Jump to content

mk1717

Honorary Members
  • Posts

    47
  • Joined

  • Last visited

Everything posted by mk1717

  1. Thanks for your help, and all the recommendations. I appreciate your help, and I believe we were successful. Thanks again, Mike
  2. Since my primary and backup drives are both 1TB, I make a habit of regularly backing up everything off the primary. But because of problems like this week, I was also considering instead using a standalone backup drive. I will shop for a new drive, any recommendations on brand or size? Should I also replace the internal backup drive? Although an external would effectively replace that anyway. So checkdisk didn't come up with lots of problems, but the type and size that it did find is a bad sign, and indicator of pending risk, huh?
  3. CHKDSKResults: ------------------------------ TimeCreated : 8/19/2013 12:01:08 AM Message : Checking file system on C: The type of the file system is NTFS. Volume label is OS. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 387584 file records processed. File verification completed. 1183 large file records processed. 0 bad file records processed. 2 EA records processed. 108 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 461132 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 387584 file SDs/SIDs processed. Cleaning up 5741 unused index entries from index $SII of file 0x9 . Cleaning up 5741 unused index entries from index $SDH of file 0x9 . Cleaning up 5741 unused security descriptors. Security descriptor verification completed. 36775 data files processed. CHKDSK is verifying Usn Journal... 35671208 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... Read failure with status 0xc000009c at offset 0x7576e4000 for 0x1 0000 bytes. Read failure with status 0xc000009c at offset 0x7576f3000 for 0x1 000 bytes. Windows replaced bad clusters in file 165888 of name \Windows\Cursors\aero_working_xl.ani. Read failure with status 0xc000009c at offset 0x7574e2000 for 0x1 0000 bytes. Read failure with status 0xc000009c at offset 0x7574e9000 for 0x1 000 bytes. Windows replaced bad clusters in file 166509 of name \Windows\winsxs\amd64_microsoft-windows-font-truetype-can dara_31bf3856ad364e35_6.1.7600.16385_none_47342bc83c01bc90\Candar ai.ttf. 387568 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 178573181 free clusters processed. Free space verification is complete. Adding 2 bad clusters to the Bad Clusters File. CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap. CHKDSK discovered free space marked as allocated in the volume bi tmap. Windows has made corrections to the file system. 961360599 KB total disk space. 246358692 KB in 310485 files. 185184 KB in 36776 indexes. 8 KB in bad sectors. 523987 KB in use by the system. 65536 KB occupied by the log file. 714292728 KB available on disk. 4096 bytes in each allocation unit. 240340149 total allocation units on disk. 178573182 allocation units available on disk. Internal Info: 00 ea 05 00 88 4c 05 00 df 6e 09 00 00 00 00 00 .....L...n...... b9 cc 00 00 6c 00 00 00 00 00 00 00 00 00 00 00 ....l........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts.
  4. I set up for a full scan, did a reboot, and allowed the scan to run. It ran for hours, but ended with a clean result.
  5. Ran Rkill once, forgot to run as administrator, it ran for 2 minutes and I thought it stopped something but when I ran again as administrator it ran fast and clean. Ran ERUNT, and it said it worked, but I got lots of errors where it said it couldn't write files. I tried a few times, trying to write in several different areas, and the errors repeated. So it says registry was backed up, but I'm not sure if it really did it. Ran RogueKiller, it completed OK, and seemed to be clean. Here are Rkill.txt and RKreport[0].txt: Rkill.txt: ---------------------------- Rkill 2.6.1 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 08/18/2013 07:21:28 PM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost ::1 localhost Program finished at: 08/18/2013 07:21:39 PM Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s) RKreport[0]_S_08182013_192919.txt ------------------------------------------------------ RogueKiller V8.6.5 _x64_ [Aug 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Owner [Admin rights] Mode : Scan -- Date : 08/18/2013 19:29:19 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ -> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD103UJ ATA Device +++++ --- User --- [MBR] ff284ccab89ce369c94908bdf68bd3e0 [bSP] 889dc1ff85fe201e743283d1f1cb99ee : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 938828 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SAMSUNG HD103UJ ATA Device +++++ --- User --- [MBR] 803616b9297c491a37d73753b734e845 [bSP] b683e1a1dd62afee72281aa95adff611 : Empty MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_08182013_192919.txt >>
  6. Here are dds.txt and attach.txt Ready to run Step0 rkill next? dds.txt --------------------------------- DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16502 Run by Owner at 18:37:00 on 2013-08-18 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.4672 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\atieclxx.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Microsoft Money\System\Money Express.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\System32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wuauclt.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe C:\Windows\system32\taskhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\AVG\AVG10\avgui.exe C:\Program Files (x86)\AVG\AVG10\avgcfgex.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: <No Name>: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files (x86)\Microsoft Money\System\mnyviewer.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Zynga Toolbar: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn2.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [EPSON Stylus Photo R220 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIAIA.EXE /FU "C:\Windows\TEMP\E_SE9F1.tmp" /EF "HKCU" uRun: [MoneyAgent] "C:\Program Files (x86)\Microsoft Money\System\Money Express.exe" uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe -update activex mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun: [CaddieSyncConduit] C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [MoneyStartUp10.0] "C:\Program Files (x86)\Microsoft Money\System\Activation.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - C:\Program Files (x86)\Microsoft Money\System\mnyviewer.dll TCP: NameServer = 192.168.0.1 TCP: Interfaces\{0A55260C-27CF-4501-920E-D5BF3F761146} : DHCPNameServer = 192.168.0.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll SSODL: WebCheck - <orphaned> x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll x64-SSODL: WebCheck - <orphaned> x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2011-3-16 37456] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-8-15 53488] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-12 312160] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-3-1 41552] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-4-5 377936] R1 NEOFLTR_650_16789;Juniper Networks TDI Filter Driver (NEOFLTR_650_16789);C:\Windows\System32\drivers\NEOFLTR_650_16789.SYS [2011-2-18 100472] R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/11/10 00:46:43];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-11-10 146928] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-10 92160] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-10 203264] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2011-5-27 118864] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2011-2-10 29264] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-12-19 314400] R3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] R3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560] S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\System32\drivers\silabenm.sys [2011-1-27 27336] S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\System32\drivers\silabser.sys [2011-1-27 69120] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-10 1255736] . =============== Created Last 30 ================ . 2013-08-18 22:09:04 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{86EA0EBE-068F-4D43-A625-04D78E727D27}\offreg.dll 2013-08-18 19:01:13 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{86EA0EBE-068F-4D43-A625-04D78E727D27}\mpengine.dll 2013-08-18 19:00:52 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation 2013-08-18 19:00:29 878368 ----a-w- C:\Windows\System32\nvvsvc.exe 2013-08-18 19:00:29 63776 ----a-w- C:\Windows\System32\nvshext.dll 2013-08-18 19:00:29 6207776 ----a-w- C:\Windows\System32\nvcpl.dll 2013-08-18 19:00:29 3300640 ----a-w- C:\Windows\System32\nvsvc64.dll 2013-08-18 19:00:29 2558240 ----a-w- C:\Windows\System32\nvsvcr.dll 2013-08-18 19:00:28 118560 ----a-w- C:\Windows\System32\nvmctray.dll 2013-08-18 18:59:53 61216 ----a-w- C:\Windows\System32\OpenCL.dll 2013-08-18 18:59:53 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2013-08-18 18:59:21 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2013-08-18 18:59:11 -------- d-----w- C:\Program Files\NVIDIA Corporation 2013-08-18 18:50:36 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll 2013-08-18 18:50:36 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-08-18 18:50:36 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-08-18 18:50:36 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-08-18 18:50:26 224256 ----a-w- C:\Windows\System32\wintrust.dll 2013-08-18 18:50:26 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-08-18 18:50:25 1472512 ----a-w- C:\Windows\System32\crypt32.dll 2013-08-18 18:50:25 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-08-18 18:49:26 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-08-18 18:49:19 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-08-18 18:49:09 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-08-18 18:49:08 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-08-18 18:49:01 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll 2013-08-18 18:49:01 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll 2013-08-18 18:48:54 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys 2013-08-18 18:48:45 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-08-06 08:04:54 -------- d-----w- C:\Windows\System32\MRT . ==================== Find3M ==================== . 2013-07-25 03:37:25 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-07-25 03:30:49 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-07-25 03:29:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-07-25 03:28:46 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-07-25 03:28:31 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-07-25 03:27:20 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-07-25 02:32:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-07-25 02:26:10 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-07-25 02:25:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-07-25 02:23:59 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-07-25 02:23:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-07-25 02:22:35 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-06-11 18:37:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-11 18:37:11 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll 2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll . ============= FINISH: 18:37:24.29 =============== attach.txt --------------------------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 11/9/2009 11:53:07 PM System Uptime: 8/18/2013 4:43:53 PM (2 hours ago) . Motherboard: Dell Inc. | | 0N826N Processor: Intel® Core2 Quad CPU Q8200 @ 2.33GHz | Socket 775 | 2331/333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 917 GiB total, 680.057 GiB free. D: is FIXED (NTFS) - 15 GiB total, 7.869 GiB free. E: is CDROM () F: is FIXED (NTFS) - 932 GiB total, 203.268 GiB free. G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP253: 2/13/2013 3:00:13 AM - Windows Update RP254: 2/17/2013 7:00:31 PM - Windows Backup RP255: 2/24/2013 7:00:25 PM - Windows Backup RP256: 3/3/2013 7:00:25 PM - Windows Backup RP257: 3/10/2013 7:00:32 PM - Windows Backup RP258: 3/14/2013 3:00:12 AM - Windows Update RP259: 3/17/2013 7:00:26 PM - Windows Backup RP260: 3/24/2013 7:00:15 PM - Windows Backup RP261: 3/26/2013 3:00:11 AM - Windows Update RP262: 3/31/2013 7:00:26 PM - Windows Backup RP263: 4/1/2013 9:45:01 PM - Installed TurboTax 2012 wrapper RP264: 4/13/2013 2:10:57 AM - Windows Backup RP265: 4/14/2013 3:00:14 AM - Windows Update RP266: 4/14/2013 7:00:40 PM - Windows Backup RP267: 4/21/2013 7:00:27 PM - Windows Backup RP268: 4/24/2013 3:00:11 AM - Windows Update RP269: 4/28/2013 7:00:38 PM - Windows Backup RP270: 5/6/2013 12:00:16 AM - Scheduled Checkpoint RP271: 5/7/2013 3:00:11 AM - Windows Update RP272: 5/8/2013 8:14:33 PM - Restore Operation RP273: 5/8/2013 8:59:33 PM - Windows Modules Installer RP274: 5/16/2013 12:01:36 AM - Scheduled Checkpoint RP275: 5/16/2013 3:00:14 AM - Windows Update RP276: 5/24/2013 1:28:02 AM - Scheduled Checkpoint RP277: 5/31/2013 6:45:30 PM - Scheduled Checkpoint RP278: 6/8/2013 1:33:36 AM - Scheduled Checkpoint RP279: 6/13/2013 3:00:15 AM - Windows Update RP280: 6/21/2013 3:29:56 AM - Scheduled Checkpoint RP281: 6/23/2013 7:00:46 PM - Windows Backup RP282: 6/30/2013 7:00:24 PM - Windows Backup RP283: 7/7/2013 7:00:25 PM - Windows Backup RP284: 7/11/2013 3:00:12 AM - Windows Update RP285: 7/14/2013 7:00:42 PM - Windows Backup RP286: 7/21/2013 7:00:24 PM - Windows Backup RP287: 7/21/2013 7:10:58 PM - Windows Backup RP288: 7/28/2013 7:00:25 PM - Windows Backup RP289: 8/4/2013 7:00:25 PM - Windows Backup RP290: 8/6/2013 3:00:11 AM - Windows Update RP291: 8/11/2013 7:00:25 PM - Windows Backup RP292: 8/18/2013 1:31:11 PM - Windows Update RP293: 8/18/2013 1:46:47 PM - Removed Dell Dock RP294: 8/18/2013 1:51:43 PM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Acrobat.com Adobe AIR Adobe Download Manager Adobe Flash Player 11 ActiveX Adobe Reader 9.2 Adobe Shockwave Player 11.5 APC PowerChute Personal Edition AVG 2011 Bing Bar Bing Rewards Client Installer BovadaPoker CaddieSync Express 1.0.1 Catalyst Control Center InstallProxy CCleaner (remove only) Choice Guard Compatibility Pack for the 2007 Office system Conexant D850 PCI V.92 Modem Consumer In-Home Service Agreement Dell-eBay Dell Edoc Viewer Dell Getting Started Guide Dell Support Center (Support Software) Digital Line Detect EPSON Printer Software FLV Player 2.0 (build 25) Freez FLV to AVI/MPEG/WMV Converter Freez FLV to MP3 Converter Google Toolbar for Internet Explorer Google Update Helper iSEEK AnswerWorks English Runtime Java Auto Updater Java 6 Update 13 (64-bit) Java 6 Update 19 Juniper Networks Secure Application Manager Juniper Networks, Inc. Setup Client Junk Mail filter update Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Default Manager Microsoft Money 2002 Microsoft Money 2002 System Pack Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office Live Add-in 1.5 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft UI Engine Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Modem Diagnostic Tool MSVCRT NetWaiting NVIDIA Control Panel 307.83 NVIDIA Graphics Driver 307.83 NVIDIA Install Application NVIDIA Update 1.10.8 NVIDIA Update Components PokerStars PowerDVD DX Realtek 8136 8168 8169 Ethernet Driver Realtek High Definition Audio Driver Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition SkyCaddie Desktop SkyHawke CP210x USB to UART Bridge (Driver Removal) TurboTax 2009 TurboTax 2009 WinPerFedFormset TurboTax 2009 WinPerReleaseEngine TurboTax 2009 WinPerTaxSupport TurboTax 2009 wrapper TurboTax 2010 TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wrapper TurboTax 2011 TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wrapper TurboTax 2012 TurboTax 2012 WinPerFedFormset TurboTax 2012 WinPerReleaseEngine TurboTax 2012 WinPerTaxSupport TurboTax 2012 wrapper Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Visual Studio 2008 x64 Redistributables Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sync Windows Live Upload Tool Windows Live Writer Windows Mobile Device Center Zynga Toolbar . ==== Event Viewer Messages From Past Week ======== . 8/18/2013 1:41:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2862966). 8/18/2013 1:38:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2844286). 8/18/2013 1:37:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2863058). 8/18/2013 1:37:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2840628). 8/18/2013 1:37:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2803821). 8/18/2013 1:36:37 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2849470). 8/18/2013 1:34:14 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2859537). 8/18/2013 1:34:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2861855). 8/18/2013 1:33:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2868623). 8/18/2013 1:20:45 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa800a1be4e0, 0xfffff8800485081c, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081813-89840-01. 8/14/2013 7:32:39 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa8012ea54e0, 0xfffff880048ca81c, 0x0000000000000000, 0x000000000000000d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081413-57174-01. 8/14/2013 6:08:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 BHDrvx64 ccHP discache eeCtrl IDSVia64 spldr SRTSPX SYMTDI Wanarpv6 8/14/2013 6:07:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa800c386390, 0xfffff880048eb81c, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081413-36473-01. . ==== End Of File ===========================
  7. Bought and installed a video card, booted up fine, no pixelling, drivers updated OK, still no pixelling, no blue screen. