popup

Help and Discussion

Moderator: The Mod Squad

popup

Postby Mark H » Wed Apr 09, 2014 5:19 pm

Just an FYI


Was getting a "Pixel.cgi" popup from "securepaths.com" while browsing AOL.com on Firefox.

Google was not much help.

Ran MSE, CCleaner, Superantispyware, and Malwarebytes. Malwarebytes found this: C:\Program Files (x86)\RealArcade\Installer\bin\OCSetupHlp.dll (PUP.Optional.OpenCandy)

Not sure how they are related, but after removing, popup stopped.

I haven't used RealArcade, or Real-anything in 10 years, and NO AOL software installed on my PC.
I have a photographic memory, only problem is, I ran out of film.
Mark H
Black Belt 1st Degree
Black Belt 1st Degree
 
Posts: 1911
Joined: Fri Dec 29, 2000 1:01 am
Location: Reading the forums, where else?

Postby Karlsweldt » Thu Apr 10, 2014 6:53 am

"Real Audio" and "Real Arcade" were once considered a nuisance.. with tracking cookies, pop-ups and unwanted downloads.
Set your browser to block any pop-up ads. If they get through, don't click on that "close" box [X].. it may be a trick link to accept! Best to go to the Task Bar, and close the Web page. If still there, use the Task Manager to close the browser.
"Pixel.cgi" is not considered a secure feature. It may also want to download unwanted software.. due to tracking cookie returns!
"securepaths.com" is more geared toward business use or Web site evaluation.. not intended for the average computer user.
Uninstall any references to those programs from the Control Panel/Add-Remove Programming. If unable to, go to the program folder and look for an executable file possibly named "unwise.exe" which is the removal process. You may still have to manually delete some files.
Get Hijack This from http://hijackthis.en.softonic.com/download or http://www.filehippo.com/download_hijackthis/ and run it as an analyzer to see what is in your system. Post the results here, and you will be advised as to what might be unwanted software.
F@H.. to solve mankind's maladies.. in our lifetimes!
Karlsweldt
Mobo-fu Master
Mobo-fu Master
 
Posts: 20662
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438

Postby Mark H » Thu Apr 10, 2014 7:47 am

Hijack This log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:38:55 AM, on 4/10/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\WTClient.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - http://support.dell.com/systemprofiler/ ... emLite.CAB
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - http://support.dell.com/systemprofiler/ ... emLite.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/defaul ... der_v6.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files (x86)\iWin Games\iWinTrusted.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PGMTrusted - iWin Inc. - C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\Windows\System32\Drivers\WTSRV.EXE (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12476 bytes
I have a photographic memory, only problem is, I ran out of film.
Mark H
Black Belt 1st Degree
Black Belt 1st Degree
 
Posts: 1911
Joined: Fri Dec 29, 2000 1:01 am
Location: Reading the forums, where else?

Postby evasive » Sat Apr 12, 2014 1:25 am

O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O23 - Service: <anything that ends with> (file missing)


After CLEANING those, reboot and run hijackthis again. You look to have been hit by something serious with all those lsass.exe etc service entries. Did you ever remove a rootkit of some sort?
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
evasive
Mobo-fu Master
Mobo-fu Master
 
Posts: 37389
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands

Postby Karlsweldt » Sat Apr 12, 2014 10:03 am

To ensure a permanent removal of unwanted programs or other nasties, first turn off the 'restore' feature for Windows. Then do your work, then a restart or two, and check again. Then turn the 'restore' feature back on.
If not done this way, Windows might undo all your efforts!
F@H.. to solve mankind's maladies.. in our lifetimes!
Karlsweldt
Mobo-fu Master
Mobo-fu Master
 
Posts: 20662
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438

Postby Mark H » Sat Apr 12, 2014 10:52 am

Unable to remove "023 no file" entries. Tried in safe mode also. Still in safe mode, ran MSE, Malwarebytes, and Superantispyware. Only thing that showed up was 5 tracking cookies. Downloaded and ran the newest version of Ad-Aware, and it found nothing. (High rating from CNet)

Did some looking, and all the entries I checked are Windows files. I did not check them all. Would an SFC/ Scannow option be a good idea?
I have a photographic memory, only problem is, I ran out of film.
Mark H
Black Belt 1st Degree
Black Belt 1st Degree
 
Posts: 1911
Joined: Fri Dec 29, 2000 1:01 am
Location: Reading the forums, where else?

Postby Karlsweldt » Sun Apr 13, 2014 7:53 am

If unable to remove those 'no file' entries with Hijack This, it may require a Registry edit to delete the key line. But do a backup beforehand!
Search for the exact string info in the Registry. Delete only the secondary keys that point to its location.. not the entire key group! Likely there are several listings for that same string.
F@H.. to solve mankind's maladies.. in our lifetimes!
Karlsweldt
Mobo-fu Master
Mobo-fu Master
 
Posts: 20662
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438

Postby evasive » Sun Apr 13, 2014 9:50 pm

Would an SFC/ Scannow option be a good idea?


That might help indeed. I check again and see the files mentioned should be in that location in the first place.
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
evasive
Mobo-fu Master
Mobo-fu Master
 
Posts: 37389
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands

Postby Mark H » Mon Apr 14, 2014 9:22 am

Ran SFC and found a few files that cannot be repaired. Excerpts from log below. I have no idea how to fix these. I do have an OEM Windows 7 DVD I used on my desktop upgrade, if I can pull files from that. This file is from my Dell laptop.

POQ 48 ends.
2014-04-14 12:43:41, Info CSI 00000141 [SR] Verify complete
2014-04-14 12:43:41, Info CSI 00000142 [SR] Verifying 100 (0x0000000000000064) components
2014-04-14 12:43:41, Info CSI 00000143 [SR] Beginning Verify and Repair transaction
2014-04-14 12:43:42, Info CSI 00000144 Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-p..rtmonitor-tcpmonini_31bf3856ad364e35_6.1.7600.16385_none_2e6dc451c0fa9db5\tcpmon.ini do not match actual file [l:20{10}]"tcpmon.ini" :
Found: {l:32 b:as3OOcx5px0XiJa7f7s9BVvlW/FFlKR4NMU/T+UP/Kg=} Expected: {l:32 b:ENtKeUct91LKlHclgfWTvnCdCOHHwDe+SYrPzZTTezU=}
2014-04-14 12:43:42, Info CSI 00000145 [SR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-04-14 12:43:47, Info CSI 00000146 Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-p..rtmonitor-tcpmonini_31bf3856ad364e35_6.1.7600.16385_none_2e6dc451c0fa9db5\tcpmon.ini do not match actual file [l:20{10}]"tcpmon.ini" :
Found: {l:32 b:as3OOcx5px0XiJa7f7s9BVvlW/FFlKR4NMU/T+UP/Kg=} Expected: {l:32 b:ENtKeUct91LKlHclgfWTvnCdCOHHwDe+SYrPzZTTezU=}
2014-04-14 12:43:47, Info CSI 00000147 [SR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-04-14 12:43:47, Info CSI 00000148 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2014-04-14 12:43:47, Info CSI 00000149 Hashes for file member \??\C:\Windows\System32\tcpmon.ini do not match actual file [l:20{10}]"tcpmon.ini" :
Found: {l:32 b:as3OOcx5px0XiJa7f7s9BVvlW/FFlKR4NMU/T+UP/Kg=} Expected: {l:32 b:ENtKeUct91LKlHclgfWTvnCdCOHHwDe+SYrPzZTTezU=}
2014-04-14 12:43:47, Info CSI 0000014a Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-p..rtmonitor-tcpmonini_31bf3856ad364e35_6.1.7600.16385_none_2e6dc451c0fa9db5\tcpmon.ini do not match actual file [l:20{10}]"tcpmon.ini" :
Found: {l:32 b:as3OOcx5px0XiJa7f7s9BVvlW/FFlKR4NMU/T+UP/Kg=} Expected: {l:32 b:ENtKeUct91LKlHclgfWTvnCdCOHHwDe+SYrPzZTTezU=}
2014-04-14 12:43:47, Info CSI 0000014b [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"tcpmon.ini"; source file in store is also corrupted
2014-04-14 12:43:47, Info CSI 0000014c Repair results created:

