0

I just noticed yesterday that I did not have McAfee Security Center installed any more. (beat myself up enough, thanks, but feel free to express shock and dismay.)

When I looked on the pc yesterday morning, there was only a McAfee scan app in c:\program files\mcafee. I have had McAfee on it for probably three years. I was able to go to McAfee's site and download a copy of my subscribed Security Center suite and it installed ok. I ran a scan and nothing came up. It appears to me based on a review of my Event Viewer application log, that I did not have any antivirus on this pc from 5/19/11 until yesterday 8/17/11.

My McAfee a/v subscription was going expire May 21, 2011, so I had renewed it on May 19, 2011 at 8:00 pm Eastern. Here is the Event Viewer application log sequence around that time:

7:48:48 pm 5/19/11 Faulting application: Mcupdate.exe, faulting module Kernel32.dll
8:00 pm  5/19/11 McAfee repurchased (based on confirmation receipt email received from McAfee 
8:32:40 pm 5/19/11 McShield service started, Engine 5400.1158, Dat 6350.0000
9:16:35 pm 5/19/11 The entry <C:\USERS\smitj\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#HOME.MCAFEE.COM\SETTINGS.SOL> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)
­­­­_____

Then three move Event viewer entries (summarized):
9:16:35 pm  5/19/11 Could not contact Filter Driver.
 Error = 0x7e : The specified module could not be found.
­­­­_____
These are the last McLogEvents I have until reinstalling yesterday:

9:16:53 pm 5/19/11 Event ID 5004 Could not contact Filter Driver. Error = 0x7e : The specified module could not be found.
9:16:53 pm 5/19/11 Event ID 5022 MCSCAN32 Engine Initialisation failed. Engine returned error : 1
9:16:53 pm 5/19/11 Event ID 5004 Could not contact Filter Driver.
 Error = 0x7e : The specified module could not be found.
9:16:54 5/19/11 Event ID 5022 MCSCAN32 Engine Initialisation failed. Engine returned error : 1
______
9:27:34 pm 5/19/11 Checkdisk ran.  Here is the checkdisk info:
Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          5/19/2011 9:27:34 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      smith_jones
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         
The allocated length 0xf8 is not in multiple of 0x10 for attribute
of type 0x80 and instance tag 0x0.
Deleting corrupt attribute record (128, "")
from file record segment 91733.
Deleted corrupt attribute list entry
with type code 128 in file 1141.
Unable to locate attribute of type 0x80, lowest vcn 0x0,
instance tag 0x0 in file 0x16655.
Attribute record of type 0x80 and instance tag 0x1 is cross linked
starting at 0x3693f40 for possibly 0x3 clusters.
Attribute record of type 0x80 and instance tag 0x1 is cross linked
starting at 0x3693f40 for possibly 0x3 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x1
in file 0x14537 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 83255.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x1c6a5d for possibly 0x1 clusters.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x1c6a5d for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x146d7 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 83671.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0xb78e for possibly 0x4 clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0xb78e for possibly 0x4 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x28219 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 164377.
  269248 file records processed.                                  

  950 large file records processed.                            

  0 bad file records processed.                              

  0 EA records processed.                                    

  107 reparse records processed.                               

Index entry cleanup.ini of index $I30 in file 0x9621 points to unused file 0x16655.
Deleting index entry cleanup.ini in index $I30 of file 38433.
  340550 index entries processed.                                 

CHKDSK is recovering lost files.
  2 unindexed files processed.                               

  269248 security descriptors processed.                          

Cleaning up 6219 unused index entries from index $SII of file 0x9.
Cleaning up 6219 unused index entries from index $SDH of file 0x9.
Cleaning up 6219 unused security descriptors.
Inserting data attribute into file 1141.
Inserting data attribute into file 83255.
Inserting data attribute into file 83671.
Inserting data attribute into file 164377.
  35656 data files processed.                                    

CHKDSK is verifying Usn Journal...
  33746264 USN bytes processed.                                     

Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

 299373563 KB total disk space.
  98748676 KB in 229321 files.
    118608 KB in 35655 indexes.
         0 KB in bad sectors.
    391327 KB in use by the system.
     65536 KB occupied by the log file.
 200114952 KB available on disk.

      4096 bytes in each allocation unit.
  74843390 total allocation units on disk.
  50028738 allocation units available on disk.

Internal Info:
c0 1b 04 00 1e 0b 04 00 88 d2 06 00 00 00 00 00  ................
52 19 00 00 6b 00 00 00 00 00 00 00 00 00 00 00  R...k...........
f0 1e 05 00 48 01 05 00 02 00 00 02 28 87 06 00  ....H.......(...

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2011-05-20T01:27:34.000Z" />
    <EventRecordID>27428</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>smith_jones</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         
The allocated length 0xf8 is not in multiple of 0x10 for attribute
of type 0x80 and instance tag 0x0.
Deleting corrupt attribute record (128, "")
from file record segment 91733.
Deleted corrupt attribute list entry
with type code 128 in file 1141.
Unable to locate attribute of type 0x80, lowest vcn 0x0,
instance tag 0x0 in file 0x16655.
Attribute record of type 0x80 and instance tag 0x1 is cross linked
starting at 0x3693f40 for possibly 0x3 clusters.
Attribute record of type 0x80 and instance tag 0x1 is cross linked
starting at 0x3693f40 for possibly 0x3 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x1
in file 0x14537 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 83255.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x1c6a5d for possibly 0x1 clusters.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0x1c6a5d for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x146d7 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 83671.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0xb78e for possibly 0x4 clusters.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0xb78e for possibly 0x4 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x28219 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 164377.
  269248 file records processed.                                  

  950 large file records processed.                            

  0 bad file records processed.                              

  0 EA records processed.                                    

  107 reparse records processed.                               

Index entry cleanup.ini of index $I30 in file 0x9621 points to unused file 0x16655.
Deleting index entry cleanup.ini in index $I30 of file 38433.
  340550 index entries processed.                                 

CHKDSK is recovering lost files.
  2 unindexed files processed.                               

  269248 security descriptors processed.                          

Cleaning up 6219 unused index entries from index $SII of file 0x9.
Cleaning up 6219 unused index entries from index $SDH of file 0x9.
Cleaning up 6219 unused security descriptors.
Inserting data attribute into file 1141.
Inserting data attribute into file 83255.
Inserting data attribute into file 83671.
Inserting data attribute into file 164377.
  35656 data files processed.                                    

CHKDSK is verifying Usn Journal...
  33746264 USN bytes processed.                                     

Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

 299373563 KB total disk space.
  98748676 KB in 229321 files.
    118608 KB in 35655 indexes.
         0 KB in bad sectors.
    391327 KB in use by the system.
     65536 KB occupied by the log file.
 200114952 KB available on disk.

      4096 bytes in each allocation unit.
  74843390 total allocation units on disk.
  50028738 allocation units available on disk.

Internal Info:
c0 1b 04 00 1e 0b 04 00 88 d2 06 00 00 00 00 00  ................
52 19 00 00 6b 00 00 00 00 00 00 00 00 00 00 00  R...k...........
f0 1e 05 00 48 01 05 00 02 00 00 02 28 87 06 00  ....H.......(...

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>
______

Log Name:      Application
Source:        SecurityCenter
Date:          5/19/2011 9:30:04 PM
Event ID:      11
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      smith_jones
Description:
Program C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe with instanceID={86355677-4064-3EA7-ABB3-1B136EB04637} was removed from the Security Center reporting database because the program was either uninstalled, changed, or could not be verified.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="SecurityCenter" />
    <EventID Qualifiers="16384">11</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2011-05-20T01:30:04.000Z" />
    <EventRecordID>27449</EventRecordID>
    <Channel>Application</Channel>
    <Computer>smith_jones</Computer>
    <Security />
  </System>
  <EventData>
    <Data>C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe</Data>
    <Data>{86355677-4064-3EA7-ABB3-1B136EB04637}</Data>
  </EventData>
</Event>
____

I folowed the intructions in PhilliePhan's July 16, 2008 post.  Nothing came up bad, and here is the text of GmerOne.log:

GMER 1.0.15.15641 - [url]http://www.gmer.net[/url]
Rootkit quick scan 2011-08-17 20:55:48
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.11.0
Running: j9bv6l3f.exe; Driver: C:\Users\smitj\AppData\Local\Temp\pgddruog.sys


---- System - GMER 1.0.15 ----

Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwMapViewOfSection [0x8C449D48]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwTerminateProcess [0x8C449D72]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwUnmapViewOfSection [0x8C449D5E]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwYieldExecution [0x8C449D34]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  NtMapViewOfSection

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                    fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                    mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Tcp                                                     tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice  \Driver\tdx \Device\Udp                                                     mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
__________

This was the only time I had a problem running any of the cleans or scans -- I wasn't sure if I needed to run the gmerTwo log process, so I did.  The first time I ran it my pc rebooted (I had walked away and did not see the process).  The second time, the app crashed.  I can include the sysdata.xml from the minidump (but not the minidump file itself, I assume), but won't clog up  the works with that unless someone asks for it.

Here is DDS.txt:
.
DDS (Ver_2011-06-23.01) - NTFSx86 
Internet Explorer: 7.0.6002.18005
Run by smitj at 8:27:59 on 2011-08-18
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3581.1572 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Conversions Plus\FORMATM.EXE
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Windows\System32\rpcnet.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Dell WUSB\WQ_Tray2.exe
C:\Windows\system32\mobsync.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\ProgramData\Rpcnet\Bin\rpcld.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080516
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080516
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://start.earthlink.net/AL/Search
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110817084419.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll
uRun: [StartUp This] "c:\program files\laplink\pcmover\LaunchSt.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10u_ActiveX.exe -update activex
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>] 
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Absolute Notifier] "c:\program files\absolute software\absolute notifier\AbsoluteNotifier.exe"
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\amazon~1.lnk - c:\program files\amazon\amazon unbox video\ADVWindowsClientSystemTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ultraw~1.lnk - c:\program files\dell\dell wusb\WQ_Tray2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\windows\system32\wpclsp.dll
LSP: bmnet.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} - hxxps://sslvpn.kelleydrye.com/CACHE/webvpn/stc/1/binaries/stcweb.cab
DPF: {31564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmvax.cab
DPF: {32564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8ax.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} - hxxps://lojackforlaptops.absolute.com/ctmweb/testoc.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37875.7752083333
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_3_1_02-win.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} - hxxp://windowsupdate.microsoft.com/R836/V31Controls/x86/nt5/en/actsetup.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mman.webex.com/client/wbs27-vzbprodcn/webex/ieatgpc1.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{207B1CE3-8D30-47F8-9B9D-81914E6014A4} : DhcpNameServer = 163.244.112.71 10.101.101.100 163.244.101.69 163.244.100.254
TCP: Interfaces\{E1BA82D3-1FAC-486D-AAEC-05B4E69F4E7B} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\SmartDownload - {D3B7D8E1-92DB-11d2-8551-0060083CFB9C} - c:\windows\system32\sdph20.dll
Name-Space Handler: http\SmartDownload - {D3B7D8E1-92DB-11d2-8551-0060083CFB9C} - c:\windows\system32\sdph20.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-8-17 64648]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-8-17 163400]
R2 AbsoluteNotifier;Absolute Notifier;c:\program files\absolute software\absolute notifier\AbsoluteNotifierService.exe [2010-10-8 10408]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-5-15 73728]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-30 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-17 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-17 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-17 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-17 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-8-17 165000]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-8-17 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-8-17 148520]
R2 rpcld;Remote Procedure Call (RPC) LD;c:\programdata\rpcnet\bin\rpcld.exe --> c:\programdata\rpcnet\bin\rpcld.exe [?]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-1-3 1373480]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-8-17 57432]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-8-17 179248]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-8-17 59288]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-8-17 337912]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-8-17 85984]
R3 WQ_USBHWA;WiQuest Host Wire Adapter driver;c:\windows\system32\drivers\WQ_hwa.sys [2008-5-16 157752]
R3 WQ_USBRCI;WiQuest UltraWideBand driver;c:\windows\system32\drivers\WQ_rci.sys [2008-5-16 75448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c98befa9d1e937;Google Update Service (gupdate1c98befa9d1e937);c:\program files\google\update\GoogleUpdate.exe [2009-2-10 133104]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2009-3-29 317440]
S3 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2009-9-25 124160]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-5-15 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-10 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 nhksrv;Netropa NHK Server;c:\program files\netropa\multimedia keyboard\nhksrv.exe [2001-4-11 28672]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
S3 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
S3 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WQ_USBCBAF;WiQuest Cable Association driver;c:\windows\system32\drivers\WQ_cba.sys [2008-5-16 33976]
S3 WQ_USBDWA;WiQuest Device Wire Adapter driver;c:\windows\system32\drivers\WQ_dwa.sys [2008-5-16 94008]
S3 WQ_USBLOAD;WiQuest WUSB Loader driver;c:\windows\system32\drivers\WQ_ldr.sys [2008-5-16 33464]
.
=============== Created Last 30 ================
.
2011-08-18 02:09:57 --------    d-----w-    c:\users\smitj\appdata\roaming\Malwarebytes
2011-08-18 02:09:36 41272   ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-18 02:09:35 --------    d-----w-    c:\programdata\Malwarebytes
2011-08-18 02:09:31 22712   ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-08-18 02:09:29 --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2011-08-17 15:42:35 --------    d-----w-    c:\users\smitj\appdata\roaming\Absolute Software
2011-08-17 15:42:12 --------    d-----w-    c:\users\smitj\appdata\local\SupportSoft
2011-08-17 14:55:56 --------    d-----w-    c:\users\smitj\appdata\local\Adobe
2011-08-17 14:50:27 --------    d-----w-    c:\users\smitj\appdata\roaming\Bytemobile
2011-08-17 12:44:19 9344    ----a-w-    c:\windows\system32\drivers\mfeclnk.sys
2011-08-17 12:44:12 85984   ----a-w-    c:\windows\system32\drivers\mferkdet.sys
2011-08-17 12:44:12 64648   ----a-w-    c:\windows\system32\drivers\mfenlfk.sys
2011-08-17 12:44:12 59288   ----a-w-    c:\windows\system32\drivers\mfebopk.sys
2011-08-17 12:44:12 57432   ----a-w-    c:\windows\system32\drivers\cfwids.sys
2011-08-17 12:44:12 337912  ----a-w-    c:\windows\system32\drivers\mfefirek.sys
2011-08-17 12:44:12 179248  ----a-w-    c:\windows\system32\drivers\mfeavfk.sys
2011-08-17 12:44:12 163400  ----a-w-    c:\windows\system32\drivers\mfewfpk.sys
2011-08-17 12:43:54 --------    d-----w-    c:\program files\McAfee.com
2011-08-17 12:29:05 148520  ----a-w-    c:\windows\system32\mfevtps.exe
2011-08-17 12:24:26 --------    d-----w-    c:\users\smitj\appdata\roaming\McAfee
2011-08-17 12:08:55 7152464 ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{84a4e13a-a2f2-40ff-a8fc-891723a5b9bc}\mpengine.dll
2011-08-14 03:03:21 --------    d--h--w-    c:\programdata\Rpcnet
2011-08-14 02:59:57 214016  ----a-w-    c:\windows\system32\drivers\mrxsmb10.sys
2011-08-14 02:59:37 3602832 ----a-w-    c:\windows\system32\ntkrnlpa.exe
2011-08-14 02:59:37 3550096 ----a-w-    c:\windows\system32\ntoskrnl.exe
2011-08-14 02:58:17 905104  ----a-w-    c:\windows\system32\drivers\tcpip.sys
2011-07-29 21:10:05 404640  ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-29 21:10:03 --------    d-----w-    c:\programdata\McAfee Security Scan
2011-07-29 21:10:02 --------    d-----w-    c:\program files\McAfee Security Scan
.
==================== Find3M  ====================
.
2011-08-18 01:30:55 17408   ----a-w-    c:\windows\system32\rpcnetp.exe
2011-08-18 01:30:53 58288   ----a-w-    c:\windows\system32\rpcnet.dll
2011-08-14 15:14:21 17408   ----a-w-    c:\windows\system32\rpcnetp.dll
2011-07-22 13:54:40 1383424 ----a-w-    c:\windows\system32\mshtml.tlb
2011-07-06 00:57:55 58288   ------w-    c:\windows\system32\rpcnet.exe
2011-06-21 15:49:52 834048  ----a-w-    c:\windows\system32\wininet.dll
2011-06-21 14:13:51 389632  ----a-w-    c:\windows\system32\html.iec
2011-06-17 16:03:18 375808  ----a-w-    c:\windows\system32\winsrv.dll
2011-06-02 13:34:49 2043392 ----a-w-    c:\windows\system32\win32k.sys
2011-05-24 23:14:10 222080  ------w-    c:\windows\system32\MpSigStub.exe
.
============= FINISH:  8:28:53.71 ===============
_____

