Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to open recent downloads


  • This topic is locked This topic is locked
19 replies to this topic

#1 caperam

caperam

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:25 PM

Posted 12 November 2013 - 09:31 AM

My computer has been acting up for the past several days.  Whenever I download anything and try to run it I get the following message "Windows cannot find C:\Users\Home|Desktop\DDS.com.  Make sure you typed the name correctly and try again".  This happens with every single thing I've downloaded and I'm beginning to suspect it has something to do with a recent Adobe download so I tried to uninstall Adobe Reader 11 and a couple of Adobe add-ons and got the message "You need permission to perform this action".

 

I did manage to run DDS but I had to run it in safe mode (same thing with MBAM).  Any help would be GREATLY appreciated!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.45.2
Run by home at 9:53:54 on 2013-11-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.4061.3359 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.toggle.com/en/index.php?rvs=google
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_x3910&r=17361210j507p0448v155w46k1v27o
mSearch Page = hxxp://www.toggle.com/en/index.php?rvs=google
BHO: Zoomex: {2341364A-D38D-B87E-0718-5222AF17BADB} - 
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [AdobeBridge] <no file>
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{43732421-B347-4BCE-98C4-5F329F89389D} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{CC80F4B6-7611-475A-BB88-9F1E61E3110D} : DHCPNameServer = 207.219.69.11 216.218.29.11
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files (x86)\QuickTax 2009\ic2009pp.dll
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - <orphaned>
x64-Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - <orphaned>
x64-Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-6-22 781312]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-6-22 343568]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-19 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-19 328928]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-8-31 219272]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-8-31 182752]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-8-31 70112]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-8-31 519192]
R3 SIUSBXP;SIUSBXP;C:\Windows\System32\drivers\SiUSBXp.sys [2012-10-25 26856]
S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Fitbit;Fitbit Data Uploader;C:\Program Files (x86)\Fitbit\fitbit.exe [2012-10-25 770080]
S2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
S2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-19 328928]
S2 HPHNDUSVC;HP Home Network Diagnostic Support Service;C:\Windows\System32\svchost.exe -k HPHNDUService [2009-7-13 27136]
S2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-4-23 255376]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2013-10-3 121616]
S2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-10-19 178048]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-19 328928]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-19 328928]
S2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-10-19 1017016]
S2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-5-16 69640]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-11-11 3921880]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-11-11 1042272]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-11-11 171416]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-10-19 197704]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-4-2 138752]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-8-31 310224]
S3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2013-9-20 390552]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2013-9-20 95984]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-2-1 305520]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-27 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-27 1255736]
.
=============== Created Last 30 ================
.
2013-11-12 13:39:37 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B49671EF-C12B-4BB1-8EFB-42ADEE8421B7}\mpengine.dll
2013-11-12 13:11:37 -------- d-----w- C:\Users\home\AppData\Roaming\PDAppFlex
2013-11-11 23:29:46 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2013-11-11 22:58:19 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-11-11 22:58:15 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-11 20:51:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-11-11 20:51:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-11 20:45:09 -------- d-sh--w- C:\$RECYCLE.BIN
2013-11-11 17:13:12 -------- d-----w- C:\ProgramData\WordPerfect Office X6
2013-11-09 20:30:08 -------- d-----w- C:\ProgramData\SecTaskMan
2013-11-09 20:16:11 -------- d-----w- C:\Users\home\AppData\Roaming\Uniblue
2013-11-01 15:06:08 -------- d-----w- C:\Program Files (x86)\Rapid Resizer
2013-10-28 18:22:20 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-27 22:45:47 -------- d-----w- C:\Program Files\iPod
2013-10-27 22:45:46 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-27 22:45:46 -------- d-----w- C:\Program Files\iTunes
2013-10-27 22:45:46 -------- d-----w- C:\Program Files (x86)\iTunes
2013-10-24 16:52:02 -------- d-----w- C:\Users\home\AppData\Roaming\iPumper
2013-10-21 20:06:05 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2013-10-19 23:44:48 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
.
==================== Find3M  ====================
.
2013-10-08 18:14:10 17226632 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-09-24 23:29:46 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2013-09-24 23:25:40 343568 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2013-09-24 23:25:24 182752 ----a-w- C:\Windows\System32\mfevtps.exe
2013-09-24 23:22:48 781312 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2013-09-24 23:21:32 519192 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2013-09-24 23:20:28 310224 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2013-09-24 23:19:56 179664 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-20 12:38:30 10856 ----a-w- C:\Windows\System32\drivers\mfeclnrk.sys
2013-09-20 12:38:14 95984 ----a-w- C:\Windows\System32\drivers\mfencrk.sys
2013-09-20 12:37:56 390552 ----a-w- C:\Windows\System32\drivers\mfencbdc.sys
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-03 17:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
.
============= FINISH:  9:55:02.14 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 caperam

caperam
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:25 PM

Posted 12 November 2013 - 03:15 PM

Update!!  I decided to check McAfee's logs and discovered I have a Trojan called Artemis!9026520E9EF5 that's been quarantined.  There are also a couple of thousand suspicious incoming network connections that have been blocked.

 

I hope this is helpful to whoever might try to solve my problem.



#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 PM

Posted 13 November 2013 - 04:12 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Your problem is that you´ve replied to your own topic - what shows the helpers that this topic is already in progress.

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#4 caperam

caperam
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:25 PM

Posted 13 November 2013 - 08:35 AM

Good Morning Marius and thank you for your help.

 

I downloaded GMER but was unable to run it.  I got the same message "Windows cannot find C:\Users\home\Desktop\75iez8ee.exe.  Make sure you typed the name correctly and try again".

 

I restarted in safe mode and ran it but it found nothing, "GMER hasn't found any system modifications", so there was no log to save. 

 

I am unable to open anything or run any scans unless my computer is in safe mode.