POQ 130 ends.
2014-04-14 12:53:41, Info CSI 00000310 [SR] Verify complete
2014-04-14 12:53:41, Info CSI 00000311 [SR] Repairing 1 components
2014-04-14 12:53:41, Info CSI 00000312 [SR] Beginning Verify and Repair transaction
2014-04-14 12:53:41, Info CSI 00000313 Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-p..rtmonitor-tcpmonini_31bf3856ad364e35_6.1.7600.16385_none_2e6dc451c0fa9db5\tcpmon.ini do not match actual file [l:20{10}]"tcpmon.ini" :
Found: {l:32 b:as3OOcx5px0XiJa7f7s9BVvlW/FFlKR4NMU/T+UP/Kg=} Expected: {l:32 b:ENtKeUct91LKlHclgfWTvnCdCOHHwDe+SYrPzZTTezU=}
2014-04-14 12:53:41, Info CSI 00000314 [SR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-04-14 12:53:41, Info CSI 00000315 Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-p..rtmonitor-tcpmonini_31bf3856ad364e35_6.1.7600.16385_none_2e6dc451c0fa9db5\tcpmon.ini do not match actual file [l:20{10}]"tcpmon.ini" :
Found: {l:32 b:as3OOcx5px0XiJa7f7s9BVvlW/FFlKR4NMU/T+UP/Kg=} Expected: {l:32 b:ENtKeUct91LKlHclgfWTvnCdCOHHwDe+SYrPzZTTezU=}
2014-04-14 12:53:41, Info CSI 00000316 [SR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-04-14 12:53:41, Info CSI 00000317 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2014-04-14 12:53:41, Info CSI 00000318 Hashes for file member \??\C:\Windows\System32\tcpmon.ini do not match actual file [l:20{10}]"tcpmon.ini" :
Found: {l:32 b:as3OOcx5px0XiJa7f7s9BVvlW/FFlKR4NMU/T+UP/Kg=} Expected: {l:32 b:ENtKeUct91LKlHclgfWTvnCdCOHHwDe+SYrPzZTTezU=}
2014-04-14 12:53:41, Info CSI 00000319 Hashes for file member \SystemRoot\WinSxS\amd64_microsoft-windows-p..rtmonitor-tcpmonini_31bf3856ad364e35_6.1.7600.16385_none_2e6dc451c0fa9db5\tcpmon.ini do not match actual file [l:20{10}]"tcpmon.ini" :
Found: {l:32 b:as3OOcx5px0XiJa7f7s9BVvlW/FFlKR4NMU/T+UP/Kg=} Expected: {l:32 b:ENtKeUct91LKlHclgfWTvnCdCOHHwDe+SYrPzZTTezU=}
2014-04-14 12:53:41, Info CSI 0000031a [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"tcpmon.ini"; source file in store is also corrupted
2014-04-14 12:53:41, Info CSI 0000031b Repair results created:
POQ 131 starts:
I have a photographic memory, only problem is, I ran out of film.
Mark H
Black Belt 1st Degree
Black Belt 1st Degree
 
Posts: 1911
Joined: Fri Dec 29, 2000 1:01 am
Location: Reading the forums, where else?

Postby evasive » Mon Apr 14, 2014 9:55 pm

Dell...
http://en.community.dell.com/support-fo ... 24212.aspx

messed up their windows 7 preload it seems.
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
evasive
Mobo-fu Master
Mobo-fu Master
 
Posts: 37389
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands

Next

Return to Virus/Spyware/Security

Who is online

Users browsing this forum: No registered users and 1 guest

cron