here is attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium 
Boot Device: \Device\HarddiskVolume3
Install Date: 5/15/2008 10:45:16 PM
System Uptime: 8/17/2011 9:30:00 PM (11 hours ago)
.
Motherboard: Dell Inc. |  | 0UK437
Processor: Intel(R) Core(TM)2 Duo CPU     T8300  @ 2.40GHz | Microprocessor | 2401/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 143.278 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 262.408 GiB free.
E: is FIXED (NTFS) - 10 GiB total, 4.353 GiB free.
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP306: 6/21/2011 8:21:43 PM - Windows Update
RP307: 6/24/2011 10:02:41 AM - Scheduled Checkpoint
RP308: 6/26/2011 6:49:45 PM - Windows Update
RP309: 6/28/2011 9:06:49 PM - Windows Update
RP310: 6/30/2011 11:41:17 PM - Scheduled Checkpoint
RP311: 7/2/2011 11:18:59 PM - Windows Update
RP312: 7/3/2011 7:01:31 PM - Scheduled Checkpoint
RP313: 7/5/2011 8:48:55 PM - Windows Update
RP314: 7/9/2011 6:12:51 PM - Scheduled Checkpoint
RP315: 7/10/2011 2:58:01 PM - Windows Update
RP316: 7/12/2011 10:02:46 PM - Windows Update
RP317: 7/15/2011 5:55:27 AM - Windows Update
RP318: 7/16/2011 10:49:07 PM - Scheduled Checkpoint
RP319: 7/17/2011 7:19:18 PM - Scheduled Checkpoint
RP320: 7/19/2011 10:52:31 PM - Windows Update
RP321: 7/26/2011 9:32:42 PM - Windows Update
RP322: 7/29/2011 10:45:36 PM - Windows Update
RP323: 8/4/2011 10:01:22 PM - Windows Update
RP324: 8/13/2011 10:54:20 PM - Windows Update
RP325: 8/14/2011 9:09:48 AM - Windows Update
RP326: 8/17/2011 6:56:18 AM - Windows Update
RP327: 8/17/2011 8:44:25 AM - Device Driver Package Install: McAfee, Inc. Network Service
RP328: 8/17/2011 11:04:33 AM - Windows Update
RP329: 8/18/2011 3:01:01 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
.
 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Absolute Notifier
Across Lite 2.0
Adobe Acrobat 7.0 Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
Advanced Audio FX Engine
Advanced Video FX Engine
Amazon Games & Software Downloader
Amazon Unbox Video
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Big Kahuna Reef
BlackBerry USB and Modem Drivers 5.0.1
Blu Dot Clock
Bonjour
Broadcom Management Programs
Browser Address Error Redirector
BufferChm
C4700
CCScore
Chromatica
Cisco SSL VPN Client
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (Web)
Compatibility Pack for the 2007 Office system
CompreXX
Conexant HDA D330 MDC V.92 Modem
Consumer Complete Care Services Agreement
Conversions Plus 6.0
CuteFTP
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card
Dell WUSB
DellTouch
Destinations
DeviceDiscovery
Digital Line Detect
EarthLink MDAC
eBot
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToAssist 8.0.0.514
GPBaseService2
Hotfix for MDAC 2.53 (KB911562)
Hotfix for MDAC 2.53 (KB927779)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 13.0
HP Photo and Imaging 2.0 - Deskjet Series
HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
HP Print Projects 1.0
hp print screen utility
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Ink Monitor
Internet Explorer Q903235
Iomega Automatic Backup Pro
iPod for Windows 2005-03-23
iPod for Windows 2005-11-17
iPod for Windows 2006-06-28
iPod Updater 2004-08-06
iTunes
Java(TM) SE Runtime Environment 6
kgcbase
KODAK EASYSHARE Gallery Upload ActiveX Control
Kodak EasyShare software
Kodak Memory Albums
Laptop Integrated Webcam Driver (1.04.01.1011)  
Lernout & Hauspie TruVoice for Microsoft Agent
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Macromedia Extension Manager
Macromedia Flash 5
Malwarebytes' Anti-Malware version 1.51.1.1800
McAfee Security Scan Plus
McAfee SecurityCenter
McAfee Virtual Technician
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
Modem Diagnostic Tool
MSSoap
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
Musicnotes Software Suite 1.5.3
netbrdg
NetWaiting
Network
NVIDIA Drivers
OfotoXMI
OGA Notifier 2.0.0048.0
PCmover
Power MP3 WMA Converter 1.15
Product Documentation Launcher
PS_AIO_06_C4700_SW_Min
QualxServ Service Agreement
QuickSet
QuickTime
Recover My Files
Remote Control USB Driver
Remote Desktop Connection
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for DirectX 9 (KB941568)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows 2000 (KB904706)
Security Update for Windows 2000 (KB923689)
Security Update for Windows 2000 (KB941569)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 7.1 (KB911565)
Security Update for Windows Media Player 7.1 (KB917734)
Security Update for Windows Media Player 7.1 (KB936782)
SES Driver
SFR
SHASTA
Shop for HP Supplies
skin0001
SKINXSDK
Skype™ 4.0
SmartWebPrinting
SolutionCenter
Sprint SmartView
staticcr
Status
Suite Specific
Symantec KB-DocID:2003093015493306
Toolbox
tooltips
TrayApp
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wnyiper
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnyiper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wnyiper
TurboTax 2010 wrapper
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2586924)
Update Rollup 1 for Windows 2000 SP4
User's Guides
VPN Client
VPRINTOL
Wacom Tablet
WD SmartWare
WeaveMaker 8.4.1
WebFldrs
WebReg
Windows 2000 Hotfix - KB834707
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB867282
Windows 2000 Hotfix - KB883939
Windows 2000 Hotfix - KB889293
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB890923
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB894320
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB896424
Windows 2000 Hotfix - KB896688
Windows 2000 Hotfix - KB896727
Windows 2000 Hotfix - KB897715
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899588
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB902400
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB905915
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908523
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB911567
Windows 2000 Hotfix - KB912812
Windows 2000 Hotfix - KB912919
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB916281
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB917159
Windows 2000 Hotfix - KB917422
Windows 2000 Hotfix - KB917537
Windows 2000 Hotfix - KB917736
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix - KB918118
Windows 2000 Hotfix - KB918899
Windows 2000 Hotfix - KB920213
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB920958
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB921503
Windows 2000 Hotfix - KB921883
Windows 2000 Hotfix - KB922582
Windows 2000 Hotfix - KB922616
Windows 2000 Hotfix - KB922760
Windows 2000 Hotfix - KB923191
Windows 2000 Hotfix - KB923414
Windows 2000 Hotfix - KB923694
Windows 2000 Hotfix - KB923810
Windows 2000 Hotfix - KB923980
Windows 2000 Hotfix - KB924191
Windows 2000 Hotfix - KB924270
Windows 2000 Hotfix - KB924667
Windows 2000 Hotfix - KB925454
Windows 2000 Hotfix - KB925486
Windows 2000 Hotfix - KB925902
Windows 2000 Hotfix - KB926122
Windows 2000 Hotfix - KB926247
Windows 2000 Hotfix - KB926436
Windows 2000 Hotfix - KB927891
Windows 2000 Hotfix - KB928090
Windows 2000 Hotfix - KB928843
Windows 2000 Hotfix - KB929969
Windows 2000 Hotfix - KB930178
Windows 2000 Hotfix - KB931784
Windows 2000 Hotfix - KB931836
Windows 2000 Hotfix - KB932168
Windows 2000 Hotfix - KB933566
Windows 2000 Hotfix - KB933729
Windows 2000 Hotfix - KB935839
Windows 2000 Hotfix - KB935840
Windows 2000 Hotfix - KB936021
Windows 2000 Hotfix - KB937143
Windows 2000 Hotfix - KB937894
Windows 2000 Hotfix - KB938127
Windows 2000 Hotfix - KB938827
Windows 2000 Hotfix - KB938829
Windows 2000 Hotfix - KB941202
Windows 2000 Hotfix - KB941644
Windows 2000 Hotfix - KB942615
Windows 2000 Hotfix - KB943055
Windows 2000 Hotfix - KB943484
Windows 2000 Hotfix - KB943485
Windows 2000 Hotfix - KB944533
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Player 7.1
Windows Media Player Hotfix [See wm828026 for more information]
WinZip
WIRELESS
Yahoo! Music Jukebox
.
==== Event Viewer Messages From Past Week ========
.
8/17/2011 9:48:11 PM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.4 for the Network Card with network address 001F3AC4F331 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
8/17/2011 9:30:48 PM, Error: Microsoft-Windows-PrintSpooler [72]  - Windows could not initialize printer CAPTURE FAX BVRP because the print processor WfxPrint2000 could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.
8/17/2011 9:30:48 PM, Error: Microsoft-Windows-PrintSpooler [23]  - Printer hp deskjet 5600 series failed to initialize because a suitable hp deskjet 5600 series driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
8/17/2011 9:30:48 PM, Error: Microsoft-Windows-PrintSpooler [23]  - Printer Fax failed to initialize because a suitable Windows NT Fax Driver driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
8/17/2011 9:30:48 PM, Error: Microsoft-Windows-PrintSpooler [23]  - Printer CAPTURE FAX BVRP failed to initialize because a suitable CAPTURE FAX BVRP driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
8/17/2011 9:30:44 PM, Error: EventLog [6008]  - The previous system shutdown at 9:28:10 PM on 8/17/2011 was unexpected.
8/17/2011 8:43:52 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/17/2011 8:43:52 AM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/17/2011 8:43:52 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/17/2011 8:10:02 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
8/17/2011 8:10:02 AM, Error: Service Control Manager [7000]  - The Windows Modules Installer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/17/2011 8:10:02 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
8/17/2011 6:55:54 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  to the user smith_jones\beca_dav SID (S-1-5-21-4097348623-2736202210-2005269821-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/17/2011 10:04:57 PM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.2 for the Network Card with network address 001F3AC4F331 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
8/14/2011 8:41:45 AM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.5 for the Network Card with network address 001F3AC4F331 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
Here is the malwarebytes log:
 Malwarebytes' Anti-Malware 1.51.1.1800
[url]www.malwarebytes.org[/url]

