I'm thrilled to be back in the presence of greatness. I so appreciate the many volunteers who have assisted here and at AdAware and elsewhere. The help that I've received before from AdAware and HiJackThis and has saved my bacon more than once. So, thanks in advance and KUDOS to y'all. :Hammys pint:
I have Win7Pro, SP1. It was a fresh install in January 2011, completely updated at that time. MS Office 2003 was loaded next, again with all updates. Then AVG was added. That was upgraded to AVG2012 earlier this month.
When the 2/14 update was made available, it did not completely finalize the update. On 2/15 and 2/16, the updater asked if I wanted to restart. I did restart each time and both times it did not complete the update. On 2/17, the updater did not ask, it just restarted the machine. Since that time, I've not been able to run ANYTHING in normal windows mode. I am currently able to run only in Safe Mode w/networking. Everything in normal mode freezes before loading or in mid-action.
I did not in any way edit the various txt files and think that I've provided all requested info.
After all of this is over, I am seriously considering ditching AVG as my anti-virus and going back to Symantec/Norton AV. I'd love to hear your thoughts. (should that be a separate topic?? :confused: )
CHECKUP:
Results of screen317's Security Check version 0.99.31
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG 2012
AVG PC Tuneup 2011
MuseScore 1.1 MuseScore score typesetter
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware
AVG PC Tuneup 2011
Java(TM) 6 Update 20
Java(TM) 6 Update 29
Java version out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.2)
Mozilla Firefox (Firefox,.. Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
LOG.TXT
Logfile of random's system information tool 1.09 (written by random/random)
Run by Deanszf at 2012-02-19 21:36:34
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 251 GB (82%) free of 305 GB
Total RAM: 3546 MB (77% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:37:11 PM, on 2/19/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Deanszf\Downloads\RSIT.exe
C:\Program Files\trend micro\Deanszf.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files\Common Files\Nuance\dgnsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
--
End of file - 5817 bytes
=========Mozilla firefox=========
ProfilePath - C:\Users\Deanszf\AppData\Roaming\Mozilla\Firefox\Profiles\1pq0i6wu.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://zionfire.com/"
prefs.js - "extensions.enabledItems" - "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10, {578e7caa-210f-4967-a0d3-88fe5b59a39f}:0.8.5, {C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}:0.6.0.10, {1C7CCF7A-ECB8-4CE5-B5D1-A4FA477A7242}:0.3.6, {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.5, {5546F97E-11A5-46b0-9082-32AD74AAA920}:0.6.3, rehostimage@engy.us:1.5.3, {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4, {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704, {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.4.3, {89f8dde0-010a-11da-8cd6-0800200c9a66}:1.0.1, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, amznUWL2@amazon.com:1.7, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, savedpasswordeditor@daniel.dawson:2.2.5, {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1829, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.23"
prefs.js - "keyword.URL" - "http://search.avg.com/?d=4dc3949e&i=23&tp=ab&nt=1&q="
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG2012\Firefox4\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer]
"Description"=Musicnotes Viewer Plugin
"Path"=C:\Program Files\Musicnotes\npmusicn.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Sibelius.com/Scorch Plugin]
"Description"=Sibelius Scorch Plugin
"Path"=C:\Program Files\Musicnotes\npsibelius.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
NPOFFICE.DLL
nppdf32.DEU
nppdf32.dll
nppdf32.FRA
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
avg_igeared.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml
C:\Users\Deanszf\AppData\Roaming\Mozilla\Firefox\Profiles\1pq0i6wu.default\extensions\
{1C7CCF7A-ECB8-4CE5-B5D1-A4FA477A7242}
{3EC9C995-8072-4fc0-953E-4F30620D17F3}
{5546F97E-11A5-46b0-9082-32AD74AAA920}
{578e7caa-210f-4967-a0d3-88fe5b59a39f}
{89f8dde0-010a-11da-8cd6-0800200c9a66}
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
{ada4b710-8346-4b82-8199-5de2b400a6ae}
{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}
{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2011-11-11 1378144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2012-01-24 2416480]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2010-04-05 288040]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 137752]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 171032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 172568]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2011-10-24 421888]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"DNS7reminder"=C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe [2010-10-27 328992]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2011-06-05 222496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-02-11 228864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"msacm.trspch"=tssoft32.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"msacm.pspgru"=pspgru.acm
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-02-19 21:36:34 ----D---- C:\rsit
2012-02-19 21:36:34 ----D---- C:\Program Files\trend micro
2012-02-17 22:14:52 ----N---- C:\bootsqm.dat
2012-02-17 09:52:03 ----A---- C:\Windows\system32\mshtmled.dll
2012-02-17 09:52:02 ----A---- C:\Windows\system32\jscript.dll
2012-02-17 09:52:02 ----A---- C:\Windows\system32\iertutil.dll
2012-02-17 09:52:01 ----A---- C:\Windows\system32\jsproxy.dll
2012-02-17 09:52:01 ----A---- C:\Windows\system32\jscript9.dll
2012-02-17 09:52:00 ----A---- C:\Windows\system32\wininet.dll
2012-02-17 09:52:00 ----A---- C:\Windows\system32\url.dll
2012-02-17 09:52:00 ----A---- C:\Windows\system32\ieui.dll
2012-02-17 09:51:58 ----A---- C:\Windows\system32\mshtml.dll
2012-02-17 09:51:57 ----A---- C:\Windows\system32\urlmon.dll
2012-02-17 09:51:57 ----A---- C:\Windows\system32\ieframe.dll
2012-02-16 00:49:42 ----D---- C:\Program Files\ReflexiveArcade
2012-02-15 11:11:23 ----A---- C:\Windows\ntbtlog.txt
2012-02-14 21:50:02 ----A---- C:\Windows\system32\msvcrt.dll
2012-02-14 21:50:00 ----A---- C:\Windows\system32\shell32.dll
2012-02-14 21:50:00 ----A---- C:\Windows\system32\ntshrui.dll
2012-02-14 21:49:59 ----A---- C:\Windows\system32\win32k.sys
2012-02-05 07:23:49 ----D---- C:\Program Files\MSXML 4.0
2012-02-04 23:20:49 ----A---- C:\Users\Deanszf\AppData\Roaming\SAS7_000.DAT
2012-02-04 23:01:30 ----D---- C:\Users\Deanszf\AppData\Roaming\Nuance
2012-02-04 13:06:06 ----D---- C:\Users\Deanszf\AppData\Roaming\FLEXnet
2012-02-04 13:04:24 ----D---- C:\Program Files\Common Files\IVA
2012-02-04 13:04:02 ----D---- C:\Program Files\Common Files\Nuance
2012-02-04 12:59:36 ----D---- C:\ProgramData\Nuance
2012-02-04 12:59:36 ----D---- C:\Program Files\Nuance
2012-01-26 22:21:01 ----D---- C:\ProgramData\FLEXnet
2012-01-26 22:20:25 ----D---- C:\Program Files\Common Files\Macrovision Shared
2012-01-26 22:20:07 ----RA---- C:\Windows\system32\AdobePDFUI.dll
======List of files/folders modified in the last 1 month======
2012-02-19 21:37:07 ----D---- C:\Windows\Temp
2012-02-19 21:36:34 ----RD---- C:\Program Files
2012-02-19 14:49:09 ----D---- C:\Windows\system32\config
2012-02-19 14:49:01 ----D---- C:\Windows\system32\drivers\AVG
2012-02-18 00:11:20 ----D---- C:\Windows\Microsoft.NET
2012-02-18 00:06:42 ----D---- C:\Windows\system32\catroot2
2012-02-18 00:06:26 ----D---- C:\Windows\Minidump
2012-02-18 00:06:21 ----D---- C:\Windows
2012-02-17 23:23:01 ----D---- C:\Windows\Prefetch
2012-02-17 23:16:21 ----D---- C:\Program Files\Mozilla Firefox
2012-02-17 21:49:57 ----RSD---- C:\Windows\assembly
2012-02-17 21:47:35 ----D---- C:\ProgramData\MFAData
2012-02-17 21:43:31 ----D---- C:\Windows\winsxs
2012-02-17 21:41:50 ----SHD---- C:\System Volume Information
2012-02-17 21:38:32 ----D---- C:\Windows\System32
2012-02-17 21:38:30 ----D---- C:\Windows\system32\migration
2012-02-17 21:38:28 ----D---- C:\Program Files\Internet Explorer
2012-02-16 10:27:27 ----SHD---- C:\Windows\Installer
2012-02-16 10:26:35 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-15 10:35:01 ----D---- C:\BB
2012-02-15 10:26:38 ----A---- C:\Windows\system32\MRT.exe
2012-02-15 10:23:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-02-15 10:23:09 ----D---- C:\Windows\inf
2012-02-15 10:21:35 ----D---- C:\Windows\system32\catroot
2012-02-15 10:20:52 ----A---- C:\Windows\win.ini
2012-02-11 00:55:12 ----AD---- C:\ProgramData\TEMP
2012-02-04 13:05:57 ----D---- C:\Windows\Speech
2012-02-04 13:04:24 ----D---- C:\Program Files\Common Files
2012-02-04 12:59:36 ----HD---- C:\ProgramData
2012-01-29 05:10:42 ----N---- C:\Windows\system32\MpSigStub.exe
2012-01-27 10:38:35 ----D---- C:\Users\Deanszf\AppData\Roaming\Adobe
2012-01-26 22:20:26 ----D---- C:\ProgramData\Adobe
2012-01-26 22:20:26 ----D---- C:\Program Files\Common Files\Adobe
2012-01-26 22:20:17 ----D---- C:\Windows\system32\DriverStore
2012-01-26 22:18:15 ----RSD---- C:\Windows\Fonts
2012-01-26 22:17:11 ----D---- C:\Program Files\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-06-15 461080]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 48128]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows x86; C:\Windows\system32\DRIVERS\Apfiltr.sys [2010-04-15 252536]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-07 2506232]
R3 vpcbus;Virtual PC Host Bus Service; C:\Windows\system32\DRIVERS\vpchbus.sys [2010-11-20 172416]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2010-11-20 296064]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-13 53312]
S3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2011-02-11 9036800]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-13 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-13 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 vpcusb;USB Virtualization Connector Service; C:\Windows\system32\DRIVERS\vpcusb.sys [2010-11-20 78336]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S2 DragonSvc;Dragon Service; C:\Program Files\Common Files\Nuance\dgnsvc.exe [2011-06-05 296808]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-01-26 651720]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-27 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-12-27 1343400]
-----------------EOF-----------------
INFO.TXT
info.txt logfile of random's system information tool 1.09 2012-02-19 21:37:13
======Uninstall list======
Adobe Acrobat 9 Standard - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-BA7E-000000000004}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe -maintain plugin
Adobe Reader X (10.1.2)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
Adobe Shockwave Player 11.6-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Amazon MP3 Downloader 1.0.12-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AmpliTube X-GEAR-->C:\Program Files\InstallShield Installation Information\{21E77392-C30A-4AA2-8CA7-5728316939D6}\setup.exe
-runfromtemp -l0x0009 uninstall -removeonly
Apple Application Support-->MsiExec.exe /I{A83279FD-CA4B-4206-9535-90974DE76654}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
AVG 2012-->"C:\Program Files\AVG\AVG2012\avgmfapx.exe" /AppMode=SETUP /Uninstall
AVG 2012-->MsiExec.exe /I{083E0D59-B6B4-4570-AA0A-37F5B4526CF5}
AVG 2012-->MsiExec.exe /I{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}
AVG PC Tuneup 2011-->"C:\Program Files\AVG\AVG PC Tuneup 2011\unins000.exe"
Band-in-a-Box Server-->"C:\bb\BBHelper\unins000.exe"
Calorie Balance Tracker 4.0.8-->C:\Program Files\Calorie Balance Tracker\uninst.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CoyoteWT 1.1-->"C:\Program Files\Coyote\CoyoteWT\unins000.exe"
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dragon NaturallySpeaking 11-->MsiExec.exe /I{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}
Intel(R) Rapid Storage Technology-->C:\Program Files\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020F0}
Java(TM) 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216023FF}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
/repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-
E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Mozilla Firefox 10.0.2 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MuseScore 1.1 MuseScore score typesetter-->C:\Program Files\MuseScore\Uninstall.exe
Musicnotes Software Suite 1.5.5-->"C:\Program Files\Musicnotes\unins000.exe"
openlp.org 1.2.8-->"C:\Program Files\openlp.org\unins000.exe"
OpenOffice.org 3.2-->MsiExec.exe /I{5A13987D-55F4-4271-A40E-76AC9B1B38FD}
PDF-Viewer-->"C:\Program Files\Tracker Software\PDF Viewer\unins000.exe"
PG Music DirectX Plugins 2.0.0.0-->"C:\Program Files\PowerTracks DirectX Plugins\unins000.exe"
QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}
RealTracks Shots and Holds 1-->"C:\bb\uninstall\unins006.exe"
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework
\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework
\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework
\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework
\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework
\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework
\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework
\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client
Sibelius Scorch (Firefox, Opera, Netscape only)-->MsiExec.exe /I{10ABE49D-343A-463E-9753-C4C5A05ECEF9}
SmartFTP Client 4.0 Setup Files (remove only)-->C:\Program Files\SmartFTP Client 4.0 Setup Files\uninst-sftp.exe
SmartFTP Client-->MsiExec.exe /X{A78DC0F4-E093-4715-9843-06053F43A8C3}
SONAR X1 Essential-->"C:\Program Files\Cakewalk\SONAR X1 Essential\unins000.exe"
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
TSP_CODEC-->C:\Program Files\Bytescribe\TSP_CODEC\Uninst.exe /pid:{A90C03D6-08E1-4C59-B93B-6919A6C0AC19} /asd
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache
\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache
\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking-->MsiExec.exe /I{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}
Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows XP Mode-->MsiExec.exe /X{1374CC63-B520-4f3f-98E8-E9020BF01CFF}
======System event log======
Computer Name: DeanZF-PC
Event Code: 11
Message: The driver detected a controller error on \Device\Ide\IdePort0.