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 PM

Posted 13 November 2013 - 08:43 AM

System File Check

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"



Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 caperam

caperam
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:25 PM

Posted 13 November 2013 - 09:16 AM

When I tried to run the sfc scan in normal mode I got the message "You must be an administrator running a console session in order to use the sfc utility".

 

I restarted in safe mode again and was able to run the scan and got the following message "Windows Resource Protection found corrupt files and successfully repaired them.  Details are included in the CBS.Log".  Do you want me to copy and paste the CBS log?



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 PM

Posted 13 November 2013 - 09:43 AM

No, we have to filter it first.

 

 

Filter SFC log file

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"



Within the opening window, write the following:

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >sfcdetails.txt


  • Hit enter. The tool will create a textfile named sfcdetails.txt within the folder where you ran the command, for example C:\windows\system32\.
    Attach this file to your next reply.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 caperam

caperam
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:25 PM

Posted 13 November 2013 - 10:00 AM

Here you go.  Again just a reminder, all these scans are being done while in safe mode as I cannot run anything in normal mode.

 

2013-11-13 09:55:14, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:55:14, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2013-11-13 09:55:16, Info                  CSI    0000000c [SR] Verify complete
2013-11-13 09:55:17, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:55:17, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2013-11-13 09:55:18, Info                  CSI    00000010 [SR] Verify complete
2013-11-13 09:55:19, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:55:19, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2013-11-13 09:55:21, Info                  CSI    00000014 [SR] Verify complete
2013-11-13 09:55:22, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:55:22, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2013-11-13 09:55:23, Info                  CSI    00000018 [SR] Verify complete
2013-11-13 09:55:24, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:55:24, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2013-11-13 09:55:25, Info                  CSI    0000001c [SR] Verify complete
2013-11-13 09:55:26, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:55:26, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2013-11-13 09:55:28, Info                  CSI    00000020 [SR] Verify complete
2013-11-13 09:55:28, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:55:28, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2013-11-13 09:55:31, Info                  CSI    00000024 [SR] Verify complete
2013-11-13 09:55:31, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:55:31, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2013-11-13 09:55:34, Info                  CSI    00000028 [SR] Verify complete
2013-11-13 09:55:35, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:55:35, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2013-11-13 09:55:37, Info                  CSI    0000002c [SR] Verify complete
2013-11-13 09:55:37, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:55:37, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2013-11-13 09:55:39, Info                  CSI    00000030 [SR] Verify complete
2013-11-13 09:55:40, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:55:40, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2013-11-13 09:55:42, Info                  CSI    00000034 [SR] Verify complete
2013-11-13 09:55:42, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:55:42, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
2013-11-13 09:55:45, Info                  CSI    00000038 [SR] Verify complete
2013-11-13 09:55:45, Info                  CSI    00000039 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:55:45, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
2013-11-13 09:55:47, Info                  CSI    0000003c [SR] Verify complete
2013-11-13 09:55:47, Info                  CSI    0000003d [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:55:47, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
2013-11-13 09:55:49, Info                  CSI    00000040 [SR] Verify complete
2013-11-13 09:55:49, Info                  CSI    00000041 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:55:49, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
2013-11-13 09:55:53, Info                  CSI    00000045 [SR] Verify complete
2013-11-13 09:55:54, Info                  CSI    00000046 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:55:54, Info                  CSI    00000047 [SR] Beginning Verify and Repair transaction
2013-11-13 09:55:58, Info                  CSI    0000004c [SR] Verify complete
2013-11-13 09:55:58, Info                  CSI    0000004d [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:55:58, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
2013-11-13 09:56:02, Info                  CSI    00000050 [SR] Verify complete
2013-11-13 09:56:02, Info                  CSI    00000051 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:56:02, Info                  CSI    00000052 [SR] Beginning Verify and Repair transaction
2013-11-13 09:56:05, Info                  CSI    00000054 [SR] Verify complete
2013-11-13 09:56:05, Info                  CSI    00000055 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:56:05, Info                  CSI    00000056 [SR] Beginning Verify and Repair transaction
2013-11-13 09:56:09, Info                  CSI    00000069 [SR] Verify complete
2013-11-13 09:56:09, Info                  CSI    0000006a [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:56:09, Info                  CSI    0000006b [SR] Beginning Verify and Repair transaction
2013-11-13 09:56:13, Info                  CSI    0000007f [SR] Verify complete
2013-11-13 09:56:13, Info                  CSI    00000080 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:56:13, Info                  CSI    00000081 [SR] Beginning Verify and Repair transaction
2013-11-13 09:56:17, Info                  CSI    00000083 [SR] Verify complete
2013-11-13 09:56:18, Info                  CSI    00000084 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:56:18, Info                  CSI    00000085 [SR] Beginning Verify and Repair transaction
2013-11-13 09:56:21, Info                  CSI    00000087 [SR] Verify complete
2013-11-13 09:56:21, Info                  CSI    00000088 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:56:21, Info                  CSI    00000089 [SR] Beginning Verify and Repair transaction
2013-11-13 09:56:26, Info                  CSI    0000008b [SR] Verify complete
2013-11-13 09:56:26, Info                  CSI    0000008c [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:56:26, Info                  CSI    0000008d [SR] Beginning Verify and Repair transaction
2013-11-13 09:56:30, Info                  CSI    0000008f [SR] Verify complete
2013-11-13 09:56:30, Info                  CSI    00000090 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:56:30, Info                  CSI    00000091 [SR] Beginning Verify and Repair transaction
2013-11-13 09:56:34, Info                  CSI    00000093 [SR] Verify complete
2013-11-13 09:56:34, Info                  CSI    00000094 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:56:34, Info                  CSI    00000095 [SR] Beginning Verify and Repair transaction
2013-11-13 09:56:40, Info                  CSI    000000b5 [SR] Verify complete
2013-11-13 09:56:41, Info                  CSI    000000b6 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:56:41, Info                  CSI    000000b7 [SR] Beginning Verify and Repair transaction
2013-11-13 09:56:46, Info                  CSI    000000b9 [SR] Verify complete
2013-11-13 09:56:46, Info                  CSI    000000ba [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:56:46, Info                  CSI    000000bb [SR] Beginning Verify and Repair transaction
2013-11-13 09:56:55, Info                  CSI    000000bd [SR] Verify complete
2013-11-13 09:56:55, Info                  CSI    000000be [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:56:55, Info                  CSI    000000bf [SR] Beginning Verify and Repair transaction
2013-11-13 09:57:01, Info                  CSI    000000c3 [SR] Verify complete
2013-11-13 09:57:02, Info                  CSI    000000c4 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:57:02, Info                  CSI    000000c5 [SR] Beginning Verify and Repair transaction
2013-11-13 09:57:03, Info                  CSI    000000c7 [SR] Verify complete
2013-11-13 09:57:04, Info                  CSI    000000c8 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:57:04, Info                  CSI    000000c9 [SR] Beginning Verify and Repair transaction
2013-11-13 09:57:05, Info                  CSI    000000cb [SR] Verify complete
2013-11-13 09:57:05, Info                  CSI    000000cc [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:57:05, Info                  CSI    000000cd [SR] Beginning Verify and Repair transaction
2013-11-13 09:57:07, Info                  CSI    000000cf [SR] Verify complete
2013-11-13 09:57:08, Info                  CSI    000000d0 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:57:08, Info                  CSI    000000d1 [SR] Beginning Verify and Repair transaction
2013-11-13 09:57:12, Info                  CSI    000000e4 [SR] Verify complete
2013-11-13 09:57:12, Info                  CSI    000000e5 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:57:12, Info                  CSI    000000e6 [SR] Beginning Verify and Repair transaction
2013-11-13 09:57:14, Info                  CSI    000000e8 [SR] Verify complete
2013-11-13 09:57:14, Info                  CSI    000000e9 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:57:14, Info                  CSI    000000ea [SR] Beginning Verify and Repair transaction
2013-11-13 09:57:17, Info                  CSI    000000ec [SR] Verify complete
2013-11-13 09:57:17, Info                  CSI    000000ed [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:57:17, Info                  CSI    000000ee [SR] Beginning Verify and Repair transaction
2013-11-13 09:57:19, Info                  CSI    000000f0 [SR] Verify complete
2013-11-13 09:57:19, Info                  CSI    000000f1 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:57:19, Info                  CSI    000000f2 [SR] Beginning Verify and Repair transaction
2013-11-13 09:57:25, Info                  CSI    000000f5 [SR] Verify complete
2013-11-13 09:57:25, Info                  CSI    000000f6 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:57:25, Info                  CSI    000000f7 [SR] Beginning Verify and Repair transaction
2013-11-13 09:57:30, Info                  CSI    000000fa [SR] Verify complete
2013-11-13 09:57:30, Info                  CSI    000000fb [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:57:30, Info                  CSI    000000fc [SR] Beginning Verify and Repair transaction
2013-11-13 09:57:32, Info                  CSI    000000fe [SR] Verify complete
2013-11-13 09:57:33, Info                  CSI    000000ff [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:57:33, Info                  CSI    00000100 [SR] Beginning Verify and Repair transaction
2013-11-13 09:57:34, Info                  CSI    00000102 [SR] Verify complete
2013-11-13 09:57:35, Info                  CSI    00000103 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:57:35, Info                  CSI    00000104 [SR] Beginning Verify and Repair transaction
2013-11-13 09:57:39, Info                  CSI    00000105 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:22{11}]"consent.exe" from store
2013-11-13 09:57:40, Info                  CSI    00000107 [SR] Verify complete
2013-11-13 09:57:40, Info                  CSI    00000108 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:57:40, Info                  CSI    00000109 [SR] Beginning Verify and Repair transaction
2013-11-13 09:57:44, Info                  CSI    0000010b [SR] Verify complete
2013-11-13 09:57:45, Info                  CSI    0000010c [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:57:45, Info                  CSI    0000010d [SR] Beginning Verify and Repair transaction
2013-11-13 09:57:51, Info                  CSI    0000010f [SR] Verify complete
2013-11-13 09:57:51, Info                  CSI    00000110 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:57:51, Info                  CSI    00000111 [SR] Beginning Verify and Repair transaction
2013-11-13 09:57:57, Info                  CSI    00000129 [SR] Verify complete
2013-11-13 09:57:57, Info                  CSI    0000012a [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:57:57, Info                  CSI    0000012b [SR] Beginning Verify and Repair transaction
2013-11-13 09:58:01, Info                  CSI    0000012d [SR] Verify complete
2013-11-13 09:58:02, Info                  CSI    0000012e [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:58:02, Info                  CSI    0000012f [SR] Beginning Verify and Repair transaction
2013-11-13 09:58:12, Info                  CSI    00000131 [SR] Verify complete
2013-11-13 09:58:12, Info                  CSI    00000132 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:58:12, Info                  CSI    00000133 [SR] Beginning Verify and Repair transaction
2013-11-13 09:58:20, Info                  CSI    00000136 [SR] Verify complete
2013-11-13 09:58:20, Info                  CSI    00000137 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:58:20, Info                  CSI    00000138 [SR] Beginning Verify and Repair transaction
2013-11-13 09:58:25, Info                  CSI    0000013a [SR] Verify complete
2013-11-13 09:58:26, Info                  CSI    0000013b [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:58:26, Info                  CSI    0000013c [SR] Beginning Verify and Repair transaction
2013-11-13 09:58:30, Info                  CSI    0000013e [SR] Verify complete
2013-11-13 09:58:30, Info                  CSI    0000013f [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:58:30, Info                  CSI    00000140 [SR] Beginning Verify and Repair transaction
2013-11-13 09:58:35, Info                  CSI    00000142 [SR] Verify complete
2013-11-13 09:58:35, Info                  CSI    00000143 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:58:35, Info                  CSI    00000144 [SR] Beginning Verify and Repair transaction
2013-11-13 09:58:38, Info                  CSI    00000146 [SR] Verify complete
2013-11-13 09:58:38, Info                  CSI    00000147 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:58:38, Info                  CSI    00000148 [SR] Beginning Verify and Repair transaction
2013-11-13 09:58:41, Info                  CSI    0000014c [SR] Verify complete
2013-11-13 09:58:41, Info                  CSI    0000014d [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:58:41, Info                  CSI    0000014e [SR] Beginning Verify and Repair transaction
2013-11-13 09:58:50, Info                  CSI    00000150 [SR] Verify complete
2013-11-13 09:58:50, Info                  CSI    00000151 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:58:50, Info                  CSI    00000152 [SR] Beginning Verify and Repair transaction
2013-11-13 09:58:53, Info                  CSI    00000155 [SR] Verify complete
2013-11-13 09:58:53, Info                  CSI    00000156 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:58:53, Info                  CSI    00000157 [SR] Beginning Verify and Repair transaction
2013-11-13 09:58:57, Info                  CSI    0000015a [SR] Verify complete
2013-11-13 09:58:57, Info                  CSI    0000015b [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:58:57, Info                  CSI    0000015c [SR] Beginning Verify and Repair transaction
2013-11-13 09:59:01, Info                  CSI    0000015e [SR] Verify complete
2013-11-13 09:59:02, Info                  CSI    0000015f [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:59:02, Info                  CSI    00000160 [SR] Beginning Verify and Repair transaction
2013-11-13 09:59:10, Info                  CSI    00000163 [SR] Verify complete
2013-11-13 09:59:11, Info                  CSI    00000164 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:59:11, Info                  CSI    00000165 [SR] Beginning Verify and Repair transaction
2013-11-13 09:59:16, Info                  CSI    00000167 [SR] Verify complete
2013-11-13 09:59:17, Info                  CSI    00000168 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:59:17, Info                  CSI    00000169 [SR] Beginning Verify and Repair transaction
2013-11-13 09:59:21, Info                  CSI    0000016b [SR] Verify complete
2013-11-13 09:59:21, Info                  CSI    0000016c [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:59:21, Info                  CSI    0000016d [SR] Beginning Verify and Repair transaction
2013-11-13 09:59:25, Info                  CSI    00000170 [SR] Verify complete
2013-11-13 09:59:25, Info                  CSI    00000171 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:59:25, Info                  CSI    00000172 [SR] Beginning Verify and Repair transaction
2013-11-13 09:59:31, Info                  CSI    00000174 [SR] Verify complete
2013-11-13 09:59:31, Info                  CSI    00000175 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:59:31, Info                  CSI    00000176 [SR] Beginning Verify and Repair transaction
2013-11-13 09:59:33, Info                  CSI    00000178 [SR] Verify complete
2013-11-13 09:59:34, Info                  CSI    00000179 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:59:34, Info                  CSI    0000017a [SR] Beginning Verify and Repair transaction
2013-11-13 09:59:38, Info                  CSI    0000017d [SR] Verify complete
2013-11-13 09:59:38, Info                  CSI    0000017e [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:59:38, Info                  CSI    0000017f [SR] Beginning Verify and Repair transaction
2013-11-13 09:59:43, Info                  CSI    00000182 [SR] Verify complete
2013-11-13 09:59:43, Info                  CSI    00000183 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:59:43, Info                  CSI    00000184 [SR] Beginning Verify and Repair transaction
2013-11-13 09:59:47, Info                  CSI    00000187 [SR] Verify complete
2013-11-13 09:59:47, Info                  CSI    00000188 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:59:47, Info                  CSI    00000189 [SR] Beginning Verify and Repair transaction
2013-11-13 09:59:52, Info                  CSI    0000018b [SR] Verify complete
2013-11-13 09:59:52, Info                  CSI    0000018c [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:59:52, Info                  CSI    0000018d [SR] Beginning Verify and Repair transaction
2013-11-13 09:59:56, Info                  CSI    00000190 [SR] Verify complete
2013-11-13 09:59:57, Info                  CSI    00000191 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 09:59:57, Info                  CSI    00000192 [SR] Beginning Verify and Repair transaction
2013-11-13 09:59:59, Info                  CSI    00000194 [SR] Verify complete
2013-11-13 10:00:00, Info                  CSI    00000195 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:00:00, Info                  CSI    00000196 [SR] Beginning Verify and Repair transaction
2013-11-13 10:00:03, Info                  CSI    00000198 [SR] Verify complete
2013-11-13 10:00:03, Info                  CSI    00000199 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:00:03, Info                  CSI    0000019a [SR] Beginning Verify and Repair transaction
2013-11-13 10:00:05, Info                  CSI    0000019c [SR] Verify complete
2013-11-13 10:00:05, Info                  CSI    0000019d [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:00:05, Info                  CSI    0000019e [SR] Beginning Verify and Repair transaction
2013-11-13 10:00:08, Info                  CSI    000001a0 [SR] Verify complete
2013-11-13 10:00:08, Info                  CSI    000001a1 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:00:08, Info                  CSI    000001a2 [SR] Beginning Verify and Repair transaction
2013-11-13 10:00:13, Info                  CSI    000001a4 [SR] Verify complete
2013-11-13 10:00:13, Info                  CSI    000001a5 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:00:13, Info                  CSI    000001a6 [SR] Beginning Verify and Repair transaction
2013-11-13 10:00:15, Info                  CSI    000001a8 [SR] Verify complete
2013-11-13 10:00:16, Info                  CSI    000001a9 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:00:16, Info                  CSI    000001aa [SR] Beginning Verify and Repair transaction
2013-11-13 10:00:20, Info                  CSI    000001ac [SR] Verify complete
2013-11-13 10:00:20, Info                  CSI    000001ad [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:00:20, Info                  CSI    000001ae [SR] Beginning Verify and Repair transaction
2013-11-13 10:00:32, Info                  CSI    000001b0 [SR] Verify complete
2013-11-13 10:00:32, Info                  CSI    000001b1 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:00:32, Info                  CSI    000001b2 [SR] Beginning Verify and Repair transaction
2013-11-13 10:00:44, Info                  CSI    000001b4 [SR] Verify complete
2013-11-13 10:00:44, Info                  CSI    000001b5 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:00:44, Info                  CSI    000001b6 [SR] Beginning Verify and Repair transaction
2013-11-13 10:00:49, Info                  CSI    000001b8 [SR] Verify complete
2013-11-13 10:00:49, Info                  CSI    000001b9 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:00:49, Info                  CSI    000001ba [SR] Beginning Verify and Repair transaction
2013-11-13 10:00:51, Info                  CSI    000001bc [SR] Verify complete
2013-11-13 10:00:51, Info                  CSI    000001bd [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:00:51, Info                  CSI    000001be [SR] Beginning Verify and Repair transaction
2013-11-13 10:00:54, Info                  CSI    000001c0 [SR] Verify complete
2013-11-13 10:00:54, Info                  CSI    000001c1 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:00:54, Info                  CSI    000001c2 [SR] Beginning Verify and Repair transaction
2013-11-13 10:00:57, Info                  CSI    000001c4 [SR] Verify complete
2013-11-13 10:00:57, Info                  CSI    000001c5 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:00:57, Info                  CSI    000001c6 [SR] Beginning Verify and Repair transaction
2013-11-13 10:01:01, Info                  CSI    000001c8 [SR] Verify complete
2013-11-13 10:01:01, Info                  CSI    000001c9 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:01:01, Info                  CSI    000001ca [SR] Beginning Verify and Repair transaction
2013-11-13 10:01:02, Info                  CSI    000001cc [SR] Verify complete
2013-11-13 10:01:02, Info                  CSI    000001cd [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:01:02, Info                  CSI    000001ce [SR] Beginning Verify and Repair transaction
2013-11-13 10:01:03, Info                  CSI    000001d0 [SR] Verify complete
2013-11-13 10:01:04, Info                  CSI    000001d1 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:01:04, Info                  CSI    000001d2 [SR] Beginning Verify and Repair transaction
2013-11-13 10:01:09, Info                  CSI    000001da [SR] Verify complete
2013-11-13 10:01:09, Info                  CSI    000001db [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:01:09, Info                  CSI    000001dc [SR] Beginning Verify and Repair transaction
2013-11-13 10:01:12, Info                  CSI    000001de [SR] Verify complete
2013-11-13 10:01:12, Info                  CSI    000001df [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:01:12, Info                  CSI    000001e0 [SR] Beginning Verify and Repair transaction
2013-11-13 10:01:15, Info                  CSI    000001e2 [SR] Verify complete
2013-11-13 10:01:15, Info                  CSI    000001e3 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:01:15, Info                  CSI    000001e4 [SR] Beginning Verify and Repair transaction
2013-11-13 10:01:20, Info                  CSI    000001e6 [SR] Verify complete
2013-11-13 10:01:20, Info                  CSI    000001e7 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:01:20, Info                  CSI    000001e8 [SR] Beginning Verify and Repair transaction
