Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The specified service does not exist as an installed service


  • This topic is locked This topic is locked
20 replies to this topic

#1 Wags89

Wags89

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 11 August 2012 - 06:45 PM

Hi, My computer is in the hurt locker. Wednesday evening, Mcafee told me I had a trojan virus (I don't remember the name) and that it needed to reboot to remove it. Once it restarted, programs wouldn't run anymore. I am getting "The specified service does not exist as an installed service". The Audio is off, the Network icon has a red X in it. The things that do run take a long time to start and run. I.e bringing up the folders and then trying to switch to another directory can take a minute or more. Limited success getting things to run in safe mode. I did run a full scan with Mcafee and it said the machine is clean. I also used their stinger program with a clean result. Windows says I dont' have any restore points.. Hopefully you can work a small miracle.

Thanks,
Greg

P.s. My computer is a Toshiba Satelite Laptop Model L355D-7815s running Vista32


.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Greg Wagner at 15:46:53 on 2012-08-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.2337 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = Preserve
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Armada Custom Toolbar: {29c0f5ff-3564-46bc-9f4a-50c73f426486} - c:\program files\armadacustomtoolbar\armadacustomtoolbarX.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120804152650.dll
BHO: OpenXMLViewer Helper: {803ef67b-3ccd-4750-8b3c-72b070a59192} - c:\program files\openxmlviewer_ie\OpenXMLViewer.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Armada Custom Toolbar: {29c0f5ff-3564-46bc-9f4a-50c73f426486} - c:\program files\armadacustomtoolbar\armadacustomtoolbarX.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\greg wagner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [chromium] c:\users\greg wagner\appdata\local\google\chrome\application\chrome.exe --no-startup-window
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [MotoCast] "c:\program files\motorola mobility\motocast\MotoLauncher.lnk"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Facebook Update] "c:\users\greg wagner\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [rsvip] rundll32.exe "c:\users\greg wagner\appdata\roaming\rsvip.dll",WriteSpan
mRun: [SynTPEnh] H.EXE
mRun: [TPwrMain] .EXE
mRun: [HSON] .EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] .EXE
mRun: [Windows Defender] DER\MSASCUI.EXE -HIDE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [NDSTray.exe] DSTRAY.EXE
mRun: [cfFncEnabler.exe] ABLER.EXE
mRun: [McAfeeUpdaterUI] KEY
mRun: [lxdwmon.exe] .EXE"
mRun: [lxdwamon] .EXE"
mRun: [<NO NAME>]
mRun: [accrdsub] T\ACCRDSUB.EXE"
mRun: [S6000Mnt] T
mRun: [ArcSoft Connection Service] .EXE
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [StartCCC] OLOGIES\ATI.ACE\CORE-STATIC\CLISTART.EXE" MSRUN
mRun: [SunJavaUpdateSched] FILES\JAVA\JAVA UPDATE\JUSCHED.EXE"
mRun: [mcui_exe] KEY
mRunOnce: [SetupTVAP] "c:\users\greg wagner\appdata\local\temp\util_tvap_tc00214700m.temp\Setup.exe" /Msg
StartupFolder: c:\users\gregwa~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\greg wagner\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdquic~1.lnk - c:\program files\western digital\wd smartware\WDDMStatus.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: disa.mil
Trusted Zone: line6.net
Trusted Zone: navy.mil
Trusted Zone: navy.mil\chart.donhr
Trusted Zone: navy.mil\webmail.east.nmci
Trusted Zone: osd.mil
Trusted Zone: osd.mil\dtsproweb.defensetravel
Trusted Zone: osd.mil\www.defensetravel
DPF: {155E724D-D3EE-4078-B226-871EF322E512} - hxxps://ucstcdom02.ahf.nmci.navy.mil/system/webref01.nsf/(vwfiles)/hqwebeip/$file/dliuploaderpro.cab
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{2863352B-78F6-4CA1-A9AD-693AF7C96463} : DhcpNameServer = 192.168.1.1 71.252.0.12
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - c:\program files\skyline\terraexplorer\TerraExplorerX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\greg wagner\appdata\roaming\mozilla\firefox\profiles\eikuis8k.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\users\greg wagner\appdata\roaming\mozilla\firefox\profiles\eikuis8k.default\extensions\{29c0f5ff-3564-46bc-9f4a-50c73f426486}\components\dtTransparency.dll
FF - component: c:\users\greg wagner\appdata\roaming\mozilla\firefox\profiles\eikuis8k.default\extensions\{29c0f5ff-3564-46bc-9f4a-50c73f426486}\components\dtTransparency3.5.dll
FF - component: c:\users\greg wagner\appdata\roaming\mozilla\firefox\profiles\eikuis8k.default\extensions\{29c0f5ff-3564-46bc-9f4a-50c73f426486}\components\dtTransparency3.6.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\gradkell systems, inc\dbsign data security suite\common\lib\npDbsGscInfo.dll
FF - plugin: c:\program files\gradkell systems, inc\dbsign data security suite\common\lib\npDBsignWeb.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\greg wagner\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\greg wagner\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\greg wagner\appdata\roaming\mozilla\firefox\profiles\eikuis8k.default\extensions\2020player@2020technologies.com\plugins\NP2020Player.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com
FF - Ext: MP3 Rocket Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ArmadaCustom Toolbar: {29c0f5ff-3564-46bc-9f4a-50c73f426486} - %profile%\extensions\{29c0f5ff-3564-46bc-9f4a-50c73f426486}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\DivXHTML5
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\mcafee\SiteAdvisor
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-14 475704]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-6-16 20384]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2012-8-2 64912]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-8-2 169608]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-2 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-8-2 161664]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-8-2 159608]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-5 7168]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-8-2 340920]
S2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2012-6-5 87400]
S2 gupdate1c9e253e5b50310;Google Update Service (gupdate1c9e253e5b50310);c:\program files\google\update\GoogleUpdate.exe [2009-5-31 133104]
S2 lxba_device;lxba_device;c:\windows\system32\lxbacoms.exe -service --> c:\windows\system32\lxbacoms.exe -service [?]
S2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]
S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdwserv.exe [2008-5-16 98984]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-2 214904]
S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-8-25 103744]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-2 214904]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-2 214904]
S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-8-2 166320]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2012-6-4 116632]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2010-6-24 196928]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-6-24 65856]
S2 PST Service;PST Service;c:\program files\motorola\motforwarddaemon\ForwardDaemon.exe [2012-6-14 65657]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
S2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\WDDMService.exe [2011-8-1 263056]
S2 WDFMEService;WDFMEService;c:\program files\western digital\wd smartware\WDFME.exe [2011-8-1 1592208]
S2 WDRulesService;WDRulesService;c:\program files\western digital\wd smartware\WDRulesEngine.exe [2011-8-1 1091984]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-17 250056]
S3 APL531;CRS Photo Scanner;c:\windows\system32\drivers\PS550.sys [2008-1-28 580992]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-8-4 57600]
S3 DCamUSBET;ET USB 2760 Camera;c:\windows\system32\drivers\etDevice.sys [2007-7-20 471808]
S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\drivers\etFilter.sys [2007-6-14 201216]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-25 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-5-5 30192]
S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\drivers\GPWADrv.sys [2011-11-30 583168]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-31 133104]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-6-16 954368]
S3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2012-8-2 198904]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-8-2 180848]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-8-2 59456]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-8-2 87656]
S3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [2011-8-5 31616]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\drivers\S6000KNT.sys [2011-12-26 3328472]
S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\drivers\etScan.sys [2007-7-23 6656]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-5-16 9216]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 McOobeSv;McAfee OOBE Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-2 214904]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-08-11 21:51:43 -------- d-----w- C:\FRST
2012-08-11 00:03:32 -------- d-----w- c:\program files\stinger
2012-08-06 02:35:20 -------- d-----w- c:\programdata\036E1E737FBC0381577263192F3B707C
2012-08-06 02:34:17 164352 --sha-w- c:\users\greg wagner\appdata\roaming\rsvip.dll
2012-08-04 19:26:50 29312 ----a-w- c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll
2012-08-04 19:26:28 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-08-03 02:01:05 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2012-08-03 02:01:03 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-08-03 02:00:11 64912 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-08-03 02:00:11 169608 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-08-03 02:00:10 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-08-03 02:00:10 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-08-03 02:00:10 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-08-03 02:00:10 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-08-03 01:59:17 -------- d-----w- c:\program files\common files\Mcafee
2012-08-03 01:59:16 -------- d-----w- c:\program files\McAfee.com
2012-08-03 01:57:52 159608 ----a-w- c:\windows\system32\mfevtps.exe
2012-08-03 01:57:52 151912 ----a-w- c:\windows\system32\mfevtps.exe.0912.deleteme
2012-08-03 01:53:29 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d002f041-32f2-4850-aefd-509477ffc941}\mpengine.dll
2012-07-25 23:22:15 -------- d-----w- c:\program files\Defraggler
2012-07-18 01:15:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-08-11 00:03:46 475704 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-08-02 22:49:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-25 20:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-24 23:28:47 2991634 ----a-w- c:\programdata\SPLB7D9.tmp
2012-06-15 01:52:40 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 15:48:45.47 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 16 August 2012 - 06:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/464829 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Wags89

Wags89
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 17 August 2012 - 02:55 PM

Yes, I have the original system disks.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 PM

Posted 18 August 2012 - 09:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Please post the logs for my review.

#5 Wags89

Wags89
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 18 August 2012 - 04:17 PM

nasdaq, Thank you for your help. Here are the files. I could only get them to run in Safe mode.

ComboFix 12-08-17.03 - Greg Wagner 08/18/2012 14:43:26.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.2337 [GMT -4:00]
Running from: c:\users\Greg Wagner\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
ADS - Windows: deleted 128 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPLAA62.tmp
c:\programdata\SPLB7D9.tmp
c:\users\Greg Wagner\AppData\Roaming\rsvip.dll
c:\users\Greg Wagner\g2mdlhlpx.exe
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))
.
.
2012-08-18 18:50 . 2012-08-18 18:51 -------- d-----w- c:\users\Greg Wagner\AppData\Local\temp
2012-08-18 18:50 . 2012-08-18 18:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-12 02:12 . 2012-08-12 02:12 -------- d-----w- c:\program files\Runtime Software
2012-08-11 21:51 . 2012-08-11 21:51 -------- d-----w- C:\FRST
2012-08-11 00:03 . 2012-08-11 00:19 -------- d-----w- c:\program files\stinger
2012-08-06 02:35 . 2012-08-06 02:37 -------- d-----w- c:\programdata\036E1E737FBC0381577263192F3B707C
2012-08-04 19:26 . 2012-05-25 21:09 29312 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2012-08-04 19:26 . 2012-02-22 17:29 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-08-03 02:01 . 2010-10-14 02:28 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2012-08-03 02:01 . 2012-02-22 17:29 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-08-03 02:00 . 2012-02-22 17:29 64912 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-08-03 02:00 . 2012-02-22 17:29 169608 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-08-03 02:00 . 2012-08-11 00:03 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-08-03 02:00 . 2012-02-22 17:29 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-08-03 02:00 . 2012-02-22 17:29 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-08-03 02:00 . 2012-02-22 17:29 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-08-03 01:59 . 2012-08-03 02:02 -------- d-----w- c:\program files\Common Files\Mcafee
2012-08-03 01:59 . 2012-08-03 01:59 -------- d-----w- c:\program files\McAfee.com
2012-08-03 01:57 . 2012-08-11 00:03 159608 ----a-w- c:\windows\system32\mfevtps.exe
2012-08-03 01:53 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D002F041-32F2-4850-AEFD-509477FFC941}\mpengine.dll
2012-07-25 23:22 . 2012-07-25 23:22 -------- d-----w- c:\program files\Defraggler
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-11 00:03 . 2010-10-14 04:28 475704 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-08-02 22:49 . 2012-07-18 01:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 22:49 . 2011-05-21 02:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-01 22:29 . 2012-07-01 22:29 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-15 01:52 . 2012-06-15 01:52 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
2012-06-13 13:40 . 2012-07-12 07:19 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-11 23:23 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 23:23 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 23:22 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-21 11:43 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:43 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 11:43 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:43 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 11:43 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 11:43 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 11:43 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 11:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 11:42 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-12 07:07 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 07:07 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 07:07 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 07:07 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 07:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04 . 2012-07-11 23:22 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 23:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 16:25 . 2009-10-04 22:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2010-07-28 02:11 . 2009-11-12 23:45 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-10-14 02:28 . 2012-08-03 02:01 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29c0f5ff-3564-46bc-9f4a-50c73f426486}]
2010-10-27 20:13 81920 ----a-w- c:\program files\armadacustomtoolbar\armadacustomtoolbarX.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-04-09 21:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{29c0f5ff-3564-46bc-9f4a-50c73f426486}"= "c:\program files\armadacustomtoolbar\armadacustomtoolbarX.dll" [2010-10-27 81920]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{29c0f5ff-3564-46bc-9f4a-50c73f426486}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Greg Wagner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Greg Wagner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Greg Wagner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-24 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"chromium"="c:\users\Greg Wagner\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-07-31 1229848]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2012-07-24 3091296]
"MotoCast"="c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-06-15 1855]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-03 17417392]
"Facebook Update"="c:\users\Greg Wagner\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="KEY" [X]
"S6000Mnt"="T" [X]
"StartCCC"="OLOGIES\ATI.ACE\CORE-STATIC\CLISTART.EXE MSRUN" [X]
"mcui_exe"="KEY" [X]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-28 30192]
"NDSTray.exe"="DSTRAY.EXE" [BU]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-04-09 1557160]
.
c:\users\Greg Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Greg Wagner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 3983760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Xacti Screen Capture 1.1.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Xacti Screen Capture 1.1.lnk
backup=c:\windows\pss\Xacti Screen Capture 1.1.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 00:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 00:54 138096 ----atw- c:\users\Greg Wagner\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-05-01 02:00 133104 ----atw- c:\users\Greg Wagner\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-04-08 22:14 6037504 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetIcon]
2004-04-28 18:02 42496 ----a-w- c:\program files\SMSC\SetIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-24 19:58 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [x]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PXHELP20
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bdx REG_MULTI_SZ sysagent
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 22:49]
.
2012-08-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2875643067-1621112102-2647771907-1000Core.job
- c:\users\Greg Wagner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 00:54]
.
2012-08-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2875643067-1621112102-2647771907-1000UA.job
- c:\users\Greg Wagner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 00:54]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 00:56]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 00:56]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2875643067-1621112102-2647771907-1000Core.job
- c:\users\Greg Wagner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-01 02:00]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2875643067-1621112102-2647771907-1000UA.job
- c:\users\Greg Wagner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-01 02:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: disa.mil
Trusted Zone: line6.net
Trusted Zone: navy.mil
Trusted Zone: navy.mil\chart.donhr
Trusted Zone: navy.mil\webmail.east.nmci
Trusted Zone: osd.mil
Trusted Zone: osd.mil\dtsproweb.defensetravel
Trusted Zone: osd.mil\www.defensetravel
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
DPF: {155E724D-D3EE-4078-B226-871EF322E512} - hxxps://ucstcdom02.ahf.nmci.navy.mil/system/webref01.nsf/(vwfiles)/hqwebeip/$file/dliuploaderpro.cab
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\users\Greg Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\eikuis8k.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com
FF - Ext: MP3 Rocket Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ArmadaCustom Toolbar: {29c0f5ff-3564-46bc-9f4a-50c73f426486} - %profile%\extensions\{29c0f5ff-3564-46bc-9f4a-50c73f426486}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-rsvip - c:\users\Greg Wagner\AppData\Roaming\rsvip.dll
HKLM-Run-SynTPEnh - H.EXE
HKLM-Run-TPwrMain - .EXE
HKLM-Run-HSON - .EXE
HKLM-Run-SmoothView - c:\program files\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - .EXE
HKLM-Run-cfFncEnabler.exe - ABLER.EXE
HKLM-Run-lxdwmon.exe - .EXE
HKLM-Run-lxdwamon - .EXE
HKLM-Run-accrdsub - T\ACCRDSUB.EXE
HKLM-Run-ArcSoft Connection Service - .EXE
HKLM-Run-SunJavaUpdateSched - FILES\JAVA\JAVA UPDATE\JUSCHED.EXE
HKLM-RunOnce-SetupTVAP - c:\users\Greg Wagner\AppData\Local\Temp\util_tvap_TC00214700M.temp\Setup.exe
AddRemove-CRS Photo Scanner - c:\windows\omniuns.exe USB\VID_0FEB&PID_2015 CRS Photo Scanner
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-18 14:51
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(680)
c:\users\Greg Wagner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-08-18 14:53:43
ComboFix-quarantined-files.txt 2012-08-18 18:53
.
Pre-Run: 46,834,233,344 bytes free
Post-Run: 47,005,667,328 bytes free
.
- - End Of File - - 556364DDE8E78F3957BA86A034A7AF7F

Results of screen317's Security Check version 0.99.46
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java™ 6 Update 20
Java™ 6 Update 32
Java version out of Date!
Adobe Flash Player 11.3.300.270
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader X 10.1.1 Adobe Reader out of Date!
Mozilla Firefox (3.6.18) Firefox out of Date!
Mozilla Thunderbird (2.0.0 Thunderbird out of Date!
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````


# AdwCleaner v1.801 - Logfile created 08/18/2012 at 17:06:10
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Greg Wagner - GREGWAGNER-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Greg Wagner\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Greg Wagner\AppData\Local\APN
Folder Found : C:\Users\Greg Wagner\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Greg Wagner\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Greg Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\eikuis8k.default\extensions\toolbar@ask.com
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Program Files\Mozilla Firefox\.autoreg

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.18 (en-US)

Profile name : default
File : C:\Users\Greg Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\eikuis8k.default\prefs.js

Found : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Found : user_pref("extensions.asktb.abar-war-timeout", "4000");
Found : user_pref("extensions.asktb.apn_dbr", "cr_17.0.963.56");
Found : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Found : user_pref("extensions.asktb.cbid", "RV");
Found : user_pref("extensions.asktb.config-updated", false);
Found : user_pref("extensions.asktb.cr-o", "15863cr");
Found : user_pref("extensions.asktb.crumb", "2012.02.23+18.20.08-toolbar003iad-US-V2FzaGluZ3RvbixEQyxVbml0ZW[...]
Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Found : user_pref("extensions.asktb.displaybehavior", "");
Found : user_pref("extensions.asktb.displaytext", "");
Found : user_pref("extensions.asktb.dtid", "YYYYYYU2US");
Found : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Found : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "USDC0001");
Found : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "F");
Found : user_pref("extensions.asktb.guid", "f9edee8e-323c-4fca-8208-7da595c39487");
Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Found : user_pref("extensions.asktb.if", "first");
Found : user_pref("extensions.asktb.l", "dis");
Found : user_pref("extensions.asktb.last-config-req", "1333837192663");
Found : user_pref("extensions.asktb.last-search-timestamp", "1340507202003");
Found : user_pref("extensions.asktb.last-v", "3.14.1.100010");
Found : user_pref("extensions.asktb.locale", "en_US");
Found : user_pref("extensions.asktb.location", "Washington,DC,United States");
Found : user_pref("extensions.asktb.lstation", "");
Found : user_pref("extensions.asktb.new-tab-enabled", true);
Found : user_pref("extensions.asktb.o", "15863");
Found : user_pref("extensions.asktb.pstate", "");
Found : user_pref("extensions.asktb.qsrc", "2871");
Found : user_pref("extensions.asktb.sa", "NO");
Found : user_pref("extensions.asktb.search-history-queries", "we're riding on the escalator of life");
Found : user_pref("extensions.asktb.search-suggestions-enabled", true);
Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Found : user_pref("extensions.asktb.socialmini-first", true);
Found : user_pref("extensions.asktb.socialmini-interval", "1200000");
Found : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Found : user_pref("extensions.asktb.socialmini-max-items", "30");
Found : user_pref("extensions.asktb.socialmini-native-on", true);
Found : user_pref("extensions.asktb.socialmini-speed", "10000");
Found : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Found : user_pref("extensions.asktb.themeid", "");
Found : user_pref("extensions.asktb.timeinstalled", "2/23/2012 9:22:44 PM");
Found : user_pref("extensions.asktb.to", "");

-\\ Google Chrome v21.0.1180.60

File : C:\Users\Greg Wagner\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "scriptable_host": [ "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*.childrenschorus.[...]
Found : "matches": [ "*://*.google.com/*", "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*[...]
Found : "update_url": "hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php[...]

*************************

AdwCleaner[R1].txt - [7585 octets] - [18/08/2012 17:06:10]

########## EOF - C:\AdwCleaner[R1].txt - [7713 octets] ##########

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 PM

Posted 19 August 2012 - 07:58 AM

Open notepad and copy/paste the text in the quote box below into it:


Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"=-
"S6000Mnt"=-
"StartCCC"=-
"mcui_exe"=-
"NDSTray.exe"=-

ClearJavaCache::



Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 20
Java™ 6 Update 32


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Remove the AdWare.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

===

Please run the System File Checker tool
How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833

Please post the logs and let me know what problem persists.

#7 Wags89

Wags89
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 19 August 2012 - 11:24 AM

Here are the results. I have no services, so can't get to the network/internet to get updates. I was also not able to remove the two instances of JAVA. I had to all diagnostics in SAFE mode. Network service is off, Audio service is off. CCleaner wouldn't run due to the service problem.

ComboFix 12-08-17.03 - Greg Wagner 08/19/2012 10:50:04.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.2049 [GMT -4:00]
Running from: c:\users\Greg Wagner\Desktop\ComboFix.exe
Command switches used :: D:\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 )))))))))))))))))))))))))))))))
.
.
2012-08-19 14:56 . 2012-08-19 14:56 -------- d-----w- c:\users\Greg Wagner\AppData\Local\temp
2012-08-19 14:56 . 2012-08-19 14:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-12 02:12 . 2012-08-12 02:12 -------- d-----w- c:\program files\Runtime Software
2012-08-11 21:51 . 2012-08-11 21:51 -------- d-----w- C:\FRST
2012-08-11 00:03 . 2012-08-11 00:19 -------- d-----w- c:\program files\stinger
2012-08-06 02:35 . 2012-08-06 02:37 -------- d-----w- c:\programdata\036E1E737FBC0381577263192F3B707C
2012-08-04 19:26 . 2012-05-25 21:09 29312 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2012-08-04 19:26 . 2012-02-22 17:29 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-08-03 02:01 . 2010-10-14 02:28 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2012-08-03 02:01 . 2012-02-22 17:29 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-08-03 02:00 . 2012-02-22 17:29 64912 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-08-03 02:00 . 2012-02-22 17:29 169608 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-08-03 02:00 . 2012-08-11 00:03 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-08-03 02:00 . 2012-02-22 17:29 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-08-03 02:00 . 2012-02-22 17:29 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-08-03 02:00 . 2012-02-22 17:29 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-08-03 01:59 . 2012-08-03 02:02 -------- d-----w- c:\program files\Common Files\Mcafee
2012-08-03 01:59 . 2012-08-03 01:59 -------- d-----w- c:\program files\McAfee.com
2012-08-03 01:57 . 2012-08-11 00:03 159608 ----a-w- c:\windows\system32\mfevtps.exe
2012-08-03 01:53 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D002F041-32F2-4850-AEFD-509477FFC941}\mpengine.dll
2012-07-25 23:22 . 2012-07-25 23:22 -------- d-----w- c:\program files\Defraggler
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-11 00:03 . 2010-10-14 04:28 475704 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-08-02 22:49 . 2012-07-18 01:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 22:49 . 2011-05-21 02:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-01 22:29 . 2012-07-01 22:29 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-15 01:52 . 2012-06-15 01:52 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
2012-06-13 13:40 . 2012-07-12 07:19 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-11 23:23 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 23:23 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 23:22 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-21 11:43 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:43 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 11:43 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:43 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 11:43 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 11:43 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 11:43 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 11:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 11:42 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-12 07:07 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 07:07 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 07:07 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 07:07 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 07:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04 . 2012-07-11 23:22 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 23:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 16:25 . 2009-10-04 22:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2010-07-28 02:11 . 2009-11-12 23:45 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-10-14 02:28 . 2012-08-03 02:01 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29c0f5ff-3564-46bc-9f4a-50c73f426486}]
2010-10-27 20:13 81920 ----a-w- c:\program files\armadacustomtoolbar\armadacustomtoolbarX.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-04-09 21:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{29c0f5ff-3564-46bc-9f4a-50c73f426486}"= "c:\program files\armadacustomtoolbar\armadacustomtoolbarX.dll" [2010-10-27 81920]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{29c0f5ff-3564-46bc-9f4a-50c73f426486}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Greg Wagner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Greg Wagner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Greg Wagner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-24 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"chromium"="c:\users\Greg Wagner\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-07-31 1229848]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2012-07-24 3091296]
"MotoCast"="c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-06-15 1855]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-03 17417392]
"Facebook Update"="c:\users\Greg Wagner\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-28 30192]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-04-09 1557160]
.
c:\users\Greg Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Greg Wagner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 3983760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Xacti Screen Capture 1.1.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Xacti Screen Capture 1.1.lnk
backup=c:\windows\pss\Xacti Screen Capture 1.1.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 00:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 00:54 138096 ----atw- c:\users\Greg Wagner\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-05-01 02:00 133104 ----atw- c:\users\Greg Wagner\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-04-08 22:14 6037504 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetIcon]
2004-04-28 18:02 42496 ----a-w- c:\program files\SMSC\SetIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-24 19:58 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [x]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bdx REG_MULTI_SZ sysagent
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 22:49]
.
2012-08-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2875643067-1621112102-2647771907-1000Core.job
- c:\users\Greg Wagner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 00:54]
.
2012-08-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2875643067-1621112102-2647771907-1000UA.job
- c:\users\Greg Wagner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 00:54]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 00:56]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 00:56]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2875643067-1621112102-2647771907-1000Core.job
- c:\users\Greg Wagner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-01 02:00]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2875643067-1621112102-2647771907-1000UA.job
- c:\users\Greg Wagner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-01 02:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: disa.mil
Trusted Zone: line6.net
Trusted Zone: navy.mil
Trusted Zone: navy.mil\chart.donhr
Trusted Zone: navy.mil\webmail.east.nmci
Trusted Zone: osd.mil
Trusted Zone: osd.mil\dtsproweb.defensetravel
Trusted Zone: osd.mil\www.defensetravel
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
DPF: {155E724D-D3EE-4078-B226-871EF322E512} - hxxps://ucstcdom02.ahf.nmci.navy.mil/system/webref01.nsf/(vwfiles)/hqwebeip/$file/dliuploaderpro.cab
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\users\Greg Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\eikuis8k.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com
FF - Ext: MP3 Rocket Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ArmadaCustom Toolbar: {29c0f5ff-3564-46bc-9f4a-50c73f426486} - %profile%\extensions\{29c0f5ff-3564-46bc-9f4a-50c73f426486}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-19 10:56
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1960)
c:\users\Greg Wagner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-08-19 10:58:16
ComboFix-quarantined-files.txt 2012-08-19 14:58
ComboFix2.txt 2012-08-18 18:53
.
Pre-Run: 46,999,851,008 bytes free
Post-Run: 46,988,005,376 bytes free
.
- - End Of File - - 57FEEDF78516698FA53ABF281CADC852


# AdwCleaner v1.801 - Logfile created 08/19/2012 at 11:12:29
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Greg Wagner - GREGWAGNER-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Greg Wagner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Greg Wagner\AppData\Local\APN
Folder Deleted : C:\Users\Greg Wagner\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Greg Wagner\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Greg Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\eikuis8k.default\extensions\toolbar@ask.com
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.18 (en-US)

Profile name : default
File : C:\Users\Greg Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\eikuis8k.default\prefs.js

Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000");
Deleted : user_pref("extensions.asktb.apn_dbr", "cr_17.0.963.56");
Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Deleted : user_pref("extensions.asktb.cbid", "RV");
Deleted : user_pref("extensions.asktb.config-updated", false);
Deleted : user_pref("extensions.asktb.cr-o", "15863cr");
Deleted : user_pref("extensions.asktb.crumb", "2012.02.23+18.20.08-toolbar003iad-US-V2FzaGluZ3RvbixEQyxVbml0ZW[...]
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Deleted : user_pref("extensions.asktb.displaybehavior", "");
Deleted : user_pref("extensions.asktb.displaytext", "");
Deleted : user_pref("extensions.asktb.dtid", "YYYYYYU2US");
Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "USDC0001");
Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "F");
Deleted : user_pref("extensions.asktb.guid", "f9edee8e-323c-4fca-8208-7da595c39487");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "first");
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1333837192663");
Deleted : user_pref("extensions.asktb.last-search-timestamp", "1340507202003");
Deleted : user_pref("extensions.asktb.last-v", "3.14.1.100010");
Deleted : user_pref("extensions.asktb.locale", "en_US");
Deleted : user_pref("extensions.asktb.location", "Washington,DC,United States");
Deleted : user_pref("extensions.asktb.lstation", "");
Deleted : user_pref("extensions.asktb.new-tab-enabled", true);
Deleted : user_pref("extensions.asktb.o", "15863");
Deleted : user_pref("extensions.asktb.pstate", "");
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.sa", "NO");
Deleted : user_pref("extensions.asktb.search-history-queries", "we're riding on the escalator of life");
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.socialmini-first", true);
Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Deleted : user_pref("extensions.asktb.socialmini-speed", "10000");
Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.timeinstalled", "2/23/2012 9:22:44 PM");
Deleted : user_pref("extensions.asktb.to", "");

-\\ Google Chrome v21.0.1180.60

File : C:\Users\Greg Wagner\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "scriptable_host": [ "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*.childrenschorus.[...]
Deleted : "matches": [ "*://*.google.com/*", "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*[...]
Deleted : "update_url": "hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php[...]