Record Number: 96308
Source Name: atapi
Time Written: 20110809151906.089182-000
Event Type: Error
User:
Computer Name: DeanZF-PC
Event Code: 11
Message: The driver detected a controller error on \Device\Ide\IdePort0.
Record Number: 96307
Source Name: atapi
Time Written: 20110809151906.089182-000
Event Type: Error
User:
Computer Name: DeanZF-PC
Event Code: 11
Message: The driver detected a controller error on \Device\Ide\IdePort0.
Record Number: 96306
Source Name: atapi
Time Written: 20110809151906.089182-000
Event Type: Error
User:
Computer Name: DeanZF-PC
Event Code: 11
Message: The driver detected a controller error on \Device\Ide\IdePort0.
Record Number: 96305
Source Name: atapi
Time Written: 20110809151906.089182-000
Event Type: Error
User:
Computer Name: DeanZF-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
discache
Record Number: 96296
Source Name: Service Control Manager
Time Written: 20110809151853.999161-000
Event Type: Error
User:
=====Application event log=====
Computer Name: Deanszf-PC
Event Code: 11935
Message: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 -- Error 1935.An error occurred during the
installation of assembly
'Microsoft.VC90.ATL,version="9.0.30729.4148",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'.
Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem,
function: Commit, component: {A75F2217-AD54-3EA6-AE14-F255F8660531}
Record Number: 227
Source Name: MsiInstaller
Time Written: 20101227163108.000000-000
Event Type: Error
User: DEANZF-PC\Deanszf
Computer Name: Deanszf-PC
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0
Record Number: 222
Source Name: MsiInstaller
Time Written: 20101227163052.000000-000
Event Type: Warning
User: DEANZF-PC\Deanszf
Computer Name: Deanszf-PC
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0
Record Number: 217
Source Name: MsiInstaller
Time Written: 20101227162550.000000-000
Event Type: Warning
User: DEANZF-PC\Deanszf
Computer Name: Deanszf-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded
now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-562926445-1954571338-4195596783-1000:
Process 420 (\Device
\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-562926445-1954571338-4195596783-1000
Record Number: 197
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20101227161849.033673-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Deanszf-PC
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.
Record Number: 121
Source Name: Microsoft-Windows-Search
Time Written: 20101228041450.000000-000
Event Type: Warning
User:
=====Security event log=====
Computer Name: DeanZF-PC
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 13502
Source Name: Microsoft-Windows-Eventlog
Time Written: 20110424122354.959443-000
Event Type: Audit Success
User:
Computer Name: DeanZF-PC
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 13501
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110424122347.892630-000
Event Type: Audit Success
User:
Computer Name: DeanZF-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: DEANZF-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 5
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x274
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such
as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be
left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 13500
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110424122347.892630-000
Event Type: Audit Success
User:
Computer Name: DeanZF-PC
Event Code: 4647
Message: User initiated logoff:
Subject:
Security ID: S-1-5-21-562926445-1954571338-4195596783-1000
Account Name: Deanszf
Account Domain: DEANZF-PC
Logon ID: 0x14d71
This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be
interpreted as a logoff event.
Record Number: 13499
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110424122347.128229-000
Event Type: Audit Success
User:
Computer Name: DeanZF-PC
Event Code: 5061
Message: Cryptographic operation.
Subject:
Security ID: S-1-5-18
Account Name: DEANZF-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: RSA
Key Name: {61D33043-3C50-44BA-B0C9-2E41916C11D9}
Key Type: Machine key.
Cryptographic Operation:
Operation: Open Key.
Return Code: 0x0
Record Number: 13498
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110424120919.794847-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%
\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Windows Live\Shared;C:\Program Files
\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK
-----------------EOF-----------------
DDS.TXT
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Deanszf at 21:48:20 on 2012-02-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3546.2648 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Deanszf\Desktop\SecurityCheck.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\notepad.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex
\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared
\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe
\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex
\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex
\AcroIEFavClient.dll
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\programdata\nuance
\naturallyspeaking11\Ereg.ini"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex
\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex
\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:
\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{88B0FCA9-AB75-498D-9147-A9C119EBAEE3} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61
209.18.47.62
TCP: Interfaces\{88B0FCA9-AB75-498D-9147-A9C119EBAEE3}\137373630425164696F6 : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{88B0FCA9-AB75-498D-9147-A9C119EBAEE3}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{88B0FCA9-AB75-498D-9147-A9C119EBAEE3}\A55627F677962756 : DhcpNameServer = 208.67.222.222 208.67.220.220
4.2.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\deanszf\appdata\roaming\mozilla\firefox\profiles\1pq0i6wu.default\
FF - prefs.js: browser.startup.homepage - hxxp://zionfire.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dc3949e&i=23&tp=ab&nt=1&q=
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\users\deanszf\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28
315392]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework
\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2011-6-5 296808]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-27 1343400]
.
=============== Created Last 30 ================
.
2012-02-20 03:36:34 -------- d-----w- c:\program files\trend micro
2012-02-19 21:15:19 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2fff8926-c54e-
46f0-aca8-9cc638100564}\offreg.dll
2012-02-19 21:09:53 6273872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup
\mpengine.dll
2012-02-19 21:09:50 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2fff8926-c54e-
46f0-aca8-9cc638100564}\mpengine.dll
2012-02-19 02:40:34 -------- d-----w- c:\users\deanszf\appdata\local\{9A008C79-8297-40D2-9BBE-35CB52C62ACF}
2012-02-19 02:40:24 -------- d-----w- c:\users\deanszf\appdata\local\{0BAC75BA-AFB3-419B-B69C-D65AA572F2C6}
2012-02-17 16:32:50 -------- d-----w- c:\users\deanszf\appdata\local\{2DAA52A8-3BF7-4FA2-A37B-673C060DCF0A}
2012-02-17 16:32:40 -------- d-----w- c:\users\deanszf\appdata\local\{91320E5E-ED1A-4686-8A1A-A8A75C585027}
2012-02-17 15:52:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-17 15:52:02 141112 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-02-17 15:52:01 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2012-02-17 15:52:01 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-17 15:52:00 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-17 15:51:59 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2012-02-17 15:51:57 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-17 04:32:28 -------- d-----w- c:\users\deanszf\appdata\local\{4FE8F7BE-E7C8-418A-9528-B642EDF5CA4A}
2012-02-17 04:32:17 -------- d-----w- c:\users\deanszf\appdata\local\{5688EF1B-39FF-4E31-981D-6D5655C9572F}
2012-02-16 16:31:52 -------- d-----w- c:\users\deanszf\appdata\local\{C0B608E7-6E68-4D2B-9EC9-FDFFB8BE625C}
2012-02-16 16:31:41 -------- d-----w- c:\users\deanszf\appdata\local\{E080D129-29D5-4906-9768-074A8517572D}
2012-02-16 06:49:42 -------- d-----w- c:\program files\ReflexiveArcade
2012-02-16 04:31:29 -------- d-----w- c:\users\deanszf\appdata\local\{C9ABE47B-344B-4939-925C-80E2AE53E0FE}
2012-02-16 04:31:19 -------- d-----w- c:\users\deanszf\appdata\local\{6DED878D-6B94-455B-B10F-314AB9D9FC84}
2012-02-15 16:30:54 -------- d-----w- c:\users\deanszf\appdata\local\{226B2AE3-EAB8-4F69-AAEB-7F13E0738529}
2012-02-15 16:29:19 -------- d-----w- c:\users\deanszf\appdata\local\{716398BB-9B42-4FE4-A3EE-7FD957E5A25F}
2012-02-15 04:28:20 -------- d-----w- c:\users\deanszf\appdata\local\{03DBED07-5C1E-4249-80D8-108A0CE157F4}
2012-02-15 04:28:09 -------- d-----w- c:\users\deanszf\appdata\local\{7105EA50-A77D-42DE-AF15-BA6E88FA4E90}
2012-02-15 03:50:09 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 03:50:02 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 03:50:00 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 03:49:59 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 16:27:58 -------- d-----w- c:\users\deanszf\appdata\local\{11E6C629-11A4-4B71-9134-FECB131C6CCE}
2012-02-14 16:27:48 -------- d-----w- c:\users\deanszf\appdata\local\{82324B76-9B02-45DC-B4F1-758575C8AA39}
2012-02-14 04:09:00 -------- d-----w- c:\users\deanszf\appdata\local\{40ED77DC-5424-43A3-800A-C80781B2F3B1}
2012-02-14 04:08:49 -------- d-----w- c:\users\deanszf\appdata\local\{8B5486AD-B954-4980-875E-943BFF940A40}
2012-02-13 16:08:37 -------- d-----w- c:\users\deanszf\appdata\local\{7E749C52-CF4A-426C-83E2-666AEC98CBE2}
2012-02-13 16:08:27 -------- d-----w- c:\users\deanszf\appdata\local\{68384653-BE9E-489D-AEC3-BCE1F0606756}
2012-02-13 03:32:38 -------- d-----w- c:\users\deanszf\appdata\local\{860CCECD-0F13-4E27-A689-D5AEE3CE8571}
2012-02-13 03:32:28 -------- d-----w- c:\users\deanszf\appdata\local\{73483A00-7842-4DF2-ADA0-E215803F380F}
2012-02-12 21:23:11 -------- d-----w- c:\users\deanszf\appdata\local\{205A25EF-D324-455F-839E-CE99955148A6}
2012-02-12 06:13:58 -------- d-----w- c:\users\deanszf\appdata\local\{158E515B-3028-4C64-9D35-655942816E4E}
2012-02-12 06:13:47 -------- d-----w- c:\users\deanszf\appdata\local\{7732C155-BF5F-43B0-A0F2-B32FFD379ED7}
2012-02-11 18:07:26 -------- d-----w- c:\users\deanszf\appdata\local\{7F766E60-4AA0-44A1-BB2A-11E8906E7A3C}
2012-02-11 18:07:18 -------- d-----w- c:\users\deanszf\appdata\local\{2A5CF97F-5484-425F-B069-C28F0DC35EC9}
2012-02-11 05:08:30 -------- d-----w- c:\users\deanszf\appdata\local\{F1BFB50F-C501-4722-BB91-3E8D5B580475}
2012-02-11 05:08:16 -------- d-----w- c:\users\deanszf\appdata\local\{468A8932-74C7-4989-8B44-7D1DFE04D71C}
2012-02-10 05:08:36 -------- d-----w- c:\users\deanszf\appdata\local\{F61D4277-0833-414B-B0BA-F7B413BDFCE0}
2012-02-10 05:08:26 -------- d-----w- c:\users\deanszf\appdata\local\{746C6CF3-5D20-47EC-A5AE-915980DBF886}
2012-02-09 17:08:15 -------- d-----w- c:\users\deanszf\appdata\local\{7EA29C6B-C3F2-405E-AF32-0014E60E6C21}
2012-02-09 17:08:04 -------- d-----w- c:\users\deanszf\appdata\local\{CF566871-8471-4729-8ED9-B7BE3CB9702A}
2012-02-09 05:07:53 -------- d-----w- c:\users\deanszf\appdata\local\{754679F0-EA6E-4338-8F16-B30FB5A9934F}
2012-02-09 05:07:42 -------- d-----w- c:\users\deanszf\appdata\local\{2F04CBEF-2771-47B5-9727-636B240D78F5}
2012-02-08 17:07:31 -------- d-----w- c:\users\deanszf\appdata\local\{0D883FBE-3C7B-48D9-BC2E-191A4FFA95AE}
2012-02-08 17:07:22 -------- d-----w- c:\users\deanszf\appdata\local\{79661749-E5B7-451E-B318-9F8C943F7EFD}
2012-02-08 03:39:44 -------- d-----w- c:\users\deanszf\appdata\local\{2E575AFC-E332-46E2-A8C0-E4E1D5F6156C}
2012-02-08 03:39:34 -------- d-----w- c:\users\de
Hi, DeanZF. Welcome to LandzDown Forum.
We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.
If you have questions regarding any of the instructions or problems running any tools, please let us know.
QuoteWhen the 2/14 update was made available, it did not completely finalize the update.
Have you attempted a system restore point prior to the February 14th updates? When originally released, there was a problem with the Silverlight update, although it was a "failure to install" message, which was quickly repaired. In addition, I always recommend installing .NET Framework updates separately from other updates. While many people have no problems with .NET Framework updates, for some reason, others do.
The DDS.txt log got cut off by the forum software. Please copy/paste the remainder of the log following
2012-02-08 03:39:44 -------- d-----w- c:\users\deanszf\appdata\local\{2E575AFC-E332-46E2-A8C0-E4E1D5F6156C} to the end.
As requested, the rest of that log:
2012-02-08 03:39:34 -------- d-----w- c:\users\deanszf\appdata\local\{B42D7D0A-0777-41B4-804A-159726DFE37C}
2012-02-07 04:18:41 -------- d-----w- c:\users\deanszf\appdata\local\{FBCAFD6C-95F2-4059-8832-2944C5DB0EA4}
2012-02-07 04:18:30 -------- d-----w- c:\users\deanszf\appdata\local\{BCBED0D9-5094-4C7D-BE36-E2CB599909E6}
2012-02-06 16:18:15 -------- d-----w- c:\users\deanszf\appdata\local\{896AE353-D57E-4173-8420-7ED6E2AB2877}
2012-02-06 16:18:02 -------- d-----w- c:\users\deanszf\appdata\local\{EF2FCAF2-ABC6-4FBE-B33F-09BE69FEC769}
2012-02-05 19:42:14 -------- d-----w- c:\users\deanszf\appdata\local\{0D5BFB48-D3ED-457C-A72B-F220DB836317}
2012-02-05 19:42:04 -------- d-----w- c:\users\deanszf\appdata\local\{77DA27CB-1E8A-48CB-AF87-831B711209D4}
2012-02-05 13:23:49 -------- d-----w- c:\program files\MSXML 4.0
2012-02-05 06:13:15 -------- d-----w- c:\users\deanszf\appdata\local\{7C48287C-3840-4479-A725-4933413DB2F1}
2012-02-05 06:13:05 -------- d-----w- c:\users\deanszf\appdata\local\{8F59CB11-2CC7-4BC5-AB4A-AF9A1380BDB5}
2012-02-05 05:01:30 -------- d-----w- c:\users\deanszf\appdata\roaming\Nuance
2012-02-04 19:06:06 -------- d-----w- c:\users\deanszf\appdata\roaming\FLEXnet
2012-02-04 19:04:24 -------- d-----w- c:\program files\common files\IVA
2012-02-04 19:04:02 -------- d-----w- c:\program files\common files\Nuance
2012-02-04 18:59:36 -------- d-----w- c:\programdata\Nuance
2012-02-04 18:59:36 -------- d-----w- c:\program files\Nuance
2012-02-04 18:12:40 -------- d-----w- c:\users\deanszf\appdata\local\{74FA868D-401C-49E8-A2E3-D6A2A35BE046}
2012-02-04 18:12:21 -------- d-----w- c:\users\deanszf\appdata\local\{AAD7B903-6222-4231-8A3C-9E859BD571B0}
2012-02-04 05:48:23 -------- d-----w- c:\users\deanszf\appdata\local\{33532CB9-361B-4134-A9AA-7DAEDA474606}
2012-02-04 05:48:02 -------- d-----w- c:\users\deanszf\appdata\local\{70FCF635-D1AA-44D0-85CB-13645F8E3037}
2012-02-03 17:35:14 -------- d-----w- c:\users\deanszf\appdata\local\{4FFFEFBA-1FC9-45E6-ADBB-8CBA87CC2BBE}
2012-02-03 17:35:03 -------- d-----w- c:\users\deanszf\appdata\local\{BA95D1E9-3A68-4289-9DCE-B8004DE4D840}
2012-02-03 05:08:40 -------- d-----w- c:\users\deanszf\appdata\local\{8DB8B7B0-B98D-4C79-9CFE-0C15A4FC2A46}
2012-02-03 05:08:29 -------- d-----w- c:\users\deanszf\appdata\local\{14A5167C-22C7-4E42-8CA4-8CC1F914988C}
2012-02-02 17:08:17 -------- d-----w- c:\users\deanszf\appdata\local\{EB787A15-7859-4114-A0D1-C357EC028832}
2012-02-02 17:08:06 -------- d-----w- c:\users\deanszf\appdata\local\{07705064-186D-4DE4-9B5A-61EE2D5F144E}
2012-02-02 05:07:54 -------- d-----w- c:\users\deanszf\appdata\local\{8A8F6294-B073-4A6A-A3B9-69E41DB10D19}
2012-02-02 05:07:43 -------- d-----w- c:\users\deanszf\appdata\local\{F3743F1E-59CB-4DA8-B3BA-E995BD42863F}
2012-02-01 17:07:31 -------- d-----w- c:\users\deanszf\appdata\local\{7FE3F963-C83A-4B37-8B88-B3A2552C6C29}
2012-02-01 17:07:21 -------- d-----w- c:\users\deanszf\appdata\local\{59612B47-5570-446F-BC33-84DA0800E166}
2012-02-01 05:07:09 -------- d-----w- c:\users\deanszf\appdata\local\{D2C52B97-5514-4A1D-96AA-A77D8DA76A09}
2012-02-01 05:06:57 -------- d-----w- c:\users\deanszf\appdata\local\{35B93567-3653-4EDE-9D1F-63A970ADA3EF}
2012-01-31 17:06:45 -------- d-----w- c:\users\deanszf\appdata\local\{944305CB-7DBB-4D85-99B2-F08EA6886E9A}
2012-01-31 17:06:34 -------- d-----w- c:\users\deanszf\appdata\local\{7470E580-2CFA-479B-A284-4EF2B94D2EBD}
2012-01-31 05:06:22 -------- d-----w- c:\users\deanszf\appdata\local\{B2076DB1-78DB-4698-B017-37F9437C6C6B}
2012-01-31 05:06:11 -------- d-----w- c:\users\deanszf\appdata\local\{2486142A-FC3C-41B7-9585-258602564E97}
2012-01-30 17:05:57 -------- d-----w- c:\users\deanszf\appdata\local\{F2D347F5-DE3F-41AC-A985-30D1A3079277}
2012-01-30 17:05:29 -------- d-----w- c:\users\deanszf\appdata\local\{37BA1F06-9BE8-494F-9775-24C9C91C33C3}
2012-01-30 04:49:21 -------- d-----w- c:\users\deanszf\appdata\local\{993BF766-3ABC-4FAE-936B-1C185706F863}
2012-01-30 04:49:11 -------- d-----w- c:\users\deanszf\appdata\local\{CEBBED22-E2A9-4107-AF79-39D6CD9C1ACF}
2012-01-29 16:40:56 -------- d-----w- c:\users\deanszf\appdata\local\{601A3795-8787-44AC-A984-869BBCB86C6C}
2012-01-29 04:40:45 -------- d-----w- c:\users\deanszf\appdata\local\{72605994-A0F0-4ED3-A845-BAC9CA0D8EAE}
2012-01-29 04:40:33 -------- d-----w- c:\users\deanszf\appdata\local\{030FBE94-D4E9-4D20-B04F-0CB78E1942F7}
2012-01-28 16:40:17 -------- d-----w- c:\users\deanszf\appdata\local\{F2A249BB-72F3-43B4-AA6C-0605F0E88B57}
2012-01-28 16:40:00 -------- d-----w- c:\users\deanszf\appdata\local\{2E0A788D-AA17-4C8E-AEF5-DB360F49A61A}
2012-01-28 04:36:23 -------- d-----w- c:\users\deanszf\appdata\local\{42A5A35B-9039-4CF0-BD50-1B5F17C0FFB9}
2012-01-28 04:36:13 -------- d-----w- c:\users\deanszf\appdata\local\{5A570E5A-5482-4C53-A0CD-981F406E6594}
2012-01-27 16:36:01 -------- d-----w- c:\users\deanszf\appdata\local\{8352F7B0-64D0-4EE8-BC0A-F13C4EA6AFC1}
2012-01-27 16:35:49 -------- d-----w- c:\users\deanszf\appdata\local\{EBBFC1BF-C55B-42E1-886A-3FC58C2BE7FC}
2012-01-27 04:35:37 -------- d-----w- c:\users\deanszf\appdata\local\{2BB25A46-67E1-4F80-94EF-7F3A9FA570CE}
2012-01-27 04:35:27 -------- d-----w- c:\users\deanszf\appdata\local\{913C5912-DB11-4D75-9916-39F72AC16E44}
2012-01-27 04:20:25 -------- d-----w- c:\program files\common files\Macrovision Shared
2012-01-27 04:20:07 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-01-26 16:35:02 -------- d-----w- c:\users\deanszf\appdata\local\{467A71B9-7713-4D00-8A2F-1FC830A5B0B2}
2012-01-26 16:34:48 -------- d-----w- c:\users\deanszf\appdata\local\{71FDA1DB-E436-416C-9F8D-04DCA21CAD1E}
2012-01-26 04:34:04 -------- d-----w- c:\users\deanszf\appdata\local\{48E824F3-C00E-44E6-8D43-9953C4B2983D}
2012-01-26 04:33:53 -------- d-----w- c:\users\deanszf\appdata\local\{5014B2EE-D83E-44E3-AF62-DE7FAC4D2E93}
2012-01-25 16:33:42 -------- d-----w- c:\users\deanszf\appdata\local\{9C04206D-DD87-432B-85B8-456514962E82}
2012-01-25 16:33:29 -------- d-----w- c:\users\deanszf\appdata\local\{2C36C459-1FB2-4F55-BFAB-B21111A2D7DE}
2012-01-25 04:18:23 -------- d-----w- c:\users\deanszf\appdata\local\{CB59DA8A-D9D5-4D6F-8EA9-7EDA4C7E70E4}
2012-01-25 04:18:13 -------- d-----w- c:\users\deanszf\appdata\local\{822A9A34-4A0E-47BE-87BD-49969734F609}
2012-01-24 16:18:01 -------- d-----w- c:\users\deanszf\appdata\local\{AE88DC8C-42B8-449C-B3D1-7941F62F55B1}
2012-01-24 16:17:48 -------- d-----w- c:\users\deanszf\appdata\local\{37EF5FF6-BC29-47CF-9A05-82522E4B76DC}
2012-01-24 03:44:29 -------- d-----w- c:\users\deanszf\appdata\local\{6B78AE1C-98F0-4505-82A9-2148C9835069}
2012-01-24 03:44:18 -------- d-----w- c:\users\deanszf\appdata\local\{78DF9519-F71F-40D5-ACA9-18F113721530}
2012-01-23 15:44:07 -------- d-----w- c:\users\deanszf\appdata\local\{18651752-E39E-4BB6-8E12-14DCA2C35C6C}
2012-01-23 15:43:56 -------- d-----w- c:\users\deanszf\appdata\local\{33CDBC36-CE08-472F-BC2E-5177024315A2}
2012-01-23 03:43:44 -------- d-----w- c:\users\deanszf\appdata\local\{35F9A7E2-3A7E-4DE4-BE3D-23A6BA5889A4}
2012-01-23 03:43:34 -------- d-----w- c:\users\deanszf\appdata\local\{F16B3226-EC1E-4D01-B78A-675C05CAD748}
2012-01-22 15:43:21 -------- d-----w- c:\users\deanszf\appdata\local\{7DBC57E7-34C6-48C6-BC88-2C550534A146}
2012-01-22 15:42:58 -------- d-----w- c:\users\deanszf\appdata\local\{BA89FD56-5404-484F-8D2C-5DB4215796B6}
2012-01-22 03:42:47 -------- d-----w- c:\users\deanszf\appdata\local\{759E7816-0FF8-454E-9CAC-0BB39D43BCBA}
2012-01-22 03:42:36 -------- d-----w- c:\users\deanszf\appdata\local\{2EBC071D-5A45-4428-B79B-10B8C0501FA1}
2012-01-21 15:42:24 -------- d-----w- c:\users\deanszf\appdata\local\{1E89A4BB-BD78-41CE-9832-87548A57955E}
2012-01-21 15:42:00 -------- d-----w- c:\users\deanszf\appdata\local\{472A3E57-0BEF-469F-88B2-F05388B245DF}
.
==================== Find3M ====================
.
2012-01-29 11:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 21:49:29.60 ===============
In response to the other points, no I have not tried to go backward. I'd likely need instructions for that, too. Currently, my Win7 does everything automatically. How do I set it up to allow me to steer how those updates are installed?
Also, based on MS' forum advice, I did run MS Windows Defender to no avail. I'm not working through them any longer. Glad to be "loyal" to LDForums. I promise to take no additional actions other than as directed here! :goodie:
Hi, DeanZF.
Thank you for the rest of that log. Let's start first with System Restore.
- Open System Restore by clicking the Start button.
- In the search box, type System Restore and wait while it loads
- Click Next at the first prompt where System Restore is explained.
- The date we are looking for may not appear in the list of results, so please check the box "Show more restore points" and click Next.
- Select a Date and Time prior to February 14 and click Next.
Note: System Restore will restart your PC so save any open files and close all programs.
Can you get to Normal mode now? If not, please try the instructions for starting the computer using LKGC, Using Last Known Good Configuration (http://windows.microsoft.com/en-US/windows7/Using-Last-Known-Good-Configuration).
says that there ARE no restore points yet and tells me to open system protector, but that set of tabs does not give me an obvious place to create restore points.
Windows 7 does not include "System Protector". That is a fake/rogue, although I do not see signs of it in your logs.
Please follow these instructions carefully.Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
!!! IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.
Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).
Now, please run ComboFix:
- Note: If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
- Double-click ComboFix.exe on your desktop and follow the prompts.
- As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
- When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FCF_RC1.png&hash=29e6fe1eb864e58b4b66611caa7d7b6be84a47f8)
- After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FCF_RC2.png&hash=e111f6aa2d657579d44cabc5fb4258fd1dce26eb)
- Click "Yes" to continue scanning for malware.
- When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.
What a mess! Running in Safe Mode, one cannot disable AVG. I uninstalled it. Will reinstall after I send this.
Ran ComboFix. Log:
ComboFix 12-02-19.02 - Deanszf 02/20/2012 13:07:42.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3546.2790 [GMT -6:00]
Running from: c:\users\Deanszf\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\VDM93BB.tmp
C:\VDM93BC.tmp
C:\VDME6D1.tmp
C:\VDME6E1.tmp
c:\windows\system32\SET8809.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-20 to 2012-02-20 )))))))))))))))))))))))))))))))
.
.