2013-11-13 10:01:24, Info                  CSI    000001ea [SR] Verify complete
2013-11-13 10:01:25, Info                  CSI    000001eb [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:01:25, Info                  CSI    000001ec [SR] Beginning Verify and Repair transaction
2013-11-13 10:01:28, Info                  CSI    000001ef [SR] Verify complete
2013-11-13 10:01:28, Info                  CSI    000001f0 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:01:28, Info                  CSI    000001f1 [SR] Beginning Verify and Repair transaction
2013-11-13 10:01:30, Info                  CSI    000001f3 [SR] Verify complete
2013-11-13 10:01:30, Info                  CSI    000001f4 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:01:30, Info                  CSI    000001f5 [SR] Beginning Verify and Repair transaction
2013-11-13 10:01:33, Info                  CSI    000001f7 [SR] Verify complete
2013-11-13 10:01:33, Info                  CSI    000001f8 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:01:33, Info                  CSI    000001f9 [SR] Beginning Verify and Repair transaction
2013-11-13 10:01:42, Info                  CSI    000001fd [SR] Verify complete
2013-11-13 10:01:42, Info                  CSI    000001fe [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:01:42, Info                  CSI    000001ff [SR] Beginning Verify and Repair transaction
2013-11-13 10:01:47, Info                  CSI    00000204 [SR] Verify complete
2013-11-13 10:01:48, Info                  CSI    00000205 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:01:48, Info                  CSI    00000206 [SR] Beginning Verify and Repair transaction
2013-11-13 10:01:53, Info                  CSI    00000209 [SR] Verify complete
2013-11-13 10:01:53, Info                  CSI    0000020a [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:01:53, Info                  CSI    0000020b [SR] Beginning Verify and Repair transaction
2013-11-13 10:01:57, Info                  CSI    00000216 [SR] Verify complete
2013-11-13 10:01:58, Info                  CSI    00000217 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:01:58, Info                  CSI    00000218 [SR] Beginning Verify and Repair transaction
2013-11-13 10:02:03, Info                  CSI    0000021d [SR] Verify complete
2013-11-13 10:02:03, Info                  CSI    0000021e [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:02:03, Info                  CSI    0000021f [SR] Beginning Verify and Repair transaction
2013-11-13 10:02:06, Info                  CSI    00000221 [SR] Verify complete
2013-11-13 10:02:07, Info                  CSI    00000222 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:02:07, Info                  CSI    00000223 [SR] Beginning Verify and Repair transaction
2013-11-13 10:02:09, Info                  CSI    00000227 [SR] Verify complete
2013-11-13 10:02:10, Info                  CSI    00000228 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:02:10, Info                  CSI    00000229 [SR] Beginning Verify and Repair transaction
2013-11-13 10:02:12, Info                  CSI    0000022b [SR] Verify complete
2013-11-13 10:02:13, Info                  CSI    0000022c [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:02:13, Info                  CSI    0000022d [SR] Beginning Verify and Repair transaction
2013-11-13 10:02:16, Info                  CSI    00000252 [SR] Verify complete
2013-11-13 10:02:16, Info                  CSI    00000253 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:02:16, Info                  CSI    00000254 [SR] Beginning Verify and Repair transaction
2013-11-13 10:02:19, Info                  CSI    00000256 [SR] Verify complete
2013-11-13 10:02:19, Info                  CSI    00000257 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:02:19, Info                  CSI    00000258 [SR] Beginning Verify and Repair transaction
2013-11-13 10:02:22, Info                  CSI    0000025a [SR] Verify complete
2013-11-13 10:02:22, Info                  CSI    0000025b [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:02:22, Info                  CSI    0000025c [SR] Beginning Verify and Repair transaction
2013-11-13 10:02:26, Info                  CSI    0000025e [SR] Verify complete
2013-11-13 10:02:26, Info                  CSI    0000025f [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:02:26, Info                  CSI    00000260 [SR] Beginning Verify and Repair transaction
2013-11-13 10:02:29, Info                  CSI    0000026e [SR] Verify complete
2013-11-13 10:02:29, Info                  CSI    0000026f [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:02:29, Info                  CSI    00000270 [SR] Beginning Verify and Repair transaction
2013-11-13 10:02:35, Info                  CSI    00000272 [SR] Verify complete
2013-11-13 10:02:35, Info                  CSI    00000273 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:02:35, Info                  CSI    00000274 [SR] Beginning Verify and Repair transaction
2013-11-13 10:02:38, Info                  CSI    00000282 [SR] Verify complete
2013-11-13 10:02:38, Info                  CSI    00000283 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:02:38, Info                  CSI    00000284 [SR] Beginning Verify and Repair transaction
2013-11-13 10:02:40, Info                  CSI    00000286 [SR] Verify complete
2013-11-13 10:02:40, Info                  CSI    00000287 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:02:40, Info                  CSI    00000288 [SR] Beginning Verify and Repair transaction
2013-11-13 10:02:44, Info                  CSI    0000028b [SR] Verify complete
2013-11-13 10:02:44, Info                  CSI    0000028c [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:02:44, Info                  CSI    0000028d [SR] Beginning Verify and Repair transaction
2013-11-13 10:02:46, Info                  CSI    0000028f [SR] Verify complete
2013-11-13 10:02:46, Info                  CSI    00000290 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:02:46, Info                  CSI    00000291 [SR] Beginning Verify and Repair transaction
2013-11-13 10:02:48, Info                  CSI    00000293 [SR] Verify complete