*************************

AdwCleaner[R1].txt - [7714 octets] - [18/08/2012 17:06:10]
AdwCleaner[S1].txt - [7695 octets] - [19/08/2012 11:12:29]

########## EOF - C:\AdwCleaner[S1].txt - [7823 octets] ##########


2012-08-08 22:04:16, Info CSI 00000006 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:04:16, Info CSI 00000007 [SR] Beginning Verify and Repair transaction
2012-08-08 22:04:25, Info CSI 00000009 [SR] Verify complete
2012-08-08 22:04:26, Info CSI 0000000a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:04:26, Info CSI 0000000b [SR] Beginning Verify and Repair transaction
2012-08-08 22:04:36, Info CSI 0000000d [SR] Verify complete
2012-08-08 22:04:36, Info CSI 0000000e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:04:36, Info CSI 0000000f [SR] Beginning Verify and Repair transaction
2012-08-08 22:04:43, Info CSI 00000011 [SR] Verify complete
2012-08-08 22:04:45, Info CSI 00000012 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:04:45, Info CSI 00000013 [SR] Beginning Verify and Repair transaction
2012-08-08 22:04:48, Info CSI 00000015 [SR] Verify complete
2012-08-08 22:04:49, Info CSI 00000016 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:04:49, Info CSI 00000017 [SR] Beginning Verify and Repair transaction
2012-08-08 22:04:52, Info CSI 00000019 [SR] Verify complete
2012-08-08 22:04:53, Info CSI 0000001a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:04:53, Info CSI 0000001b [SR] Beginning Verify and Repair transaction
2012-08-08 22:04:55, Info CSI 0000001d [SR] Verify complete
2012-08-08 22:04:56, Info CSI 0000001e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:04:56, Info CSI 0000001f [SR] Beginning Verify and Repair transaction
2012-08-08 22:04:59, Info CSI 00000021 [SR] Verify complete
2012-08-08 22:05:00, Info CSI 00000022 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:05:00, Info CSI 00000023 [SR] Beginning Verify and Repair transaction
2012-08-08 22:05:02, Info CSI 00000025 [SR] Verify complete
2012-08-08 22:05:03, Info CSI 00000026 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:05:03, Info CSI 00000027 [SR] Beginning Verify and Repair transaction
2012-08-08 22:05:06, Info CSI 00000029 [SR] Verify complete
2012-08-08 22:05:07, Info CSI 0000002a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:05:07, Info CSI 0000002b [SR] Beginning Verify and Repair transaction
2012-08-08 22:05:10, Info CSI 0000002d [SR] Verify complete
2012-08-08 22:05:10, Info CSI 0000002e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:05:10, Info CSI 0000002f [SR] Beginning Verify and Repair transaction
2012-08-08 22:05:13, Info CSI 00000031 [SR] Verify complete
2012-08-08 22:05:14, Info CSI 00000032 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:05:14, Info CSI 00000033 [SR] Beginning Verify and Repair transaction
2012-08-08 22:05:16, Info CSI 00000035 [SR] Verify complete
2012-08-08 22:05:17, Info CSI 00000036 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:05:17, Info CSI 00000037 [SR] Beginning Verify and Repair transaction
2012-08-08 22:05:20, Info CSI 00000039 [SR] Verify complete
2012-08-08 22:05:21, Info CSI 0000003a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:05:21, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2012-08-08 22:05:23, Info CSI 0000003d [SR] Verify complete
2012-08-08 22:05:24, Info CSI 0000003e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:05:24, Info CSI 0000003f [SR] Beginning Verify and Repair transaction
2012-08-08 22:05:27, Info CSI 00000041 [SR] Verify complete
2012-08-08 22:05:28, Info CSI 00000042 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:05:28, Info CSI 00000043 [SR] Beginning Verify and Repair transaction
2012-08-08 22:05:31, Info CSI 00000045 [SR] Verify complete
2012-08-08 22:05:31, Info CSI 00000046 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:05:31, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2012-08-08 22:05:34, Info CSI 00000049 [SR] Verify complete
2012-08-08 22:05:35, Info CSI 0000004a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:05:35, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2012-08-08 22:05:37, Info CSI 0000004d [SR] Verify complete
2012-08-08 22:05:38, Info CSI 0000004e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:05:38, Info CSI 0000004f [SR] Beginning Verify and Repair transaction
2012-08-08 22:05:41, Info CSI 00000051 [SR] Verify complete
2012-08-08 22:05:42, Info CSI 00000052 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:05:42, Info CSI 00000053 [SR] Beginning Verify and Repair transaction
2012-08-08 22:05:44, Info CSI 00000055 [SR] Verify complete
2012-08-08 22:05:45, Info CSI 00000056 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:05:45, Info CSI 00000057 [SR] Beginning Verify and Repair transaction
2012-08-08 22:05:48, Info CSI 00000059 [SR] Verify complete
2012-08-08 22:05:48, Info CSI 0000005a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:05:48, Info CSI 0000005b [SR] Beginning Verify and Repair transaction
2012-08-08 22:05:51, Info CSI 0000005d [SR] Verify complete
2012-08-08 22:05:51, Info CSI 0000005e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:05:51, Info CSI 0000005f [SR] Beginning Verify and Repair transaction
2012-08-08 22:05:54, Info CSI 00000061 [SR] Verify complete
2012-08-08 22:05:55, Info CSI 00000062 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:05:55, Info CSI 00000063 [SR] Beginning Verify and Repair transaction
2012-08-08 22:05:58, Info CSI 00000065 [SR] Verify complete
2012-08-08 22:05:58, Info CSI 00000066 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:05:58, Info CSI 00000067 [SR] Beginning Verify and Repair transaction
2012-08-08 22:06:02, Info CSI 00000069 [SR] Verify complete
2012-08-08 22:06:02, Info CSI 0000006a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:06:02, Info CSI 0000006b [SR] Beginning Verify and Repair transaction
2012-08-08 22:06:05, Info CSI 0000006d [SR] Verify complete
2012-08-08 22:06:05, Info CSI 0000006e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:06:05, Info CSI 0000006f [SR] Beginning Verify and Repair transaction
2012-08-08 22:06:09, Info CSI 00000071 [SR] Verify complete
2012-08-08 22:06:10, Info CSI 00000072 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:06:10, Info CSI 00000073 [SR] Beginning Verify and Repair transaction
2012-08-08 22:06:12, Info CSI 00000075 [SR] Verify complete
2012-08-08 22:06:13, Info CSI 00000076 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:06:13, Info CSI 00000077 [SR] Beginning Verify and Repair transaction
2012-08-08 22:06:16, Info CSI 00000079 [SR] Verify complete
2012-08-08 22:06:16, Info CSI 0000007a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:06:16, Info CSI 0000007b [SR] Beginning Verify and Repair transaction
2012-08-08 22:06:19, Info CSI 0000007d [SR] Verify complete
2012-08-08 22:06:20, Info CSI 0000007e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:06:20, Info CSI 0000007f [SR] Beginning Verify and Repair transaction
2012-08-08 22:06:22, Info CSI 00000081 [SR] Verify complete
2012-08-08 22:06:23, Info CSI 00000082 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:06:23, Info CSI 00000083 [SR] Beginning Verify and Repair transaction
2012-08-08 22:06:27, Info CSI 00000085 [SR] Verify complete
2012-08-08 22:06:28, Info CSI 00000086 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:06:28, Info CSI 00000087 [SR] Beginning Verify and Repair transaction
2012-08-08 22:06:30, Info CSI 00000089 [SR] Verify complete
2012-08-08 22:06:31, Info CSI 0000008a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:06:31, Info CSI 0000008b [SR] Beginning Verify and Repair transaction
2012-08-08 22:06:33, Info CSI 0000008d [SR] Verify complete
2012-08-08 22:06:34, Info CSI 0000008e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:06:34, Info CSI 0000008f [SR] Beginning Verify and Repair transaction
2012-08-08 22:06:37, Info CSI 00000091 [SR] Verify complete
2012-08-08 22:06:37, Info CSI 00000092 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:06:37, Info CSI 00000093 [SR] Beginning Verify and Repair transaction
2012-08-08 22:06:44, Info CSI 00000095 [SR] Verify complete
2012-08-08 22:06:44, Info CSI 00000096 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:06:44, Info CSI 00000097 [SR] Beginning Verify and Repair transaction
2012-08-08 22:06:52, Info CSI 00000099 [SR] Verify complete
2012-08-08 22:06:52, Info CSI 0000009a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:06:52, Info CSI 0000009b [SR] Beginning Verify and Repair transaction
2012-08-08 22:06:59, Info CSI 0000009d [SR] Verify complete
2012-08-08 22:06:59, Info CSI 0000009e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:06:59, Info CSI 0000009f [SR] Beginning Verify and Repair transaction
2012-08-08 22:07:05, Info CSI 000000a2 [SR] Verify complete
2012-08-08 22:07:06, Info CSI 000000a3 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:07:06, Info CSI 000000a4 [SR] Beginning Verify and Repair transaction
2012-08-08 22:07:12, Info CSI 000000a7 [SR] Verify complete
2012-08-08 22:07:12, Info CSI 000000a8 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:07:12, Info CSI 000000a9 [SR] Beginning Verify and Repair transaction
2012-08-08 22:07:19, Info CSI 000000ab [SR] Verify complete
2012-08-08 22:07:20, Info CSI 000000ac [SR] Verifying 100 (0x00000064) components
2012-08-08 22:07:20, Info CSI 000000ad [SR] Beginning Verify and Repair transaction
2012-08-08 22:07:31, Info CSI 000000b7 [SR] Verify complete
2012-08-08 22:07:31, Info CSI 000000b8 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:07:31, Info CSI 000000b9 [SR] Beginning Verify and Repair transaction
2012-08-08 22:07:38, Info CSI 000000bb [SR] Verify complete
2012-08-08 22:07:39, Info CSI 000000bc [SR] Verifying 100 (0x00000064) components
2012-08-08 22:07:39, Info CSI 000000bd [SR] Beginning Verify and Repair transaction
2012-08-08 22:07:47, Info CSI 000000bf [SR] Verify complete
2012-08-08 22:07:47, Info CSI 000000c0 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:07:47, Info CSI 000000c1 [SR] Beginning Verify and Repair transaction
2012-08-08 22:07:53, Info CSI 000000c3 [SR] Verify complete
2012-08-08 22:07:54, Info CSI 000000c4 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:07:54, Info CSI 000000c5 [SR] Beginning Verify and Repair transaction
2012-08-08 22:08:03, Info CSI 000000c7 [SR] Verify complete
2012-08-08 22:08:03, Info CSI 000000c8 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:08:03, Info CSI 000000c9 [SR] Beginning Verify and Repair transaction
2012-08-08 22:08:13, Info CSI 000000cb [SR] Verify complete
2012-08-08 22:08:13, Info CSI 000000cc [SR] Verifying 100 (0x00000064) components
2012-08-08 22:08:13, Info CSI 000000cd [SR] Beginning Verify and Repair transaction
2012-08-08 22:08:30, Info CSI 000000d1 [SR] Verify complete
2012-08-08 22:08:30, Info CSI 000000d2 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:08:30, Info CSI 000000d3 [SR] Beginning Verify and Repair transaction
2012-08-08 22:08:48, Info CSI 000000d5 [SR] Verify complete
2012-08-08 22:08:49, Info CSI 000000d6 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:08:49, Info CSI 000000d7 [SR] Beginning Verify and Repair transaction
2012-08-08 22:09:02, Info CSI 000000d9 [SR] Verify complete
2012-08-08 22:09:02, Info CSI 000000da [SR] Verifying 100 (0x00000064) components
2012-08-08 22:09:02, Info CSI 000000db [SR] Beginning Verify and Repair transaction
2012-08-08 22:09:06, Info CSI 000000dd [SR] Verify complete
2012-08-08 22:09:06, Info CSI 000000de [SR] Verifying 100 (0x00000064) components
2012-08-08 22:09:06, Info CSI 000000df [SR] Beginning Verify and Repair transaction
2012-08-08 22:09:09, Info CSI 000000e1 [SR] Verify complete
2012-08-08 22:09:09, Info CSI 000000e2 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:09:09, Info CSI 000000e3 [SR] Beginning Verify and Repair transaction
2012-08-08 22:09:12, Info CSI 000000e5 [SR] Verify complete
2012-08-08 22:09:13, Info CSI 000000e6 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:09:13, Info CSI 000000e7 [SR] Beginning Verify and Repair transaction
2012-08-08 22:09:27, Info CSI 00000105 [SR] Verify complete
2012-08-08 22:09:27, Info CSI 00000106 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:09:27, Info CSI 00000107 [SR] Beginning Verify and Repair transaction
2012-08-08 22:09:30, Info CSI 00000109 [SR] Verify complete
2012-08-08 22:09:31, Info CSI 0000010a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:09:31, Info CSI 0000010b [SR] Beginning Verify and Repair transaction
2012-08-08 22:09:35, Info CSI 0000010d [SR] Verify complete
2012-08-08 22:09:36, Info CSI 0000010e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:09:36, Info CSI 0000010f [SR] Beginning Verify and Repair transaction
2012-08-08 22:09:40, Info CSI 00000111 [SR] Verify complete
2012-08-08 22:09:40, Info CSI 00000112 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:09:40, Info CSI 00000113 [SR] Beginning Verify and Repair transaction
2012-08-08 22:09:51, Info CSI 00000115 [SR] Verify complete
2012-08-08 22:09:52, Info CSI 00000116 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:09:52, Info CSI 00000117 [SR] Beginning Verify and Repair transaction