2012-02-20 03:36 . 2012-02-20 03:39 -------- d-----w- C:\rsit
2012-02-20 03:36 . 2012-02-20 03:37 -------- d-----w- c:\program files\trend micro
2012-02-19 21:09 . 2012-01-17 10:39 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FFF8926-C54E-46F0-ACA8-9CC638100564}\mpengine.dll
2012-02-17 15:52 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-17 15:52 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-02-17 15:52 . 2011-12-14 03:04 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-17 15:52 . 2011-12-14 02:54 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-02-17 15:52 . 2011-12-14 02:57 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-17 15:51 . 2011-12-14 02:59 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-02-17 15:51 . 2011-12-14 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-16 06:49 . 2012-02-16 06:49 -------- d-----w- c:\program files\ReflexiveArcade
2012-02-15 03:50 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 03:50 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 03:50 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 03:49 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-05 13:23 . 2012-02-05 13:23 -------- d-----w- c:\program files\MSXML 4.0
2012-02-05 05:01 . 2012-02-05 05:01 -------- d-----w- c:\users\Deanszf\AppData\Roaming\Nuance
2012-02-04 19:06 . 2012-02-04 19:06 -------- d-----w- c:\users\Deanszf\AppData\Roaming\FLEXnet
2012-02-04 19:04 . 2012-02-04 19:04 -------- d-----w- c:\program files\Common Files\IVA
2012-02-04 19:04 . 2012-02-04 19:04 -------- d-----w- c:\program files\Common Files\Nuance
2012-02-04 18:59 . 2012-02-04 18:59 -------- d-----w- c:\programdata\Nuance
2012-02-04 18:59 . 2012-02-04 18:59 -------- d-----w- c:\program files\Nuance
2012-01-27 04:21 . 2012-02-04 18:59 -------- d-----w- c:\programdata\FLEXnet
2012-01-27 04:20 . 2012-01-27 04:20 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-01-27 04:20 . 2008-04-07 11:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 11:10 . 2010-12-27 16:33 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-18 05:16 . 2011-10-17 01:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-06 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2010-10-27 328992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-27 1343400]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [2011-06-06 296808]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Deanszf\AppData\Roaming\Mozilla\Firefox\Profiles\1pq0i6wu.default\
FF - prefs.js: browser.startup.homepage - hxxp://zionfire.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dc3949e&i=23&tp=ab&nt=1&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-20 13:18:26
ComboFix-quarantined-files.txt 2012-02-20 19:18
.
Pre-Run: 263,058,948,096 bytes free
Post-Run: 263,861,444,608 bytes free
.
- - End Of File - - 4B005A49F95B81B9DDD874468226E268
I've reinstalled AVG 2012 (sigh) after running ComboFix. I looked for a new restore point and it says the only restore point is 2/20.
Do I need to re-run ComboFix or something else? I'd love to go back to 2/13.
I am running in normal mode at the moment, but FireFox continues to show up very often as not responding. Many hesitations, even writing this post. 5-10 seconds to add a period to the end of the sentence.
I hope you didn't include AVG PC Tuneup 2011 in the reinstall. I'll hold off on the registry cleaner "lecture" for the moment and only stay that they do more damage than good. I specifically don't think I'd feel confident with an AVG registry cleaner when AVG left files behind when you did the uninstall before running ComboFix the first time.
I will want you to run ComboFix again, but let's hold off for the moment. Since you located a restore point, I'd like you to try something else.
- Relaunch System Restore.
- Seeing only the date of 2/20, first try clicking "Show more restore points".
- If none appear, click back and click "Scan for affected programs".
- Should any affected programs be listed, if the date is prior to 2/14, try that restore point.
- If none appear, click Close on that window and again click "Show more restore points".
Hopefully, this time you will get earlier restore points.
Following that, please uninstall the left-behind
Java(TM) 6 Update 20 and update the remaining version Java SE Runtime Environment 6u31 (http://java.com/en/download/index.jsp).
I see that the version of Firefox installed is outdated. What version of Firefox do you have installed? The current release is Firefox 10.0.2 and includes security updates.
Next, please go
here (http://www.eset.com/onlinescan/) to run an on-line scan from ESET.
- Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
- Turn off the real time scanner of any existing antivirus program while performing the online scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the ActiveX control to install
- Click Start
- Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
- Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
- Click Scan
- Wait for the scan to finish
- Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
- Copy and paste that log as a reply to this topic and also let me know how things are now.
Okay. To the best of my knowledge, I did not include the PC Tuneup 2011. I don't do registry things without specific instructions!
Did ComboFix again and did not get a better date.
Got rid of the Java Update 20 and did the Java SE RE 31.
FireFox is 10.0.2, and Java Console for FF also updated.
Ran ESET. 80 minutes into the scan, with 1/8" at the end of the progress bar remaining, it crashed. :cry:
The only part of the log that was on the drive was:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
It was WAY down into the end of the windows files, past system32. It did find five instances of OpenCandy. The ESET site says that it will find this and that it may or may not be a threat. Actually four instances and a variant on it something about CoreD?? The blue screen of freezing death hit and the computer restarted. Should I start the ESET again?? It was in stage 3 of 4.
Thanks for your patient help with this thing. :blink:
Open Candy is Adware. Undesirable but not damaging. I'd like to see the ESET results but why don't you try a full system scan with AVG first to see if it finds something. If it doesn't find anything, then try ESET again after a shutdown/restart.
Did a scan with AVG. Found nothing.
After the freeze in ESET and the self-initiated restart, I'm back in safe mode and am running the ESET again. 44 minutes in, 88500 files scanned thus far. More when it finishes.
Thanks.
ESET scan was again quite long, but successful this time. It paused for a VERY long time, sufficiently long that IE thought it was non-responsive and offered to restart the window for me. At least it waited until the scan was completed.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=021e831794c6fc41b03ad4ea25b5a4a1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-21 03:36:34
# local_time=2012-02-20 09:36:34 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 11554041 11554041 0 0
# compatibility_mode=5893 16776574 100 94 0 81336139 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=144149
# found=5
# cleaned=0
# scan_time=4045
C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Deanszf\AppData\Roaming\OpenCandy\OpenCandy_8B10B76F11484E29A43CA4F1A1915B72\GameHouseSupercollapse3_p1v7.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Deanszf\Downloads\cnet_setupcalorietrackerA_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Deanszf\Downloads\CNET_TechTracker_2_0_4_Setup.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Deanszf\Downloads\MusicnotesSuite.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
That's all I have. I hope it's a complete scan.
Thanks!!
Thank you, DeanZF.
Fortunately, the only finding was OpenCandy, which we'll address with ComboFix. I suggest that where possible you go to the vendor site rather than third-party sites to download programs. (See Win32/InstallCore.D + Win32/OpenCandy - CNET CNET TechTracker Forums (http://forums.cnet.com/7723-21574_102-546820/win32-installcore-d-win32-opencandy/))
Custom CFScript
Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
- Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
File::
MusicnotesSuite.exe
CNET_TechTracker_2_0_4_Setup.exe
cnet_setupcalorietrackerA_exe.exe
OCSetupHlp.dll
Folder::
C:\Users\Deanszf\AppData\Roaming\OpenCandy
- Save this as CFScript.txt and place it on your desktop.
- Close any open browsers.
- Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FCF_CFScript.gif&hash=19cdd291c9ded999b7ed69b7a82ebed7c9d0ab01)
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Next adventure. Started the process in normal mode (silly me). It ran through all of the 50... where those segments?? It deleted 3 filed and showed as deleting a folder, all having to do with OpenCandy. It got to the deleting the folder portion and froze. Sigh. (saying this with a Sgt Schultz accent, "I touched NUTHINK mit mine mouse!" It just flat stalled. I let it alone for 10 minutes, maybe more, and when NUTHINK happened, I restarted. Sigh again.
Restarted in safe mode and ran it to completion. I did have to restart the machine as it thought that I should delete both IE & FireFox!
BTW, System Restore again says that no restore points have been created.
The new log, from the second round of the script, run in safe mode:
ComboFix 12-02-19.02 - Deanszf 02/21/2012 22:11:17.3.2 - x86 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3546.3037 [GMT -6:00]
Running from: c:\users\Deanszf\Desktop\ComboFix.exe
Command switches used :: c:\users\Deanszf\Desktop\CFScript.txt
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-01-22 to 2012-02-22 )))))))))))))))))))))))))))))))
.