Database version: 7494

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

8/18/2011 2:14:21 AM
mbam-log-2011-08-18 (02-14-20).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 482374
Time elapsed: 4 hour(s), 3 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
_____________

I don't want to jump the gun, but I am hoping that the layman's view of the above is correct, and that I miraculously don't have an infection on this pc.

Edited by mike_2000_17: Fixed formatting

2
Contributors
2
Replies
4
Views
5 Years
Discussion Span
Last Post by davenyc
0

I honestly don't see anything. It may very well be that you had "just enough" of McAfee remaining that kept you protected. Also looking at the logs, it appears to me that you are a pretty safe computer user. You don't appear to have any of the very risky P2P programs that much of the time bring in some real nasties. I had something similar happen to me way back when I used Norton AV years ago. I renewed and thought that was all that was necessary there was a major change between the program I had on the computer and the newly released program which necessitated the removal of the old and the download of the newest version. I would bet that is what happened to you.

For safety sake you might try just one more online scan.
Do the following:
Run the ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14

* You can use Internet Explorer to complete this scan and you will need to allow an Active X to be installed or you may use Firefox
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.

If it doesn't find anything then I would think you are "good to go" but let us know for sure. If ESET finds something please post back with the log.

Edited by jholland1964: n/a

0

Ran Eset and it came up clean. I guess I am good to go. Thanks for the quick review and response. You guys are really a lifesaver. I thought I was a goner and this has gone a long way to convincing me to breathe again. Thanks.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.