2013-11-13 10:02:48, Info                  CSI    00000294 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:02:48, Info                  CSI    00000295 [SR] Beginning Verify and Repair transaction
2013-11-13 10:02:53, Info                  CSI    00000297 [SR] Verify complete
2013-11-13 10:02:53, Info                  CSI    00000298 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:02:53, Info                  CSI    00000299 [SR] Beginning Verify and Repair transaction
2013-11-13 10:02:57, Info                  CSI    0000029b [SR] Verify complete
2013-11-13 10:02:57, Info                  CSI    0000029c [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:02:57, Info                  CSI    0000029d [SR] Beginning Verify and Repair transaction
2013-11-13 10:03:01, Info                  CSI    000002b7 [SR] Verify complete
2013-11-13 10:03:01, Info                  CSI    000002b8 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:03:01, Info                  CSI    000002b9 [SR] Beginning Verify and Repair transaction
2013-11-13 10:03:04, Info                  CSI    000002bb [SR] Verify complete
2013-11-13 10:03:05, Info                  CSI    000002bc [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:03:05, Info                  CSI    000002bd [SR] Beginning Verify and Repair transaction
2013-11-13 10:03:14, Info                  CSI    000002bf [SR] Verify complete
2013-11-13 10:03:14, Info                  CSI    000002c0 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:03:14, Info                  CSI    000002c1 [SR] Beginning Verify and Repair transaction
2013-11-13 10:03:17, Info                  CSI    000002c3 [SR] Verify complete
2013-11-13 10:03:17, Info                  CSI    000002c4 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:03:17, Info                  CSI    000002c5 [SR] Beginning Verify and Repair transaction
2013-11-13 10:03:20, Info                  CSI    000002c8 [SR] Verify complete
2013-11-13 10:03:20, Info                  CSI    000002c9 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:03:20, Info                  CSI    000002ca [SR] Beginning Verify and Repair transaction
2013-11-13 10:03:22, Info                  CSI    000002cd [SR] Verify complete
2013-11-13 10:03:23, Info                  CSI    000002ce [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:03:23, Info                  CSI    000002cf [SR] Beginning Verify and Repair transaction
2013-11-13 10:03:26, Info                  CSI    000002d1 [SR] Verify complete
2013-11-13 10:03:26, Info                  CSI    000002d2 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:03:26, Info                  CSI    000002d3 [SR] Beginning Verify and Repair transaction
2013-11-13 10:03:29, Info                  CSI    000002d5 [SR] Verify complete
2013-11-13 10:03:29, Info                  CSI    000002d6 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:03:29, Info                  CSI    000002d7 [SR] Beginning Verify and Repair transaction
2013-11-13 10:03:32, Info                  CSI    000002da [SR] Verify complete
2013-11-13 10:03:32, Info                  CSI    000002db [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:03:32, Info                  CSI    000002dc [SR] Beginning Verify and Repair transaction
2013-11-13 10:03:35, Info                  CSI    000002de [SR] Verify complete
2013-11-13 10:03:35, Info                  CSI    000002df [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:03:35, Info                  CSI    000002e0 [SR] Beginning Verify and Repair transaction
2013-11-13 10:03:38, Info                  CSI    000002e2 [SR] Verify complete
2013-11-13 10:03:38, Info                  CSI    000002e3 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:03:38, Info                  CSI    000002e4 [SR] Beginning Verify and Repair transaction
2013-11-13 10:03:41, Info                  CSI    000002e6 [SR] Verify complete
2013-11-13 10:03:42, Info                  CSI    000002e7 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:03:42, Info                  CSI    000002e8 [SR] Beginning Verify and Repair transaction
2013-11-13 10:03:46, Info                  CSI    000002eb [SR] Verify complete
2013-11-13 10:03:46, Info                  CSI    000002ec [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:03:46, Info                  CSI    000002ed [SR] Beginning Verify and Repair transaction
2013-11-13 10:03:49, Info                  CSI    000002ef [SR] Verify complete
2013-11-13 10:03:49, Info                  CSI    000002f0 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:03:49, Info                  CSI    000002f1 [SR] Beginning Verify and Repair transaction
2013-11-13 10:03:53, Info                  CSI    000002f3 [SR] Verify complete
2013-11-13 10:03:53, Info                  CSI    000002f4 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:03:53, Info                  CSI    000002f5 [SR] Beginning Verify and Repair transaction
2013-11-13 10:03:56, Info                  CSI    000002f7 [SR] Verify complete
2013-11-13 10:03:56, Info                  CSI    000002f8 [SR] Verifying 100 (0x0000000000000064) components
2013-11-13 10:03:56, Info                  CSI    000002f9 [SR] Beginning Verify and Repair transaction
2013-11-13 10:04:00, Info                  CSI    000002fb [SR] Verify complete
2013-11-13 10:04:00, Info                  CSI    000002fc [SR] Verifying 38 (0x0000000000000026) components
2013-11-13 10:04:00, Info                  CSI    000002fd [SR] Beginning Verify and Repair transaction
2013-11-13 10:04:01, Info                  CSI    000002ff [SR] Verify complete
2013-11-13 10:04:01, Info                  CSI    00000300 [SR] Repairing 1 components
2013-11-13 10:04:01, Info                  CSI    00000301 [SR] Beginning Verify and Repair transaction
2013-11-13 10:04:01, Info                  CSI    00000302 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:22{11}]"consent.exe" from store
2013-11-13 10:04:01, Info                  CSI    00000304 [SR] Repair complete
2013-11-13 10:04:01, Info                  CSI    00000305 [SR] Committing transaction
2013-11-13 10:04:01, Info                  CSI    00000309 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction  have been successfully repaired


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 PM

Posted 13 November 2013 - 10:47 AM

Try to fix your user profile following the instructions of Microsoft:

 

http://windows.microsoft.com/en-AU/windows-vista/Fix-a-corrupted-user-profile


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 caperam

caperam
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:25 PM

Posted 13 November 2013 - 02:17 PM

OK I've managed to fix my user profile and ran a DDS scan in normal mode.  Do you want me to copy and paste the new log?



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 PM

Posted 14 November 2013 - 02:54 AM

Yes, please upload this log and run gmer as explained in my first reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 caperam

caperam
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:25 PM

Posted 14 November 2013 - 08:46 AM

OK.  Here are my scan results.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.45.2
Run by New Home at 9:25:43 on 2013-11-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.4061.2296 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Fitbit\fitbit.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\Users\New Home\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_x3910&r=17361210j507p0448v155w46k1v27o
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_x3910&r=17361210j507p0448v155w46k1v27o
mSearch Page = hxxp://www.toggle.com/en/index.php?rvs=google
BHO: Zoomex: {2341364A-D38D-B87E-0718-5222AF17BADB} - 
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRunOnce: [CleanSetup] cmd /C rmdir /S /Q "C:\Users\New Home\AppData\Local\Temp\nro.tmp\"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{43732421-B347-4BCE-98C4-5F329F89389D} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{CC80F4B6-7611-475A-BB88-9F1E61E3110D} : DHCPNameServer = 207.219.69.11 216.218.29.11
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files (x86)\QuickTax 2009\ic2009pp.dll
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.48\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - <orphaned>
x64-Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - <orphaned>
x64-Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-6-22 781312]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-6-22 343568]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R2 Fitbit;Fitbit Data Uploader;C:\Program Files (x86)\Fitbit\fitbit.exe [2012-10-25 770080]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-19 328928]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-4-23 255376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2013-10-3 121616]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-10-19 178048]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-19 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-19 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-19 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-19 328928]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-10-19 1017016]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-8-31 219272]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-8-31 182752]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-5-16 69640]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-11-11 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-11-11 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-11-11 171416]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-8-31 70112]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-4-2 138752]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-8-31 310224]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-8-31 519192]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2013-9-20 390552]
R3 SIUSBXP;SIUSBXP;C:\Windows\System32\drivers\SiUSBXp.sys [2012-10-25 26856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HPHNDUSVC;HP Home Network Diagnostic Support Service;C:\Windows\System32\svchost.exe -k HPHNDUService [2009-7-13 27136]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-10-19 197704]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2013-9-20 95984]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-2-1 305520]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-27 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-27 1255736]
.
=============== Created Last 30 ================
.
2013-11-14 07:52:16 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B49671EF-C12B-4BB1-8EFB-42ADEE8421B7}\offreg.dll
2013-11-14 07:01:33 -------- d-----w- C:\6d5e95177b7863a0284d6a332f27
2013-11-13 19:31:12 -------- d-----w- C:\Users\New Home\Program Files (x86)
2013-11-13 18:53:57 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-11-13 18:53:56 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-11-13 18:53:56 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-11-13 18:53:55 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-11-13 18:53:54 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-11-13 18:46:52 -------- d-----w- C:\Users\New Home\AppData\Local\VirtualStore
2013-11-13 18:46:51 -------- d-----w- C:\Users\New Home\AppData\Roaming\Kodak
2013-11-13 18:25:51 -------- d-----w- C:\Users\New Home\MP3 Rocket
2013-11-13 16:47:07 -------- d-----w- C:\Users\New Home\AppData\Local\Research In Motion
2013-11-13 16:47:07 -------- d-----w- C:\Users\New Home\AppData\Local\Programs
2013-11-13 16:24:10 -------- d-----r- C:\Users\New Home\Dropbox
2013-11-13 16:21:51 -------- d-----w- C:\Users\New Home\.swt
2013-11-13 03:08:07 -------- d-----w- C:\Program Files (x86)\mIRC
2013-11-12 13:39:37 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B49671EF-C12B-4BB1-8EFB-42ADEE8421B7}\mpengine.dll
2013-11-11 23:29:46 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2013-11-11 22:58:19 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-11-11 22:58:15 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-11-11 20:51:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-11-11 20:51:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-11 20:45:09 -------- d-sh--w- C:\$RECYCLE.BIN
2013-11-11 17:13:12 -------- d-----w- C:\ProgramData\WordPerfect Office X6
2013-11-09 20:30:08 -------- d-----w- C:\ProgramData\SecTaskMan
2013-11-01 15:06:08 -------- d-----w- C:\Program Files (x86)\Rapid Resizer
2013-10-28 18:22:20 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-27 22:45:47 -------- d-----w- C:\Program Files\iPod
2013-10-27 22:45:46 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-27 22:45:46 -------- d-----w- C:\Program Files\iTunes
2013-10-27 22:45:46 -------- d-----w- C:\Program Files (x86)\iTunes
2013-10-21 20:06:05 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2013-10-19 23:44:48 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
.
==================== Find3M  ====================
.
2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-08 18:14:10 17226632 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-24 23:29:46 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2013-09-24 23:25:40 343568 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2013-09-24 23:25:24 182752 ----a-w- C:\Windows\System32\mfevtps.exe
2013-09-24 23:22:48 781312 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2013-09-24 23:21:32 519192 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2013-09-24 23:20:28 310224 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2013-09-24 23:19:56 179664 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2013-09-20 12:38:30 10856 ----a-w- C:\Windows\System32\drivers\mfeclnrk.sys
2013-09-20 12:38:14 95984 ----a-w- C:\Windows\System32\drivers\mfencrk.sys
2013-09-20 12:37:56 390552 ----a-w- C:\Windows\System32\drivers\mfencbdc.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-03 17:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
.
============= FINISH:  9:26:25.52 ===============
 
 
GMER scan result:  GMER hasn't found any system modifications


#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 PM

Posted 14 November 2013 - 09:10 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 caperam

caperam
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:25 PM

Posted 14 November 2013 - 02:42 PM

Here are the requested logs: 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.14.06
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
New Home :: HOME-PC [administrator]
 
14/11/2013 10:58:49 AM
mbam-log-2013-11-14 (10-58-49).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 321596
Time elapsed: 1 hour(s), 40 minute(s), 56 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
Eset Results:  I thought I had unticked Remove found threats as you instructed, but I think I overlooked that.  I hope it doesn't cause a problem. 
 
C:\$RECYCLE.BIN\S-1-5-21-206672616-250666785-2325490605-1001\$R0RIBSG.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-206672616-250666785-2325490605-1001\$R1LN59E.exe Win32/Graboid application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-206672616-250666785-2325490605-1001\$R1V8Y17.exe Win32/TopMedia.B application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-206672616-250666785-2325490605-1001\$R3DFLUW.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-206672616-250666785-2325490605-1001\$R3YOD1E.exe Win32/SpeedUpMyPC.A application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-206672616-250666785-2325490605-1001\$R5FR5D5.exe Win32/SpeedUpMyPC.A application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-206672616-250666785-2325490605-1001\$RCGWIX9.exe Win32/DownloadAdmin.D application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-206672616-250666785-2325490605-1001\$RDY7AJA.exe Win32/DownloadAdmin.D application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-206672616-250666785-2325490605-1001\$RPG8JUX.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-206672616-250666785-2325490605-1001\$RPXUPAN.exe a variant of Win32/PerfectUninstaller application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-206672616-250666785-2325490605-1001\$RQZUAHX.exe Win32/TopMedia.B application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-206672616-250666785-2325490605-1001\$RS4BXMF.exe Win32/TopMedia.B application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-206672616-250666785-2325490605-1001\$RSBXHF7.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-206672616-250666785-2325490605-1001\$RT1DV23.exe Win32/TopMedia.B application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-206672616-250666785-2325490605-1001\$RTSLYSI.exe Win32/TopMedia.B application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-206672616-250666785-2325490605-1001\$RYEERI0.exe Win32/SpeedUpMyPC.A application cleaned by deleting - quarantined
C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0089ba Win32/SpeedUpMyPC.A application cleaned by deleting - quarantined
C:\Users\New Home\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0089ba Win32/SpeedUpMyPC.A application cleaned by deleting - quarantined
 


#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 PM

Posted 15 November 2013 - 03:49 AM

No, in this case that is ok! :)

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users