.
2012-02-22 04:19 . 2012-02-22 04:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-22 03:59 . 2012-02-22 04:19 -------- d-----w- c:\users\Deanszf\AppData\Local\temp
2012-02-20 23:55 . 2012-02-20 23:55 -------- d-----w- c:\program files\ESET
2012-02-20 23:50 . 2012-02-20 23:50 -------- d-----w- c:\program files\Common Files\Java
2012-02-20 23:50 . 2012-02-20 23:50 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-20 03:36 . 2012-02-20 03:39 -------- d-----w- C:\rsit
2012-02-20 03:36 . 2012-02-20 03:37 -------- d-----w- c:\program files\trend micro
2012-02-19 21:09 . 2012-01-17 10:39 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FFF8926-C54E-46F0-ACA8-9CC638100564}\mpengine.dll
2012-02-17 15:52 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-17 15:52 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-02-17 15:52 . 2011-12-14 03:04 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-17 15:52 . 2011-12-14 02:54 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-02-17 15:52 . 2011-12-14 02:57 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-17 15:51 . 2011-12-14 02:59 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-02-17 15:51 . 2011-12-14 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-16 06:49 . 2012-02-16 06:49 -------- d-----w- c:\program files\ReflexiveArcade
2012-02-15 03:50 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 03:50 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 03:50 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 03:49 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-05 13:23 . 2012-02-05 13:23 -------- d-----w- c:\program files\MSXML 4.0
2012-02-05 05:01 . 2012-02-05 05:01 -------- d-----w- c:\users\Deanszf\AppData\Roaming\Nuance
2012-02-04 19:06 . 2012-02-04 19:06 -------- d-----w- c:\users\Deanszf\AppData\Roaming\FLEXnet
2012-02-04 19:04 . 2012-02-04 19:04 -------- d-----w- c:\program files\Common Files\IVA
2012-02-04 19:04 . 2012-02-04 19:04 -------- d-----w- c:\program files\Common Files\Nuance
2012-02-04 18:59 . 2012-02-04 18:59 -------- d-----w- c:\programdata\Nuance
2012-02-04 18:59 . 2012-02-04 18:59 -------- d-----w- c:\program files\Nuance
2012-01-27 04:21 . 2012-02-04 18:59 -------- d-----w- c:\programdata\FLEXnet
2012-01-27 04:20 . 2012-01-27 04:20 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-01-27 04:20 . 2008-04-07 11:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 23:50 . 2010-12-29 19:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-29 11:10 . 2010-12-27 16:33 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-18 05:16 . 2011-10-17 01:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-06 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2010-10-27 328992]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [2011-06-06 296808]
R3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-27 1343400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Deanszf\AppData\Roaming\Mozilla\Firefox\Profiles\1pq0i6wu.default\
FF - prefs.js: browser.startup.homepage - hxxp://zionfire.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dc3949e&i=23&tp=ab&nt=1&q=
.
.
Completion time: 2012-02-21 22:20:34
ComboFix-quarantined-files.txt 2012-02-22 04:20
ComboFix2.txt 2012-02-20 19:18
.
Pre-Run: 263,577,014,272 bytes free
Post-Run: 263,507,202,048 bytes free
.
- - End Of File - - D4AF278CA2E11E8A8CAD819357BB01A5
Hi, DeanZF.
Please run the System File Checker tool. The System File Checker tool scans system files and replaces incorrect versions of the system files by using the correct versions.
To run the System File Checker tool, follow these steps:
- Click Start, and then type cmd in the Start Search box.
- Right-click cmd in the Programs list, and then click Run as administrator.
- If you are prompted for an administrator password or confirmation, type your password or click Continue
- At the command prompt, type the following line, and then press ENTER:
sfc /scannow (note the space before the forward slash)
- When the scan is complete, test to see whether the issue that you are experiencing is resolved.
Note: If the System File Checker Tool finds errors, shutdown/restart and run the tool up to three times until no errors are found.
Please let me know if anything is found.
:(
Nothing found. Did the scan in normal mode. Scan froze at 66%. Restarted, scanned again in normal mode. Froze at 66%. Did it twice more, same result.
Looking for a next step, and have a quandry. It looks like it's time to install Windows patches again. Do I install that stuff prior to any other steps?
Blessings upon you!
Hi, Dean ZF. You may need to do a repair install. However, let's try a couple of other things first.
First, follow the illustrated instructions at Fix Missing System Restore Points in Windows Vista and 7 (http://helpdeskgeek.com/help-desk/fix-missing-system-restore-points-in-windows-vista-and-7/) to see if that repairs System Restore.
Next. please run CheckDisk, following the illustrated instructions at Disk Check - Windows 7 Forums (http://www.sevenforums.com/tutorials/433-disk-check.html), using option 8:
Quote8. To Scan and Automatically Attempt to Fix Errors and Recover Bad Sectors
NOTE: This will scan for both file errors and physical errors (steps 6 and 7). It will then attempt to repair problems with files and folders, and recover physical errors.
A) Check the Automatically fix file system errors box. (See screenshot below step 4)
B) Check the Scan for and attempt recovery of bad sectors box.
As your hard disk will be in use, follow the steps in item 11 to run the scheduled scan and restart the computer.
Quote11. If the selected hard disk is in use, then click on the Schedule disk check button. (See screenshot below)
NOTE: If the hard disk that you selected in step 2 is in use (for example, the C: drive or partition that contains Windows 7), you'll be prompted to reschedule the disk check for the next time you restart your computer.
Hours later, it's done, per your instruction. I set the SR up to create a set point at 10pm local time, while I was still preparing the machine for the big scan. nearly four hours later, it finished without seizing. Yay for that.
Two questions:
- The obvious question is "What's next?" :sos:
- The other question has to do with updates. There is a java update waiting for me to say yes, and there are Windows 2/21 updates waiting.
Just trying NOT to jump ahead, but to be sure to follow the instructions.
Again, so many thank yous for your help.
Hi, Dean.
With CheckDisk was completed, are you able to work in normal mode? What is the status of your computer now?
As to Windows updates, the February 14th release had .NET Framework updates for Windows 7. Please install the other updates first, restart and then install the .NET Framework updates and restart.
Regarding Java, because of the problems you were having, I didn't address it before. Yes, you can update Java. First, however, uninstall Java(TM) 6 Update 20. After the update, Java(TM) 6 Update 29 should be replaced with Java 6, Update 31.
Good morning, Corrine,
So far, so good. I'm running in normal mode, I've installed the overnight Windows update (with was a .NET Framework update). The Java piece will be updated when it reappears. I had already removed the Update 20 piece of the puzzle.
I'll run only for a bit before going to work, and then more tonight. If it survives the test or freezes, I'll report later.
Again, many thanks for your services!
Hi, DeanZF.
It is sounding like CheckDisk solved the remaining problems. We'll take care of the last bits after you confirm all is still well.