2012-08-08 22:10:04, Info CSI 0000011a [SR] Verify complete
2012-08-08 22:10:04, Info CSI 0000011b [SR] Verifying 100 (0x00000064) components
2012-08-08 22:10:04, Info CSI 0000011c [SR] Beginning Verify and Repair transaction
2012-08-08 22:10:09, Info CSI 0000011e [SR] Verify complete
2012-08-08 22:10:09, Info CSI 0000011f [SR] Verifying 100 (0x00000064) components
2012-08-08 22:10:09, Info CSI 00000120 [SR] Beginning Verify and Repair transaction
2012-08-08 22:10:17, Info CSI 00000122 [SR] Verify complete
2012-08-08 22:10:17, Info CSI 00000123 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:10:17, Info CSI 00000124 [SR] Beginning Verify and Repair transaction
2012-08-08 22:10:23, Info CSI 00000126 [SR] Verify complete
2012-08-08 22:10:24, Info CSI 00000127 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:10:24, Info CSI 00000128 [SR] Beginning Verify and Repair transaction
2012-08-08 22:10:30, Info CSI 0000012a [SR] Verify complete
2012-08-08 22:10:30, Info CSI 0000012b [SR] Verifying 100 (0x00000064) components
2012-08-08 22:10:30, Info CSI 0000012c [SR] Beginning Verify and Repair transaction
2012-08-08 22:10:43, Info CSI 0000013c [SR] Verify complete
2012-08-08 22:10:43, Info CSI 0000013d [SR] Verifying 100 (0x00000064) components
2012-08-08 22:10:43, Info CSI 0000013e [SR] Beginning Verify and Repair transaction
2012-08-08 22:10:57, Info CSI 00000155 [SR] Verify complete
2012-08-08 22:10:57, Info CSI 00000156 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:10:57, Info CSI 00000157 [SR] Beginning Verify and Repair transaction
2012-08-08 22:11:23, Info CSI 00000159 [SR] Verify complete
2012-08-08 22:11:23, Info CSI 0000015a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:11:23, Info CSI 0000015b [SR] Beginning Verify and Repair transaction
2012-08-08 22:11:35, Info CSI 0000015d [SR] Verify complete
2012-08-08 22:11:36, Info CSI 0000015e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:11:36, Info CSI 0000015f [SR] Beginning Verify and Repair transaction
2012-08-08 22:11:48, Info CSI 00000161 [SR] Verify complete
2012-08-08 22:11:48, Info CSI 00000162 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:11:48, Info CSI 00000163 [SR] Beginning Verify and Repair transaction
2012-08-08 22:12:00, Info CSI 00000165 [SR] Verify complete
2012-08-08 22:12:00, Info CSI 00000166 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:12:00, Info CSI 00000167 [SR] Beginning Verify and Repair transaction
2012-08-08 22:12:07, Info CSI 00000169 [SR] Verify complete
2012-08-08 22:12:08, Info CSI 0000016a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:12:08, Info CSI 0000016b [SR] Beginning Verify and Repair transaction
2012-08-08 22:12:14, Info CSI 0000016d [SR] Verify complete
2012-08-08 22:12:14, Info CSI 0000016e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:12:14, Info CSI 0000016f [SR] Beginning Verify and Repair transaction
2012-08-08 22:12:21, Info CSI 00000172 [SR] Verify complete
2012-08-08 22:12:21, Info CSI 00000173 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:12:21, Info CSI 00000174 [SR] Beginning Verify and Repair transaction
2012-08-08 22:12:39, Info CSI 00000176 [SR] Verify complete
2012-08-08 22:12:40, Info CSI 00000177 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:12:40, Info CSI 00000178 [SR] Beginning Verify and Repair transaction
2012-08-08 22:12:48, Info CSI 0000017a [SR] Verify complete
2012-08-08 22:12:49, Info CSI 0000017b [SR] Verifying 100 (0x00000064) components
2012-08-08 22:12:49, Info CSI 0000017c [SR] Beginning Verify and Repair transaction
2012-08-08 22:12:59, Info CSI 0000017e [SR] Verify complete
2012-08-08 22:12:59, Info CSI 0000017f [SR] Verifying 100 (0x00000064) components
2012-08-08 22:12:59, Info CSI 00000180 [SR] Beginning Verify and Repair transaction
2012-08-08 22:13:04, Info CSI 00000182 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-08 22:13:07, Info CSI 00000184 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-08 22:13:07, Info CSI 00000185 [SR] This component was referenced by [l:158{79}]"Package_16_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.948465-49_neutral_GDR"
2012-08-08 22:13:11, Info CSI 00000187 [SR] Verify complete
2012-08-08 22:13:11, Info CSI 00000188 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:13:11, Info CSI 00000189 [SR] Beginning Verify and Repair transaction
2012-08-08 22:13:19, Info CSI 0000018b [SR] Verify complete
2012-08-08 22:13:20, Info CSI 0000018c [SR] Verifying 100 (0x00000064) components
2012-08-08 22:13:20, Info CSI 0000018d [SR] Beginning Verify and Repair transaction
2012-08-08 22:13:29, Info CSI 0000018f [SR] Verify complete
2012-08-08 22:13:30, Info CSI 00000190 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:13:30, Info CSI 00000191 [SR] Beginning Verify and Repair transaction
2012-08-08 22:13:43, Info CSI 00000194 [SR] Verify complete
2012-08-08 22:13:43, Info CSI 00000195 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:13:43, Info CSI 00000196 [SR] Beginning Verify and Repair transaction
2012-08-08 22:13:49, Info CSI 00000198 [SR] Verify complete
2012-08-08 22:13:50, Info CSI 00000199 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:13:50, Info CSI 0000019a [SR] Beginning Verify and Repair transaction
2012-08-08 22:13:58, Info CSI 0000019c [SR] Verify complete
2012-08-08 22:13:59, Info CSI 0000019d [SR] Verifying 100 (0x00000064) components
2012-08-08 22:13:59, Info CSI 0000019e [SR] Beginning Verify and Repair transaction
2012-08-08 22:14:07, Info CSI 000001a0 [SR] Verify complete
2012-08-08 22:14:07, Info CSI 000001a1 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:14:07, Info CSI 000001a2 [SR] Beginning Verify and Repair transaction
2012-08-08 22:14:16, Info CSI 000001a7 [SR] Verify complete
2012-08-08 22:14:17, Info CSI 000001a8 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:14:17, Info CSI 000001a9 [SR] Beginning Verify and Repair transaction
2012-08-08 22:14:26, Info CSI 000001ab [SR] Verify complete
2012-08-08 22:14:26, Info CSI 000001ac [SR] Verifying 100 (0x00000064) components
2012-08-08 22:14:26, Info CSI 000001ad [SR] Beginning Verify and Repair transaction
2012-08-08 22:14:38, Info CSI 000001af [SR] Verify complete
2012-08-08 22:14:39, Info CSI 000001b0 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:14:39, Info CSI 000001b1 [SR] Beginning Verify and Repair transaction
2012-08-08 22:14:42, Info CSI 000001b3 [SR] Verify complete
2012-08-08 22:14:43, Info CSI 000001b4 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:14:43, Info CSI 000001b5 [SR] Beginning Verify and Repair transaction
2012-08-08 22:14:50, Info CSI 000001b7 [SR] Verify complete
2012-08-08 22:14:50, Info CSI 000001b8 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:14:50, Info CSI 000001b9 [SR] Beginning Verify and Repair transaction
2012-08-08 22:15:00, Info CSI 000001bb [SR] Verify complete
2012-08-08 22:15:01, Info CSI 000001bc [SR] Verifying 100 (0x00000064) components
2012-08-08 22:15:01, Info CSI 000001bd [SR] Beginning Verify and Repair transaction
2012-08-08 22:15:09, Info CSI 000001bf [SR] Verify complete
2012-08-08 22:15:10, Info CSI 000001c0 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:15:10, Info CSI 000001c1 [SR] Beginning Verify and Repair transaction
2012-08-08 22:15:16, Info CSI 000001c3 [SR] Verify complete
2012-08-08 22:15:17, Info CSI 000001c4 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:15:17, Info CSI 000001c5 [SR] Beginning Verify and Repair transaction
2012-08-08 22:15:35, Info CSI 000001c7 [SR] Verify complete
2012-08-08 22:15:35, Info CSI 000001c8 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:15:35, Info CSI 000001c9 [SR] Beginning Verify and Repair transaction
2012-08-08 22:15:41, Info CSI 000001cb [SR] Verify complete
2012-08-08 22:15:41, Info CSI 000001cc [SR] Verifying 100 (0x00000064) components
2012-08-08 22:15:41, Info CSI 000001cd [SR] Beginning Verify and Repair transaction
2012-08-08 22:15:52, Info CSI 000001d8 [SR] Verify complete
2012-08-08 22:15:52, Info CSI 000001d9 [SR] Verifying 62 (0x0000003e) components
2012-08-08 22:15:52, Info CSI 000001da [SR] Beginning Verify and Repair transaction
2012-08-08 22:15:57, Info CSI 000001dc [SR] Verify complete
2012-08-08 22:15:57, Info CSI 000001dd [SR] Repairing 1 components
2012-08-08 22:15:57, Info CSI 000001de [SR] Beginning Verify and Repair transaction
2012-08-08 22:15:57, Info CSI 000001e0 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-08 22:15:57, Info CSI 000001e2 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-08 22:15:57, Info CSI 000001e3 [SR] This component was referenced by [l:158{79}]"Package_16_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.948465-49_neutral_GDR"
2012-08-08 22:15:57, Info CSI 000001e5 [SR] Repair complete
2012-08-08 22:15:57, Info CSI 000001e6 [SR] Committing transaction
2012-08-08 22:15:57, Info CSI 000001ea [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired
2012-08-08 22:25:07, Info CSI 00000006 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:25:07, Info CSI 00000007 [SR] Beginning Verify and Repair transaction
2012-08-08 22:25:13, Info CSI 00000009 [SR] Verify complete
2012-08-08 22:25:14, Info CSI 0000000a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:25:14, Info CSI 0000000b [SR] Beginning Verify and Repair transaction
2012-08-08 22:25:21, Info CSI 0000000d [SR] Verify complete
2012-08-08 22:25:21, Info CSI 0000000e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:25:21, Info CSI 0000000f [SR] Beginning Verify and Repair transaction
2012-08-08 22:25:25, Info CSI 00000011 [SR] Verify complete
2012-08-08 22:25:25, Info CSI 00000012 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:25:25, Info CSI 00000013 [SR] Beginning Verify and Repair transaction
2012-08-08 22:25:28, Info CSI 00000015 [SR] Verify complete
2012-08-08 22:25:29, Info CSI 00000016 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:25:29, Info CSI 00000017 [SR] Beginning Verify and Repair transaction
2012-08-08 22:25:31, Info CSI 00000019 [SR] Verify complete
2012-08-08 22:25:32, Info CSI 0000001a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:25:32, Info CSI 0000001b [SR] Beginning Verify and Repair transaction
2012-08-08 22:25:34, Info CSI 0000001d [SR] Verify complete
2012-08-08 22:25:35, Info CSI 0000001e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:25:35, Info CSI 0000001f [SR] Beginning Verify and Repair transaction
2012-08-08 22:25:38, Info CSI 00000021 [SR] Verify complete
2012-08-08 22:25:38, Info CSI 00000022 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:25:38, Info CSI 00000023 [SR] Beginning Verify and Repair transaction
2012-08-08 22:25:41, Info CSI 00000025 [SR] Verify complete
2012-08-08 22:25:41, Info CSI 00000026 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:25:41, Info CSI 00000027 [SR] Beginning Verify and Repair transaction
2012-08-08 22:25:44, Info CSI 00000029 [SR] Verify complete
2012-08-08 22:25:44, Info CSI 0000002a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:25:44, Info CSI 0000002b [SR] Beginning Verify and Repair transaction
2012-08-08 22:25:47, Info CSI 0000002d [SR] Verify complete
2012-08-08 22:25:47, Info CSI 0000002e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:25:47, Info CSI 0000002f [SR] Beginning Verify and Repair transaction
2012-08-08 22:25:49, Info CSI 00000031 [SR] Verify complete
2012-08-08 22:25:50, Info CSI 00000032 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:25:50, Info CSI 00000033 [SR] Beginning Verify and Repair transaction
2012-08-08 22:25:52, Info CSI 00000035 [SR] Verify complete
2012-08-08 22:25:53, Info CSI 00000036 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:25:53, Info CSI 00000037 [SR] Beginning Verify and Repair transaction
2012-08-08 22:25:55, Info CSI 00000039 [SR] Verify complete
2012-08-08 22:25:56, Info CSI 0000003a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:25:56, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2012-08-08 22:25:58, Info CSI 0000003d [SR] Verify complete
2012-08-08 22:25:59, Info CSI 0000003e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:25:59, Info CSI 0000003f [SR] Beginning Verify and Repair transaction
2012-08-08 22:26:01, Info CSI 00000041 [SR] Verify complete
2012-08-08 22:26:02, Info CSI 00000042 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:26:02, Info CSI 00000043 [SR] Beginning Verify and Repair transaction
2012-08-08 22:26:04, Info CSI 00000045 [SR] Verify complete
2012-08-08 22:26:05, Info CSI 00000046 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:26:05, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2012-08-08 22:26:08, Info CSI 00000049 [SR] Verify complete
2012-08-08 22:26:08, Info CSI 0000004a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:26:08, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2012-08-08 22:26:10, Info CSI 0000004d [SR] Verify complete
2012-08-08 22:26:11, Info CSI 0000004e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:26:11, Info CSI 0000004f [SR] Beginning Verify and Repair transaction
2012-08-08 22:26:13, Info CSI 00000051 [SR] Verify complete
2012-08-08 22:26:14, Info CSI 00000052 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:26:14, Info CSI 00000053 [SR] Beginning Verify and Repair transaction
2012-08-08 22:26:16, Info CSI 00000055 [SR] Verify complete
2012-08-08 22:26:16, Info CSI 00000056 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:26:16, Info CSI 00000057 [SR] Beginning Verify and Repair transaction
2012-08-08 22:26:19, Info CSI 00000059 [SR] Verify complete
2012-08-08 22:26:19, Info CSI 0000005a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:26:19, Info CSI 0000005b [SR] Beginning Verify and Repair transaction
2012-08-08 22:26:21, Info CSI 0000005d [SR] Verify complete
2012-08-08 22:26:21, Info CSI 0000005e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:26:21, Info CSI 0000005f [SR] Beginning Verify and Repair transaction
2012-08-08 22:26:24, Info CSI 00000061 [SR] Verify complete
2012-08-08 22:26:24, Info CSI 00000062 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:26:24, Info CSI 00000063 [SR] Beginning Verify and Repair transaction
2012-08-08 22:26:26, Info CSI 00000065 [SR] Verify complete
2012-08-08 22:26:27, Info CSI 00000066 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:26:27, Info CSI 00000067 [SR] Beginning Verify and Repair transaction
2012-08-08 22:26:30, Info CSI 00000069 [SR] Verify complete
2012-08-08 22:26:30, Info CSI 0000006a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:26:30, Info CSI 0000006b [SR] Beginning Verify and Repair transaction
2012-08-08 22:26:32, Info CSI 0000006d [SR] Verify complete
2012-08-08 22:26:33, Info CSI 0000006e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:26:33, Info CSI 0000006f [SR] Beginning Verify and Repair transaction
2012-08-08 22:26:35, Info CSI 00000071 [SR] Verify complete
2012-08-08 22:26:36, Info CSI 00000072 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:26:36, Info CSI 00000073 [SR] Beginning Verify and Repair transaction
2012-08-08 22:26:39, Info CSI 00000075 [SR] Verify complete
2012-08-08 22:26:39, Info CSI 00000076 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:26:39, Info CSI 00000077 [SR] Beginning Verify and Repair transaction
2012-08-08 22:26:41, Info CSI 00000079 [SR] Verify complete
2012-08-08 22:26:42, Info CSI 0000007a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:26:42, Info CSI 0000007b [SR] Beginning Verify and Repair transaction
2012-08-08 22:26:44, Info CSI 0000007d [SR] Verify complete
2012-08-08 22:26:44, Info CSI 0000007e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:26:44, Info CSI 0000007f [SR] Beginning Verify and Repair transaction
2012-08-08 22:26:47, Info CSI 00000081 [SR] Verify complete
2012-08-08 22:26:47, Info CSI 00000082 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:26:47, Info CSI 00000083 [SR] Beginning Verify and Repair transaction
2012-08-08 22:26:50, Info CSI 00000085 [SR] Verify complete
2012-08-08 22:26:51, Info CSI 00000086 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:26:51, Info CSI 00000087 [SR] Beginning Verify and Repair transaction
2012-08-08 22:26:53, Info CSI 00000089 [SR] Verify complete
2012-08-08 22:26:53, Info CSI 0000008a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:26:53, Info CSI 0000008b [SR] Beginning Verify and Repair transaction
2012-08-08 22:26:55, Info CSI 0000008d [SR] Verify complete
2012-08-08 22:26:56, Info CSI 0000008e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:26:56, Info CSI 0000008f [SR] Beginning Verify and Repair transaction
2012-08-08 22:26:58, Info CSI 00000091 [SR] Verify complete
2012-08-08 22:26:58, Info CSI 00000092 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:26:58, Info CSI 00000093 [SR] Beginning Verify and Repair transaction
2012-08-08 22:27:03, Info CSI 00000095 [SR] Verify complete
2012-08-08 22:27:03, Info CSI 00000096 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:27:03, Info CSI 00000097 [SR] Beginning Verify and Repair transaction
2012-08-08 22:27:09, Info CSI 00000099 [SR] Verify complete
2012-08-08 22:27:10, Info CSI 0000009a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:27:10, Info CSI 0000009b [SR] Beginning Verify and Repair transaction
2012-08-08 22:27:15, Info CSI 0000009d [SR] Verify complete
2012-08-08 22:27:16, Info CSI 0000009e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:27:16, Info CSI 0000009f [SR] Beginning Verify and Repair transaction
2012-08-08 22:27:21, Info CSI 000000a2 [SR] Verify complete
2012-08-08 22:27:21, Info CSI 000000a3 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:27:21, Info CSI 000000a4 [SR] Beginning Verify and Repair transaction
2012-08-08 22:27:26, Info CSI 000000a7 [SR] Verify complete
2012-08-08 22:27:27, Info CSI 000000a8 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:27:27, Info CSI 000000a9 [SR] Beginning Verify and Repair transaction
2012-08-08 22:27:32, Info CSI 000000ab [SR] Verify complete
2012-08-08 22:27:32, Info CSI 000000ac [SR] Verifying 100 (0x00000064) components
2012-08-08 22:27:32, Info CSI 000000ad [SR] Beginning Verify and Repair transaction
2012-08-08 22:27:42, Info CSI 000000b7 [SR] Verify complete
2012-08-08 22:27:43, Info CSI 000000b8 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:27:43, Info CSI 000000b9 [SR] Beginning Verify and Repair transaction
2012-08-08 22:27:49, Info CSI 000000bb [SR] Verify complete
2012-08-08 22:27:49, Info CSI 000000bc [SR] Verifying 100 (0x00000064) components
2012-08-08 22:27:49, Info CSI 000000bd [SR] Beginning Verify and Repair transaction
2012-08-08 22:27:56, Info CSI 000000bf [SR] Verify complete
2012-08-08 22:27:56, Info CSI 000000c0 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:27:56, Info CSI 000000c1 [SR] Beginning Verify and Repair transaction
2012-08-08 22:28:01, Info CSI 000000c3 [SR] Verify complete
2012-08-08 22:28:02, Info CSI 000000c4 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:28:02, Info CSI 000000c5 [SR] Beginning Verify and Repair transaction
2012-08-08 22:28:10, Info CSI 000000c7 [SR] Verify complete
2012-08-08 22:28:10, Info CSI 000000c8 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:28:10, Info CSI 000000c9 [SR] Beginning Verify and Repair transaction
2012-08-08 22:28:19, Info CSI 000000cb [SR] Verify complete
2012-08-08 22:28:20, Info CSI 000000cc [SR] Verifying 100 (0x00000064) components
2012-08-08 22:28:20, Info CSI 000000cd [SR] Beginning Verify and Repair transaction
2012-08-08 22:28:33, Info CSI 000000d1 [SR] Verify complete
2012-08-08 22:28:33, Info CSI 000000d2 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:28:33, Info CSI 000000d3 [SR] Beginning Verify and Repair transaction
2012-08-08 22:28:50, Info CSI 000000d5 [SR] Verify complete
2012-08-08 22:28:51, Info CSI 000000d6 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:28:51, Info CSI 000000d7 [SR] Beginning Verify and Repair transaction
2012-08-08 22:29:01, Info CSI 000000d9 [SR] Verify complete
2012-08-08 22:29:02, Info CSI 000000da [SR] Verifying 100 (0x00000064) components
2012-08-08 22:29:02, Info CSI 000000db [SR] Beginning Verify and Repair transaction
2012-08-08 22:29:05, Info CSI 000000dd [SR] Verify complete
2012-08-08 22:29:06, Info CSI 000000de [SR] Verifying 100 (0x00000064) components
2012-08-08 22:29:06, Info CSI 000000df [SR] Beginning Verify and Repair transaction
2012-08-08 22:29:08, Info CSI 000000e1 [SR] Verify complete
2012-08-08 22:29:08, Info CSI 000000e2 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:29:08, Info CSI 000000e3 [SR] Beginning Verify and Repair transaction
2012-08-08 22:29:11, Info CSI 000000e5 [SR] Verify complete
2012-08-08 22:29:12, Info CSI 000000e6 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:29:12, Info CSI 000000e7 [SR] Beginning Verify and Repair transaction
2012-08-08 22:29:25, Info CSI 00000105 [SR] Verify complete
2012-08-08 22:29:25, Info CSI 00000106 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:29:25, Info CSI 00000107 [SR] Beginning Verify and Repair transaction
2012-08-08 22:29:28, Info CSI 00000109 [SR] Verify complete
2012-08-08 22:29:28, Info CSI 0000010a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:29:28, Info CSI 0000010b [SR] Beginning Verify and Repair transaction
2012-08-08 22:29:33, Info CSI 0000010d [SR] Verify complete
2012-08-08 22:29:33, Info CSI 0000010e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:29:33, Info CSI 0000010f [SR] Beginning Verify and Repair transaction
2012-08-08 22:29:37, Info CSI 00000111 [SR] Verify complete
2012-08-08 22:29:37, Info CSI 00000112 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:29:37, Info CSI 00000113 [SR] Beginning Verify and Repair transaction
2012-08-08 22:29:46, Info CSI 00000115 [SR] Verify complete
2012-08-08 22:29:47, Info CSI 00000116 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:29:47, Info CSI 00000117 [SR] Beginning Verify and Repair transaction
2012-08-08 22:29:56, Info CSI 0000011a [SR] Verify complete
2012-08-08 22:29:56, Info CSI 0000011b [SR] Verifying 100 (0x00000064) components
2012-08-08 22:29:56, Info CSI 0000011c [SR] Beginning Verify and Repair transaction
2012-08-08 22:30:00, Info CSI 0000011e [SR] Verify complete
2012-08-08 22:30:00, Info CSI 0000011f [SR] Verifying 100 (0x00000064) components
2012-08-08 22:30:00, Info CSI 00000120 [SR] Beginning Verify and Repair transaction
2012-08-08 22:30:07, Info CSI 00000122 [SR] Verify complete
2012-08-08 22:30:07, Info CSI 00000123 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:30:07, Info CSI 00000124 [SR] Beginning Verify and Repair transaction
2012-08-08 22:30:11, Info CSI 00000126 [SR] Verify complete
2012-08-08 22:30:12, Info CSI 00000127 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:30:12, Info CSI 00000128 [SR] Beginning Verify and Repair transaction
2012-08-08 22:30:17, Info CSI 0000012a [SR] Verify complete
2012-08-08 22:30:18, Info CSI 0000012b [SR] Verifying 100 (0x00000064) components
2012-08-08 22:30:18, Info CSI 0000012c [SR] Beginning Verify and Repair transaction
2012-08-08 22:30:29, Info CSI 0000013c [SR] Verify complete
2012-08-08 22:30:29, Info CSI 0000013d [SR] Verifying 100 (0x00000064) components
2012-08-08 22:30:29, Info CSI 0000013e [SR] Beginning Verify and Repair transaction
2012-08-08 22:30:42, Info CSI 00000155 [SR] Verify complete
2012-08-08 22:30:42, Info CSI 00000156 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:30:42, Info CSI 00000157 [SR] Beginning Verify and Repair transaction
2012-08-08 22:31:06, Info CSI 00000159 [SR] Verify complete
2012-08-08 22:31:06, Info CSI 0000015a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:31:06, Info CSI 0000015b [SR] Beginning Verify and Repair transaction
2012-08-08 22:31:16, Info CSI 0000015d [SR] Verify complete
2012-08-08 22:31:16, Info CSI 0000015e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:31:16, Info CSI 0000015f [SR] Beginning Verify and Repair transaction
2012-08-08 22:31:27, Info CSI 00000161 [SR] Verify complete
2012-08-08 22:31:27, Info CSI 00000162 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:31:27, Info CSI 00000163 [SR] Beginning Verify and Repair transaction
2012-08-08 22:31:37, Info CSI 00000165 [SR] Verify complete
2012-08-08 22:31:37, Info CSI 00000166 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:31:37, Info CSI 00000167 [SR] Beginning Verify and Repair transaction
2012-08-08 22:31:44, Info CSI 00000169 [SR] Verify complete
2012-08-08 22:31:44, Info CSI 0000016a [SR] Verifying 100 (0x00000064) components
2012-08-08 22:31:44, Info CSI 0000016b [SR] Beginning Verify and Repair transaction
2012-08-08 22:31:49, Info CSI 0000016d [SR] Verify complete
2012-08-08 22:31:50, Info CSI 0000016e [SR] Verifying 100 (0x00000064) components
2012-08-08 22:31:50, Info CSI 0000016f [SR] Beginning Verify and Repair transaction
2012-08-08 22:31:56, Info CSI 00000172 [SR] Verify complete
2012-08-08 22:31:56, Info CSI 00000173 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:31:56, Info CSI 00000174 [SR] Beginning Verify and Repair transaction
2012-08-08 22:32:13, Info CSI 00000176 [SR] Verify complete
2012-08-08 22:32:14, Info CSI 00000177 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:32:14, Info CSI 00000178 [SR] Beginning Verify and Repair transaction
2012-08-08 22:32:22, Info CSI 0000017a [SR] Verify complete
2012-08-08 22:32:22, Info CSI 0000017b [SR] Verifying 100 (0x00000064) components
2012-08-08 22:32:22, Info CSI 0000017c [SR] Beginning Verify and Repair transaction
2012-08-08 22:32:30, Info CSI 0000017e [SR] Verify complete
2012-08-08 22:32:31, Info CSI 0000017f [SR] Verifying 100 (0x00000064) components
2012-08-08 22:32:31, Info CSI 00000180 [SR] Beginning Verify and Repair transaction
2012-08-08 22:32:35, Info CSI 00000182 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-08 22:32:38, Info CSI 00000184 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-08 22:32:38, Info CSI 00000185 [SR] This component was referenced by [l:158{79}]"Package_16_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.948465-49_neutral_GDR"
2012-08-08 22:32:41, Info CSI 00000187 [SR] Verify complete
2012-08-08 22:32:41, Info CSI 00000188 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:32:41, Info CSI 00000189 [SR] Beginning Verify and Repair transaction
2012-08-08 22:32:48, Info CSI 0000018b [SR] Verify complete
2012-08-08 22:32:49, Info CSI 0000018c [SR] Verifying 100 (0x00000064) components
2012-08-08 22:32:49, Info CSI 0000018d [SR] Beginning Verify and Repair transaction
2012-08-08 22:32:58, Info CSI 0000018f [SR] Verify complete
2012-08-08 22:32:58, Info CSI 00000190 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:32:58, Info CSI 00000191 [SR] Beginning Verify and Repair transaction
2012-08-08 22:33:11, Info CSI 00000194 [SR] Verify complete
2012-08-08 22:33:11, Info CSI 00000195 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:33:11, Info CSI 00000196 [SR] Beginning Verify and Repair transaction
2012-08-08 22:33:16, Info CSI 00000198 [SR] Verify complete
2012-08-08 22:33:17, Info CSI 00000199 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:33:17, Info CSI 0000019a [SR] Beginning Verify and Repair transaction
2012-08-08 22:33:24, Info CSI 0000019c [SR] Verify complete
2012-08-08 22:33:25, Info CSI 0000019d [SR] Verifying 100 (0x00000064) components
2012-08-08 22:33:25, Info CSI 0000019e [SR] Beginning Verify and Repair transaction
2012-08-08 22:33:31, Info CSI 000001a0 [SR] Verify complete
2012-08-08 22:33:32, Info CSI 000001a1 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:33:32, Info CSI 000001a2 [SR] Beginning Verify and Repair transaction
2012-08-08 22:33:40, Info CSI 000001a7 [SR] Verify complete
2012-08-08 22:33:40, Info CSI 000001a8 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:33:40, Info CSI 000001a9 [SR] Beginning Verify and Repair transaction
2012-08-08 22:33:49, Info CSI 000001ab [SR] Verify complete
2012-08-08 22:33:49, Info CSI 000001ac [SR] Verifying 100 (0x00000064) components
2012-08-08 22:33:49, Info CSI 000001ad [SR] Beginning Verify and Repair transaction
2012-08-08 22:34:00, Info CSI 000001af [SR] Verify complete
2012-08-08 22:34:00, Info CSI 000001b0 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:34:00, Info CSI 000001b1 [SR] Beginning Verify and Repair transaction
2012-08-08 22:34:03, Info CSI 000001b3 [SR] Verify complete
2012-08-08 22:34:04, Info CSI 000001b4 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:34:04, Info CSI 000001b5 [SR] Beginning Verify and Repair transaction
2012-08-08 22:34:10, Info CSI 000001b7 [SR] Verify complete
2012-08-08 22:34:11, Info CSI 000001b8 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:34:11, Info CSI 000001b9 [SR] Beginning Verify and Repair transaction
2012-08-08 22:34:17, Info CSI 000001bb [SR] Verify complete
2012-08-08 22:34:18, Info CSI 000001bc [SR] Verifying 100 (0x00000064) components
2012-08-08 22:34:18, Info CSI 000001bd [SR] Beginning Verify and Repair transaction
2012-08-08 22:34:25, Info CSI 000001bf [SR] Verify complete
2012-08-08 22:34:25, Info CSI 000001c0 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:34:25, Info CSI 000001c1 [SR] Beginning Verify and Repair transaction
2012-08-08 22:34:30, Info CSI 000001c3 [SR] Verify complete
2012-08-08 22:34:31, Info CSI 000001c4 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:34:31, Info CSI 000001c5 [SR] Beginning Verify and Repair transaction
2012-08-08 22:34:45, Info CSI 000001c7 [SR] Verify complete
2012-08-08 22:34:45, Info CSI 000001c8 [SR] Verifying 100 (0x00000064) components
2012-08-08 22:34:45, Info CSI 000001c9 [SR] Beginning Verify and Repair transaction
2012-08-08 22:34:50, Info CSI 000001cb [SR] Verify complete
2012-08-08 22:34:50, Info CSI 000001cc [SR] Verifying 100 (0x00000064) components
2012-08-08 22:34:50, Info CSI 000001cd [SR] Beginning Verify and Repair transaction
2012-08-08 22:34:58, Info CSI 000001d8 [SR] Verify complete
2012-08-08 22:34:59, Info CSI 000001d9 [SR] Verifying 62 (0x0000003e) components
2012-08-08 22:34:59, Info CSI 000001da [SR] Beginning Verify and Repair transaction
2012-08-08 22:35:02, Info CSI 000001dc [SR] Verify complete
2012-08-08 22:35:02, Info CSI 000001dd [SR] Repairing 1 components
2012-08-08 22:35:02, Info CSI 000001de [SR] Beginning Verify and Repair transaction
2012-08-08 22:35:02, Info CSI 000001e0 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-08 22:35:03, Info CSI 000001e2 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-08 22:35:03, Info CSI 000001e3 [SR] This component was referenced by [l:158{79}]"Package_16_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.948465-49_neutral_GDR"
2012-08-08 22:35:03, Info CSI 000001e5 [SR] Repair complete
2012-08-08 22:35:03, Info CSI 000001e6 [SR] Committing transaction
2012-08-08 22:35:03, Info CSI 000001ea [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired
2012-08-19 11:30:05, Info CSI 00000006 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:30:05, Info CSI 00000007 [SR] Beginning Verify and Repair transaction
2012-08-19 11:30:14, Info CSI 00000009 [SR] Verify complete
2012-08-19 11:30:15, Info CSI 0000000a [SR] Verifying 100 (0x00000064) components
2012-08-19 11:30:15, Info CSI 0000000b [SR] Beginning Verify and Repair transaction
2012-08-19 11:30:24, Info CSI 0000000d [SR] Verify complete
2012-08-19 11:30:25, Info CSI 0000000e [SR] Verifying 100 (0x00000064) components
2012-08-19 11:30:25, Info CSI 0000000f [SR] Beginning Verify and Repair transaction
2012-08-19 11:30:28, Info CSI 00000011 [SR] Verify complete
2012-08-19 11:30:29, Info CSI 00000012 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:30:29, Info CSI 00000013 [SR] Beginning Verify and Repair transaction
2012-08-19 11:30:32, Info CSI 00000015 [SR] Verify complete
2012-08-19 11:30:33, Info CSI 00000016 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:30:33, Info CSI 00000017 [SR] Beginning Verify and Repair transaction
2012-08-19 11:30:36, Info CSI 00000019 [SR] Verify complete
2012-08-19 11:30:37, Info CSI 0000001a [SR] Verifying 100 (0x00000064) components
2012-08-19 11:30:37, Info CSI 0000001b [SR] Beginning Verify and Repair transaction
2012-08-19 11:30:39, Info CSI 0000001d [SR] Verify complete
2012-08-19 11:30:40, Info CSI 0000001e [SR] Verifying 100 (0x00000064) components
2012-08-19 11:30:40, Info CSI 0000001f [SR] Beginning Verify and Repair transaction
2012-08-19 11:30:43, Info CSI 00000021 [SR] Verify complete
2012-08-19 11:30:44, Info CSI 00000022 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:30:44, Info CSI 00000023 [SR] Beginning Verify and Repair transaction
2012-08-19 11:30:46, Info CSI 00000025 [SR] Verify complete
2012-08-19 11:30:47, Info CSI 00000026 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:30:47, Info CSI 00000027 [SR] Beginning Verify and Repair transaction
2012-08-19 11:30:50, Info CSI 00000029 [SR] Verify complete
2012-08-19 11:30:51, Info CSI 0000002a [SR] Verifying 100 (0x00000064) components
2012-08-19 11:30:51, Info CSI 0000002b [SR] Beginning Verify and Repair transaction
2012-08-19 11:30:54, Info CSI 0000002d [SR] Verify complete
2012-08-19 11:30:55, Info CSI 0000002e [SR] Verifying 100 (0x00000064) components
2012-08-19 11:30:55, Info CSI 0000002f [SR] Beginning Verify and Repair transaction
2012-08-19 11:30:57, Info CSI 00000031 [SR] Verify complete
2012-08-19 11:30:58, Info CSI 00000032 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:30:58, Info CSI 00000033 [SR] Beginning Verify and Repair transaction
2012-08-19 11:31:00, Info CSI 00000035 [SR] Verify complete
2012-08-19 11:31:01, Info CSI 00000036 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:31:01, Info CSI 00000037 [SR] Beginning Verify and Repair transaction
2012-08-19 11:31:04, Info CSI 00000039 [SR] Verify complete
2012-08-19 11:31:05, Info CSI 0000003a [SR] Verifying 100 (0x00000064) components
2012-08-19 11:31:05, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2012-08-19 11:31:07, Info CSI 0000003d [SR] Verify complete
2012-08-19 11:31:08, Info CSI 0000003e [SR] Verifying 100 (0x00000064) components
2012-08-19 11:31:08, Info CSI 0000003f [SR] Beginning Verify and Repair transaction
2012-08-19 11:31:11, Info CSI 00000041 [SR] Verify complete
2012-08-19 11:31:12, Info CSI 00000042 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:31:12, Info CSI 00000043 [SR] Beginning Verify and Repair transaction
2012-08-19 11:31:15, Info CSI 00000045 [SR] Verify complete
2012-08-19 11:31:16, Info CSI 00000046 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:31:16, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2012-08-19 11:31:19, Info CSI 00000049 [SR] Verify complete
2012-08-19 11:31:19, Info CSI 0000004a [SR] Verifying 100 (0x00000064) components
2012-08-19 11:31:19, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2012-08-19 11:31:22, Info CSI 0000004d [SR] Verify complete
2012-08-19 11:31:23, Info CSI 0000004e [SR] Verifying 100 (0x00000064) components
2012-08-19 11:31:23, Info CSI 0000004f [SR] Beginning Verify and Repair transaction
2012-08-19 11:31:26, Info CSI 00000051 [SR] Verify complete
2012-08-19 11:31:27, Info CSI 00000052 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:31:27, Info CSI 00000053 [SR] Beginning Verify and Repair transaction
2012-08-19 11:31:31, Info CSI 00000055 [SR] Verify complete
2012-08-19 11:31:32, Info CSI 00000056 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:31:32, Info CSI 00000057 [SR] Beginning Verify and Repair transaction
2012-08-19 11:31:36, Info CSI 00000059 [SR] Verify complete
2012-08-19 11:31:37, Info CSI 0000005a [SR] Verifying 100 (0x00000064) components
2012-08-19 11:31:37, Info CSI 0000005b [SR] Beginning Verify and Repair transaction
2012-08-19 11:31:39, Info CSI 0000005d [SR] Verify complete
2012-08-19 11:31:40, Info CSI 0000005e [SR] Verifying 100 (0x00000064) components
2012-08-19 11:31:40, Info CSI 0000005f [SR] Beginning Verify and Repair transaction
2012-08-19 11:31:43, Info CSI 00000061 [SR] Verify complete
2012-08-19 11:31:44, Info CSI 00000062 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:31:44, Info CSI 00000063 [SR] Beginning Verify and Repair transaction
2012-08-19 11:31:47, Info CSI 00000065 [SR] Verify complete
2012-08-19 11:31:47, Info CSI 00000066 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:31:47, Info CSI 00000067 [SR] Beginning Verify and Repair transaction
2012-08-19 11:31:51, Info CSI 00000069 [SR] Verify complete
2012-08-19 11:31:51, Info CSI 0000006a [SR] Verifying 100 (0x00000064) components
2012-08-19 11:31:51, Info CSI 0000006b [SR] Beginning Verify and Repair transaction
2012-08-19 11:31:54, Info CSI 0000006d [SR] Verify complete
2012-08-19 11:31:54, Info CSI 0000006e [SR] Verifying 100 (0x00000064) components
2012-08-19 11:31:54, Info CSI 0000006f [SR] Beginning Verify and Repair transaction
2012-08-19 11:31:58, Info CSI 00000071 [SR] Verify complete
2012-08-19 11:31:59, Info CSI 00000072 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:31:59, Info CSI 00000073 [SR] Beginning Verify and Repair transaction
2012-08-19 11:32:01, Info CSI 00000075 [SR] Verify complete
2012-08-19 11:32:02, Info CSI 00000076 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:32:02, Info CSI 00000077 [SR] Beginning Verify and Repair transaction
2012-08-19 11:32:05, Info CSI 00000079 [SR] Verify complete
2012-08-19 11:32:05, Info CSI 0000007a [SR] Verifying 100 (0x00000064) components
2012-08-19 11:32:05, Info CSI 0000007b [SR] Beginning Verify and Repair transaction
2012-08-19 11:32:08, Info CSI 0000007d [SR] Verify complete
2012-08-19 11:32:08, Info CSI 0000007e [SR] Verifying 100 (0x00000064) components
2012-08-19 11:32:08, Info CSI 0000007f [SR] Beginning Verify and Repair transaction
2012-08-19 11:32:11, Info CSI 00000081 [SR] Verify complete
2012-08-19 11:32:12, Info CSI 00000082 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:32:12, Info CSI 00000083 [SR] Beginning Verify and Repair transaction
2012-08-19 11:32:16, Info CSI 00000085 [SR] Verify complete
2012-08-19 11:32:16, Info CSI 00000086 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:32:16, Info CSI 00000087 [SR] Beginning Verify and Repair transaction
2012-08-19 11:32:19, Info CSI 00000089 [SR] Verify complete
2012-08-19 11:32:19, Info CSI 0000008a [SR] Verifying 100 (0x00000064) components
2012-08-19 11:32:19, Info CSI 0000008b [SR] Beginning Verify and Repair transaction
2012-08-19 11:32:22, Info CSI 0000008d [SR] Verify complete
2012-08-19 11:32:23, Info CSI 0000008e [SR] Verifying 100 (0x00000064) components
2012-08-19 11:32:23, Info CSI 0000008f [SR] Beginning Verify and Repair transaction
2012-08-19 11:32:26, Info CSI 00000091 [SR] Verify complete
2012-08-19 11:32:26, Info CSI 00000092 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:32:26, Info CSI 00000093 [SR] Beginning Verify and Repair transaction
2012-08-19 11:32:32, Info CSI 00000095 [SR] Verify complete
2012-08-19 11:32:33, Info CSI 00000096 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:32:33, Info CSI 00000097 [SR] Beginning Verify and Repair transaction
2012-08-19 11:32:40, Info CSI 00000099 [SR] Verify complete
2012-08-19 11:32:40, Info CSI 0000009a [SR] Verifying 100 (0x00000064) components
2012-08-19 11:32:40, Info CSI 0000009b [SR] Beginning Verify and Repair transaction
2012-08-19 11:32:47, Info CSI 0000009d [SR] Verify complete
2012-08-19 11:32:47, Info CSI 0000009e [SR] Verifying 100 (0x00000064) components
2012-08-19 11:32:47, Info CSI 0000009f [SR] Beginning Verify and Repair transaction
2012-08-19 11:32:53, Info CSI 000000a2 [SR] Verify complete
2012-08-19 11:32:54, Info CSI 000000a3 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:32:54, Info CSI 000000a4 [SR] Beginning Verify and Repair transaction
2012-08-19 11:33:00, Info CSI 000000a7 [SR] Verify complete
2012-08-19 11:33:00, Info CSI 000000a8 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:33:00, Info CSI 000000a9 [SR] Beginning Verify and Repair transaction
2012-08-19 11:33:08, Info CSI 000000ab [SR] Verify complete
2012-08-19 11:33:08, Info CSI 000000ac [SR] Verifying 100 (0x00000064) components
2012-08-19 11:33:08, Info CSI 000000ad [SR] Beginning Verify and Repair transaction
2012-08-19 11:33:19, Info CSI 000000b7 [SR] Verify complete
2012-08-19 11:33:20, Info CSI 000000b8 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:33:20, Info CSI 000000b9 [SR] Beginning Verify and Repair transaction
2012-08-19 11:33:27, Info CSI 000000bb [SR] Verify complete
2012-08-19 11:33:27, Info CSI 000000bc [SR] Verifying 100 (0x00000064) components
2012-08-19 11:33:27, Info CSI 000000bd [SR] Beginning Verify and Repair transaction
2012-08-19 11:33:36, Info CSI 000000bf [SR] Verify complete
2012-08-19 11:33:37, Info CSI 000000c0 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:33:37, Info CSI 000000c1 [SR] Beginning Verify and Repair transaction
2012-08-19 11:33:43, Info CSI 000000c3 [SR] Verify complete
2012-08-19 11:33:44, Info CSI 000000c4 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:33:44, Info CSI 000000c5 [SR] Beginning Verify and Repair transaction
2012-08-19 11:33:53, Info CSI 000000c7 [SR] Verify complete
2012-08-19 11:33:53, Info CSI 000000c8 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:33:53, Info CSI 000000c9 [SR] Beginning Verify and Repair transaction
2012-08-19 11:34:03, Info CSI 000000cb [SR] Verify complete
2012-08-19 11:34:04, Info CSI 000000cc [SR] Verifying 100 (0x00000064) components
2012-08-19 11:34:04, Info CSI 000000cd [SR] Beginning Verify and Repair transaction
2012-08-19 11:34:20, Info CSI 000000d1 [SR] Verify complete
2012-08-19 11:34:21, Info CSI 000000d2 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:34:21, Info CSI 000000d3 [SR] Beginning Verify and Repair transaction
2012-08-19 11:34:39, Info CSI 000000d5 [SR] Verify complete
2012-08-19 11:34:40, Info CSI 000000d6 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:34:40, Info CSI 000000d7 [SR] Beginning Verify and Repair transaction
2012-08-19 11:34:52, Info CSI 000000d9 [SR] Verify complete
2012-08-19 11:34:53, Info CSI 000000da [SR] Verifying 100 (0x00000064) components
2012-08-19 11:34:53, Info CSI 000000db [SR] Beginning Verify and Repair transaction
2012-08-19 11:34:57, Info CSI 000000dd [SR] Verify complete
2012-08-19 11:34:57, Info CSI 000000de [SR] Verifying 100 (0x00000064) components
2012-08-19 11:34:57, Info CSI 000000df [SR] Beginning Verify and Repair transaction
2012-08-19 11:34:59, Info CSI 000000e1 [SR] Verify complete
2012-08-19 11:35:00, Info CSI 000000e2 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:35:00, Info CSI 000000e3 [SR] Beginning Verify and Repair transaction
2012-08-19 11:35:03, Info CSI 000000e5 [SR] Verify complete
2012-08-19 11:35:03, Info CSI 000000e6 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:35:03, Info CSI 000000e7 [SR] Beginning Verify and Repair transaction
2012-08-19 11:35:18, Info CSI 00000105 [SR] Verify complete
2012-08-19 11:35:18, Info CSI 00000106 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:35:18, Info CSI 00000107 [SR] Beginning Verify and Repair transaction
2012-08-19 11:35:21, Info CSI 00000109 [SR] Verify complete
2012-08-19 11:35:22, Info CSI 0000010a [SR] Verifying 100 (0x00000064) components
2012-08-19 11:35:22, Info CSI 0000010b [SR] Beginning Verify and Repair transaction
2012-08-19 11:35:26, Info CSI 0000010d [SR] Verify complete
2012-08-19 11:35:27, Info CSI 0000010e [SR] Verifying 100 (0x00000064) components
2012-08-19 11:35:27, Info CSI 0000010f [SR] Beginning Verify and Repair transaction
2012-08-19 11:35:31, Info CSI 00000111 [SR] Verify complete
2012-08-19 11:35:31, Info CSI 00000112 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:35:31, Info CSI 00000113 [SR] Beginning Verify and Repair transaction
2012-08-19 11:35:42, Info CSI 00000115 [SR] Verify complete
2012-08-19 11:35:43, Info CSI 00000116 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:35:43, Info CSI 00000117 [SR] Beginning Verify and Repair transaction
2012-08-19 11:35:55, Info CSI 0000011a [SR] Verify complete
2012-08-19 11:35:55, Info CSI 0000011b [SR] Verifying 100 (0x00000064) components
2012-08-19 11:35:55, Info CSI 0000011c [SR] Beginning Verify and Repair transaction
2012-08-19 11:35:59, Info CSI 0000011e [SR] Verify complete
2012-08-19 11:36:00, Info CSI 0000011f [SR] Verifying 100 (0x00000064) components
2012-08-19 11:36:00, Info CSI 00000120 [SR] Beginning Verify and Repair transaction
2012-08-19 11:36:08, Info CSI 00000122 [SR] Verify complete
2012-08-19 11:36:08, Info CSI 00000123 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:36:08, Info CSI 00000124 [SR] Beginning Verify and Repair transaction
2012-08-19 11:36:13, Info CSI 00000126 [SR] Verify complete
2012-08-19 11:36:14, Info CSI 00000127 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:36:14, Info CSI 00000128 [SR] Beginning Verify and Repair transaction
2012-08-19 11:36:20, Info CSI 0000012a [SR] Verify complete
2012-08-19 11:36:20, Info CSI 0000012b [SR] Verifying 100 (0x00000064) components
2012-08-19 11:36:20, Info CSI 0000012c [SR] Beginning Verify and Repair transaction
2012-08-19 11:36:33, Info CSI 0000013c [SR] Verify complete
2012-08-19 11:36:33, Info CSI 0000013d [SR] Verifying 100 (0x00000064) components
2012-08-19 11:36:33, Info CSI 0000013e [SR] Beginning Verify and Repair transaction
2012-08-19 11:36:46, Info CSI 00000155 [SR] Verify complete
2012-08-19 11:36:46, Info CSI 00000156 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:36:46, Info CSI 00000157 [SR] Beginning Verify and Repair transaction
2012-08-19 11:37:12, Info CSI 00000159 [SR] Verify complete
2012-08-19 11:37:13, Info CSI 0000015a [SR] Verifying 100 (0x00000064) components
2012-08-19 11:37:13, Info CSI 0000015b [SR] Beginning Verify and Repair transaction
2012-08-19 11:37:24, Info CSI 0000015d [SR] Verify complete
2012-08-19 11:37:25, Info CSI 0000015e [SR] Verifying 100 (0x00000064) components
2012-08-19 11:37:25, Info CSI 0000015f [SR] Beginning Verify and Repair transaction
2012-08-19 11:37:37, Info CSI 00000161 [SR] Verify complete
2012-08-19 11:37:38, Info CSI 00000162 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:37:38, Info CSI 00000163 [SR] Beginning Verify and Repair transaction
2012-08-19 11:37:49, Info CSI 00000165 [SR] Verify complete
2012-08-19 11:37:50, Info CSI 00000166 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:37:50, Info CSI 00000167 [SR] Beginning Verify and Repair transaction
2012-08-19 11:37:57, Info CSI 00000169 [SR] Verify complete
2012-08-19 11:37:57, Info CSI 0000016a [SR] Verifying 100 (0x00000064) components
2012-08-19 11:37:57, Info CSI 0000016b [SR] Beginning Verify and Repair transaction
2012-08-19 11:38:03, Info CSI 0000016d [SR] Verify complete
2012-08-19 11:38:04, Info CSI 0000016e [SR] Verifying 100 (0x00000064) components
2012-08-19 11:38:04, Info CSI 0000016f [SR] Beginning Verify and Repair transaction
2012-08-19 11:38:11, Info CSI 00000172 [SR] Verify complete
2012-08-19 11:38:11, Info CSI 00000173 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:38:11, Info CSI 00000174 [SR] Beginning Verify and Repair transaction
2012-08-19 11:38:29, Info CSI 00000176 [SR] Verify complete
2012-08-19 11:38:29, Info CSI 00000177 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:38:29, Info CSI 00000178 [SR] Beginning Verify and Repair transaction
2012-08-19 11:38:38, Info CSI 0000017a [SR] Verify complete
2012-08-19 11:38:38, Info CSI 0000017b [SR] Verifying 100 (0x00000064) components
2012-08-19 11:38:38, Info CSI 0000017c [SR] Beginning Verify and Repair transaction
2012-08-19 11:38:48, Info CSI 0000017e [SR] Verify complete
2012-08-19 11:38:48, Info CSI 0000017f [SR] Verifying 100 (0x00000064) components
2012-08-19 11:38:48, Info CSI 00000180 [SR] Beginning Verify and Repair transaction
2012-08-19 11:38:54, Info CSI 00000182 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-19 11:38:57, Info CSI 00000184 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-19 11:38:57, Info CSI 00000185 [SR] This component was referenced by [l:158{79}]"Package_16_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.948465-49_neutral_GDR"
2012-08-19 11:39:00, Info CSI 00000187 [SR] Verify complete
2012-08-19 11:39:01, Info CSI 00000188 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:39:01, Info CSI 00000189 [SR] Beginning Verify and Repair transaction
2012-08-19 11:39:09, Info CSI 0000018b [SR] Verify complete
2012-08-19 11:39:09, Info CSI 0000018c [SR] Verifying 100 (0x00000064) components
2012-08-19 11:39:09, Info CSI 0000018d [SR] Beginning Verify and Repair transaction
2012-08-19 11:39:18, Info CSI 0000018f [SR] Verify complete
2012-08-19 11:39:19, Info CSI 00000190 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:39:19, Info CSI 00000191 [SR] Beginning Verify and Repair transaction
2012-08-19 11:39:32, Info CSI 00000194 [SR] Verify complete
2012-08-19 11:39:33, Info CSI 00000195 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:39:33, Info CSI 00000196 [SR] Beginning Verify and Repair transaction
2012-08-19 11:39:39, Info CSI 00000198 [SR] Verify complete
2012-08-19 11:39:39, Info CSI 00000199 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:39:39, Info CSI 0000019a [SR] Beginning Verify and Repair transaction
2012-08-19 11:39:47, Info CSI 0000019c [SR] Verify complete
2012-08-19 11:39:48, Info CSI 0000019d [SR] Verifying 100 (0x00000064) components
2012-08-19 11:39:48, Info CSI 0000019e [SR] Beginning Verify and Repair transaction
2012-08-19 11:39:56, Info CSI 000001a0 [SR] Verify complete
2012-08-19 11:39:56, Info CSI 000001a1 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:39:56, Info CSI 000001a2 [SR] Beginning Verify and Repair transaction
2012-08-19 11:40:05, Info CSI 000001a7 [SR] Verify complete
2012-08-19 11:40:06, Info CSI 000001a8 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:40:06, Info CSI 000001a9 [SR] Beginning Verify and Repair transaction
2012-08-19 11:40:15, Info CSI 000001ab [SR] Verify complete
2012-08-19 11:40:15, Info CSI 000001ac [SR] Verifying 100 (0x00000064) components
2012-08-19 11:40:15, Info CSI 000001ad [SR] Beginning Verify and Repair transaction
2012-08-19 11:40:27, Info CSI 000001af [SR] Verify complete
2012-08-19 11:40:28, Info CSI 000001b0 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:40:28, Info CSI 000001b1 [SR] Beginning Verify and Repair transaction
2012-08-19 11:40:31, Info CSI 000001b3 [SR] Verify complete
2012-08-19 11:40:32, Info CSI 000001b4 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:40:32, Info CSI 000001b5 [SR] Beginning Verify and Repair transaction
2012-08-19 11:40:39, Info CSI 000001b7 [SR] Verify complete
2012-08-19 11:40:39, Info CSI 000001b8 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:40:39, Info CSI 000001b9 [SR] Beginning Verify and Repair transaction
2012-08-19 11:40:49, Info CSI 000001bb [SR] Verify complete
2012-08-19 11:40:49, Info CSI 000001bc [SR] Verifying 100 (0x00000064) components
2012-08-19 11:40:49, Info CSI 000001bd [SR] Beginning Verify and Repair transaction
2012-08-19 11:40:57, Info CSI 000001bf [SR] Verify complete
2012-08-19 11:40:58, Info CSI 000001c0 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:40:58, Info CSI 000001c1 [SR] Beginning Verify and Repair transaction
2012-08-19 11:41:03, Info CSI 000001c3 [SR] Verify complete
2012-08-19 11:41:04, Info CSI 000001c4 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:41:04, Info CSI 000001c5 [SR] Beginning Verify and Repair transaction
2012-08-19 11:41:21, Info CSI 000001c7 [SR] Verify complete
2012-08-19 11:41:21, Info CSI 000001c8 [SR] Verifying 100 (0x00000064) components
2012-08-19 11:41:21, Info CSI 000001c9 [SR] Beginning Verify and Repair transaction
2012-08-19 11:41:27, Info CSI 000001cb [SR] Verify complete
2012-08-19 11:41:27, Info CSI 000001cc [SR] Verifying 100 (0x00000064) components
2012-08-19 11:41:27, Info CSI 000001cd [SR] Beginning Verify and Repair transaction
2012-08-19 11:41:37, Info CSI 000001d8 [SR] Verify complete
2012-08-19 11:41:38, Info CSI 000001d9 [SR] Verifying 62 (0x0000003e) components
2012-08-19 11:41:38, Info CSI 000001da [SR] Beginning Verify and Repair transaction
2012-08-19 11:41:42, Info CSI 000001dc [SR] Verify complete
2012-08-19 11:41:42, Info CSI 000001dd [SR] Repairing 1 components
2012-08-19 11:41:42, Info CSI 000001de [SR] Beginning Verify and Repair transaction
2012-08-19 11:41:42, Info CSI 000001e0 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-19 11:41:43, Info CSI 000001e2 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-08-19 11:41:43, Info CSI 000001e3 [SR] This component was referenced by [l:158{79}]"Package_16_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.948465-49_neutral_GDR"
2012-08-19 11:41:43, Info CSI 000001e5 [SR] Repair complete
2012-08-19 11:41:43, Info CSI 000001e6 [SR] Committing transaction
2012-08-19 11:41:43, Info CSI 000001ea [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 PM

Posted 19 August 2012 - 01:03 PM

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#9 Wags89

Wags89
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 19 August 2012 - 01:32 PM

Run in Safe mode.


Farbar Service Scanner Version: 06-08-2012
Ran by Greg Wagner (administrator) on 19-08-2012 at 14:20:13
Running from "C:\Users\Greg Wagner\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

PlugPlay Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by Wags89, 19 August 2012 - 01:33 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 PM

Posted 20 August 2012 - 10:33 AM

Important. Please print these instructions and follow them carefully.

1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.
FYI
http://www.myantispyware.com/2010/02/27/how-to-backup-windows-registry-using-erunt/
===

Please download the following files on your Desktop:

http://download.bleepingcomputer.com/win-services/vista/Dnscache.reg
http://download.bleepingcomputer.com/win-services/vista/nsi.reg
http://download.bleepingcomputer.com/win-services/vista/PlugPlay.reg

Now, one by one, right-click on them and click "Merge". Allow registry merge.


When you finish, reboot your system and then generate a new fresh Farbar Service Scanner log.

===

Let me know what problem persists.

#11 Wags89

Wags89
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 20 August 2012 - 08:48 PM

nasdaq, I'm accessing the forum with my laptop. First time since it crashed. Audio is restored. I can connect to the internet, email, see my home network, but the network icon in the system tray still has a red X through it. "..service does not exist.." . FSS would not run in normal mode nor CCleaner. Both "..service does not.." Here is the updated FSS log.

Thanks,
Greg


Farbar Service Scanner Version: 06-08-2012
Ran by Greg Wagner (administrator) on 20-08-2012 at 21:38:34
Running from "C:\Users\Greg Wagner\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-20 22:24] - [2008-01-20 22:24] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 PM

Posted 21 August 2012 - 09:29 AM

Try to run ComboFix in normal mode and post the log.

Let me know what problem persists.

#13 Wags89

Wags89
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 21 August 2012 - 07:58 PM

Same problems persist. Had to run Combofix in Safe Mode.


ComboFix 12-08-21.02 - Greg Wagner 08/21/2012 20:28:05.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.2253 [GMT -4:00]
Running from: c:\users\Greg Wagner\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))
.
.
2012-08-22 00:37 . 2012-08-22 00:37 -------- d-----w- c:\users\Greg Wagner\AppData\Local\temp
2012-08-22 00:37 . 2012-08-22 00:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-20 21:40 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-20 21:13 . 2012-08-20 21:13 -------- d-----w- c:\program files\ERUNT
2012-08-12 02:12 . 2012-08-12 02:12 -------- d-----w- c:\program files\Runtime Software
2012-08-11 21:51 . 2012-08-11 21:51 -------- d-----w- C:\FRST
2012-08-11 00:03 . 2012-08-11 00:19 -------- d-----w- c:\program files\stinger
2012-08-06 02:35 . 2012-08-06 02:37 -------- d-----w- c:\programdata\036E1E737FBC0381577263192F3B707C
2012-08-04 19:26 . 2012-05-25 21:09 29312 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2012-08-04 19:26 . 2012-02-22 17:29 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-08-03 02:01 . 2010-10-14 02:28 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2012-08-03 02:01 . 2012-02-22 17:29 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-08-03 02:00 . 2012-02-22 17:29 64912 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-08-03 02:00 . 2012-02-22 17:29 169608 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-08-03 02:00 . 2012-08-11 00:03 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-08-03 02:00 . 2012-02-22 17:29 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-08-03 02:00 . 2012-02-22 17:29 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-08-03 02:00 . 2012-02-22 17:29 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-08-03 01:59 . 2012-08-03 02:02 -------- d-----w- c:\program files\Common Files\Mcafee
2012-08-03 01:59 . 2012-08-03 01:59 -------- d-----w- c:\program files\McAfee.com
2012-08-03 01:57 . 2012-08-11 00:03 159608 ----a-w- c:\windows\system32\mfevtps.exe
2012-08-03 01:53 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D002F041-32F2-4850-AEFD-509477FFC941}\mpengine.dll
2012-07-25 23:22 . 2012-07-25 23:22 -------- d-----w- c:\program files\Defraggler
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-20 22:49 . 2012-07-18 01:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-20 22:49 . 2011-05-21 02:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-11 00:03 . 2010-10-14 04:28 475704 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-07-01 22:29 . 2012-07-01 22:29 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-15 01:52 . 2012-06-15 01:52 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 16:47 . 2012-07-11 23:23 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 23:23 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 23:22 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-21 11:43 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:43 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 11:43 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:43 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 11:43 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 11:43 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 11:43 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 11:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 11:42 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04 . 2012-07-11 23:22 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 23:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 16:25 . 2009-10-04 22:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2010-07-28 02:11 . 2009-11-12 23:45 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-10-14 02:28 . 2012-08-03 02:01 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29c0f5ff-3564-46bc-9f4a-50c73f426486}]
2010-10-27 20:13 81920 ----a-w- c:\program files\armadacustomtoolbar\armadacustomtoolbarX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{29c0f5ff-3564-46bc-9f4a-50c73f426486}"= "c:\program files\armadacustomtoolbar\armadacustomtoolbarX.dll" [2010-10-27 81920]
.
[HKEY_CLASSES_ROOT\clsid\{29c0f5ff-3564-46bc-9f4a-50c73f426486}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Greg Wagner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Greg Wagner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Greg Wagner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-24 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"chromium"="c:\users\Greg Wagner\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-07-31 1229848]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2012-07-24 3091296]
"MotoCast"="c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-06-15 1855]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-03 17417392]
"Facebook Update"="c:\users\Greg Wagner\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-28 30192]
.
c:\users\Greg Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Greg Wagner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 3983760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Xacti Screen Capture 1.1.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Xacti Screen Capture 1.1.lnk
backup=c:\windows\pss\Xacti Screen Capture 1.1.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 00:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 00:54 138096 ----atw- c:\users\Greg Wagner\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-05-01 02:00 133104 ----atw- c:\users\Greg Wagner\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-04-08 22:14 6037504 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetIcon]
2004-04-28 18:02 42496 ----a-w- c:\program files\SMSC\SetIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-24 19:58 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [x]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
*NewlyCreated* - PXHELP20
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bdx REG_MULTI_SZ sysagent
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 22:49]
.
2012-08-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2875643067-1621112102-2647771907-1000Core.job
- c:\users\Greg Wagner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 00:54]
.
2012-08-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2875643067-1621112102-2647771907-1000UA.job
- c:\users\Greg Wagner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 00:54]
.
2012-08-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-05 18:31]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 00:56]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 00:56]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2875643067-1621112102-2647771907-1000Core.job
- c:\users\Greg Wagner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-01 02:00]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2875643067-1621112102-2647771907-1000UA.job
- c:\users\Greg Wagner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-01 02:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: disa.mil
Trusted Zone: line6.net
Trusted Zone: navy.mil
Trusted Zone: navy.mil\chart.donhr
Trusted Zone: navy.mil\webmail.east.nmci
Trusted Zone: osd.mil
Trusted Zone: osd.mil\dtsproweb.defensetravel
Trusted Zone: osd.mil\www.defensetravel
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
DPF: {155E724D-D3EE-4078-B226-871EF322E512} - hxxps://ucstcdom02.ahf.nmci.navy.mil/system/webref01.nsf/(vwfiles)/hqwebeip/$file/dliuploaderpro.cab
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\users\Greg Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\eikuis8k.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ArmadaCustom Toolbar: {29c0f5ff-3564-46bc-9f4a-50c73f426486} - %profile%\extensions\{29c0f5ff-3564-46bc-9f4a-50c73f426486}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-21 20:37
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1952)
c:\users\Greg Wagner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-08-21 20:40:20
ComboFix-quarantined-files.txt 2012-08-22 00:40
ComboFix2.txt 2012-08-19 14:58
ComboFix3.txt 2012-08-18 18:53
.
Pre-Run: 45,941,370,880 bytes free
Post-Run: 45,718,188,032 bytes free
.
- - End Of File - - 638ACDAB6209CA1353D1467EDE7C4E46

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 PM

Posted 22 August 2012 - 09:05 AM

but the network icon in the system tray still has a red X through it. "..service does not exist.." . FSS would not run in normal mode nor CCleaner. Both "..service does not.." Here is the updated FSS log.


Try this and let me know if the problem persists.

How can I disable the User Account Control (UAC) feature on my Windows Vista computer?
http://www.petri.co.il/disable_uac_in_windows_vista.htm

===

#15 Wags89

Wags89
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 22 August 2012 - 07:26 PM

Everything seems to be working in Normal mode. I still have the Red X in the Network Icon in the system tray.

Here is an updated ComboFix run.



ComboFix 12-08-22.03 - Greg Wagner 08/22/2012 18:39:25.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.1813 [GMT -4:00]
Running from: c:\users\Greg Wagner\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))
.
.
2012-08-22 22:50 . 2012-08-22 22:50 -------- d-----w- c:\users\Greg Wagner\AppData\Local\temp
2012-08-22 22:50 . 2012-08-22 22:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-20 21:40 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-20 21:13 . 2012-08-20 21:13 -------- d-----w- c:\program files\ERUNT
2012-08-12 02:12 . 2012-08-12 02:12 -------- d-----w- c:\program files\Runtime Software
2012-08-11 21:51 . 2012-08-11 21:51 -------- d-----w- C:\FRST
2012-08-11 00:03 . 2012-08-11 00:19 -------- d-----w- c:\program files\stinger
2012-08-06 02:35 . 2012-08-06 02:37 -------- d-----w- c:\programdata\036E1E737FBC0381577263192F3B707C
2012-08-04 19:26 . 2012-05-25 21:09 29312 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2012-08-04 19:26 . 2012-02-22 17:29 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-08-03 02:01 . 2010-10-14 02:28 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2012-08-03 02:01 . 2012-02-22 17:29 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-08-03 02:00 . 2012-02-22 17:29 64912 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2012-08-03 02:00 . 2012-02-22 17:29 169608 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-08-03 02:00 . 2012-08-11 00:03 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-08-03 02:00 . 2012-02-22 17:29 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-08-03 02:00 . 2012-02-22 17:29 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-08-03 02:00 . 2012-02-22 17:29 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-08-03 01:59 . 2012-08-03 02:02 -------- d-----w- c:\program files\Common Files\Mcafee
2012-08-03 01:59 . 2012-08-03 01:59 -------- d-----w- c:\program files\McAfee.com
2012-08-03 01:57 . 2012-08-11 00:03 159608 ----a-w- c:\windows\system32\mfevtps.exe
2012-08-03 01:53 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D002F041-32F2-4850-AEFD-509477FFC941}\mpengine.dll
2012-07-25 23:22 . 2012-07-25 23:22 -------- d-----w- c:\program files\Defraggler
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-20 22:49 . 2012-07-18 01:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-20 22:49 . 2011-05-21 02:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-11 00:03 . 2010-10-14 04:28 475704 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-07-01 22:29 . 2012-07-01 22:29 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-15 01:52 . 2012-06-15 01:52 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 16:47 . 2012-07-11 23:23 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 23:23 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 23:22 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-21 11:43 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:43 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 11:43 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:43 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 11:43 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 11:43 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 11:43 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 11:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 11:42 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04 . 2012-07-11 23:22 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 23:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 16:25 . 2009-10-04 22:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2010-07-28 02:11 . 2009-11-12 23:45 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-10-14 02:28 . 2012-08-03 02:01 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29c0f5ff-3564-46bc-9f4a-50c73f426486}]
2010-10-27 20:13 81920 ----a-w- c:\program files\armadacustomtoolbar\armadacustomtoolbarX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{29c0f5ff-3564-46bc-9f4a-50c73f426486}"= "c:\program files\armadacustomtoolbar\armadacustomtoolbarX.dll" [2010-10-27 81920]
.
[HKEY_CLASSES_ROOT\clsid\{29c0f5ff-3564-46bc-9f4a-50c73f426486}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Greg Wagner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Greg Wagner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Greg Wagner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-24 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"chromium"="c:\users\Greg Wagner\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-08-17 1229848]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2012-07-24 3091296]
"MotoCast"="c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-06-15 1855]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-03 17417392]
"Facebook Update"="c:\users\Greg Wagner\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-28 30192]
.
c:\users\Greg Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Greg Wagner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 3983760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Xacti Screen Capture 1.1.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Xacti Screen Capture 1.1.lnk
backup=c:\windows\pss\Xacti Screen Capture 1.1.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 00:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 00:54 138096 ----atw- c:\users\Greg Wagner\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-05-01 02:00 133104 ----atw- c:\users\Greg Wagner\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-04-08 22:14 6037504 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetIcon]
2004-04-28 18:02 42496 ----a-w- c:\program files\SMSC\SetIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-24 19:58 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bdx REG_MULTI_SZ sysagent
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 22:49]
.
2012-08-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2875643067-1621112102-2647771907-1000Core.job
- c:\users\Greg Wagner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 00:54]
.
2012-08-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2875643067-1621112102-2647771907-1000UA.job
- c:\users\Greg Wagner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 00:54]
.
2012-08-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-05 18:31]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 00:56]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 00:56]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2875643067-1621112102-2647771907-1000Core.job
- c:\users\Greg Wagner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-01 02:00]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2875643067-1621112102-2647771907-1000UA.job
- c:\users\Greg Wagner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-01 02:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: disa.mil
Trusted Zone: line6.net
Trusted Zone: navy.mil
Trusted Zone: navy.mil\chart.donhr
Trusted Zone: navy.mil\webmail.east.nmci
Trusted Zone: osd.mil
Trusted Zone: osd.mil\dtsproweb.defensetravel
Trusted Zone: osd.mil\www.defensetravel
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
DPF: {155E724D-D3EE-4078-B226-871EF322E512} - hxxps://ucstcdom02.ahf.nmci.navy.mil/system/webref01.nsf/(vwfiles)/hqwebeip/$file/dliuploaderpro.cab
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\users\Greg Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\eikuis8k.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ArmadaCustom Toolbar: {29c0f5ff-3564-46bc-9f4a-50c73f426486} - %profile%\extensions\{29c0f5ff-3564-46bc-9f4a-50c73f426486}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-22 18:50
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1388)
c:\users\Greg Wagner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-08-22 18:54:02
ComboFix-quarantined-files.txt 2012-08-22 22:53
ComboFix2.txt 2012-08-22 00:40
ComboFix3.txt 2012-08-19 14:58
ComboFix4.txt 2012-08-18 18:53
.
Pre-Run: 45,539,815,424 bytes free
Post-Run: 45,516,537,856 bytes free
.
- - End Of File - - 4364ACCCFDC456DDCEAA6B8CA5C540D9




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users