Determine whether other files on the same disk can be opened. If not, the

disk might be damaged. If it is a hard disk, contact your administrator or computer

hardware vendor for further assistance. Additional Data Error value: C0000185 Disk

type: 3

[ Broadcom Wireless LAN Events ]

Error - 7/23/2012 9:10:42 AM | Computer Name = DTC-PC | Source = WLAN-Tray | ID = 0

Description = 08:10:42, Mon, Jul 23, 12 Error - Unable to gain access to user store

Error - 7/25/2012 11:05:04 PM | Computer Name = DTC-PC | Source = WLAN-Tray | ID = 0

Description = 22:05:04, Wed, Jul 25, 12 Error - Unable to gain access to user store

Error - 7/26/2012 4:57:29 PM | Computer Name = DTC-PC | Source = WLAN-Tray | ID = 0

Description = 15:57:29, Thu, Jul 26, 12 Error - Unable to decode string, error 87

Error - 7/28/2012 12:47:22 AM | Computer Name = DTC-PC | Source = WLAN-Tray | ID = 0

Description = 23:44:37, Fri, Jul 27, 12 Error - Unable to gain access to user store

Error - 8/4/2012 10:56:04 PM | Computer Name = DTC-PC | Source = WLAN-Tray | ID = 0

Description = 21:56:04, Sat, Aug 04, 12 Error - Unable to gain access to user store

[ Media Center Events ]

Error - 2/1/2012 6:30:29 PM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0

Description = 4:30:18 PM - Failed to retrieve SportsV2 (Error: The underlying connection

was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

Error - 5/19/2012 11:01:43 PM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0

Description = 10:01:43 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP

status 404: The requested URL does not exist on the server. )

Error - 5/20/2012 10:49:52 AM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0

Description = 9:49:38 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP

status 404: The requested URL does not exist on the server. )

Error - 5/20/2012 11:14:37 PM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0

Description = 10:14:37 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP

status 404: The requested URL does not exist on the server. )

Error - 5/21/2012 12:14:56 AM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0

Description = 11:14:55 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP

status 404: The requested URL does not exist on the server. )

Error - 5/21/2012 6:18:54 PM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0

Description = 5:18:54 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP

status 404: The requested URL does not exist on the server. )

Error - 5/22/2012 7:26:00 AM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0

Description = 6:25:54 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP

status 404: The requested URL does not exist on the server. )

Error - 5/22/2012 6:16:00 PM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0

Description = 5:16:00 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP

status 404: The requested URL does not exist on the server. )

Error - 5/23/2012 8:35:56 AM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0

Description = 7:35:52 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP

status 404: The requested URL does not exist on the server. )

Error - 6/9/2012 7:00:33 AM | Computer Name = DTC-PC | Source = MCUpdate | ID = 0

Description = 6:00:32 AM - Error connecting to the internet. 6:00:32 AM - Unable

to contact server..

[ System Events ]

Error - 8/14/2012 10:29:05 AM | Computer Name = DTC-PC | Source = Service Control Manager | ID = 7034

Description = The Windows Search service terminated unexpectedly. It has done this

3 time(s).

Error - 8/14/2012 10:33:16 AM | Computer Name = DTC-PC | Source = Microsoft-Windows-CorruptedFileRecovery-Server | ID = 10

Description = The system file C:\Windows\System32\NlsData0018.dll may be corrupted,

but Windows could not determine if the file was actually damaged (error code 2147943517).

No repair action was taken. Run the command "sfc /scannow" at an administrative

command prompt to check for errors and to repair the file if necessary.

Error - 8/14/2012 10:36:58 AM | Computer Name = DTC-PC | Source = Service Control Manager | ID = 7031

Description = The McAfee McShield service terminated unexpectedly. It has done

this 5 time(s). The following corrective action will be taken in 5000 milliseconds:

Restart the service.

Error - 8/14/2012 10:36:59 AM | Computer Name = DTC-PC | Source = Service Control Manager | ID = 7034

Description = The Windows Search service terminated unexpectedly. It has done this

4 time(s).

Error - 8/14/2012 10:41:14 AM | Computer Name = DTC-PC | Source = Microsoft-Windows-CorruptedFileRecovery-Server | ID = 10

Description = The system file C:\Windows\System32\NlsData0018.dll may be corrupted,

but Windows could not determine if the file was actually damaged (error code 2147943517).

No repair action was taken. Run the command "sfc /scannow" at an administrative

command prompt to check for errors and to repair the file if necessary.

Error - 8/14/2012 10:42:47 AM | Computer Name = DTC-PC | Source = Service Control Manager | ID = 7034

Description = The McAfee McShield service terminated unexpectedly. It has done

this 6 time(s).

Error - 8/14/2012 10:42:48 AM | Computer Name = DTC-PC | Source = Service Control Manager | ID = 7034

Description = The Windows Search service terminated unexpectedly. It has done this

5 time(s).

Error - 8/14/2012 10:46:46 AM | Computer Name = DTC-PC | Source = Microsoft-Windows-CorruptedFileRecovery-Server | ID = 10

Description = The system file C:\Windows\System32\NlsData0018.dll may be corrupted,

but Windows could not determine if the file was actually damaged (error code 2147943517).

No repair action was taken. Run the command "sfc /scannow" at an administrative

command prompt to check for errors and to repair the file if necessary.

Error - 8/14/2012 10:46:47 AM | Computer Name = DTC-PC | Source = Service Control Manager | ID = 7034

Description = The Windows Search service terminated unexpectedly. It has done this

6 time(s).

Error - 8/14/2012 10:50:15 AM | Computer Name = DTC-PC | Source = Microsoft-Windows-CorruptedFileRecovery-Server | ID = 10

Description = The system file C:\Windows\System32\NlsData0018.dll may be corrupted,

but Windows could not determine if the file was actually damaged (error code 2147943517).

No repair action was taken. Run the command "sfc /scannow" at an administrative

command prompt to check for errors and to repair the file if necessary.

< End of report >

Share this post


Link to post
Share on other sites

I ran sfc /scannow on my Windows 7 and it opened a small DOS window that closed after a split-second. I ran it twice just to make sure it did something, but it definitely opened, if only briefly. I restarted, uninstalled Malware Bytes, restarted again, installed it and got the same response. mbam.exe *32 runs as a process for a few minutes, then disappears without the program ever opening.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites

Hi there again. Sorry, my mother in law was in town last week so I didn't bother to keep up with this forum.

No, there are no error messages that present themselves when I try to run MalwareBytes. The only reason I know the mbam.exe process runs is because I've started monitoring what my computer is doing with Task Manager. There was no error message when I ran sfc either. I hope this helps.

Share this post


Link to post
Share on other sites

Try to temporarily disable McAfee and try again.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.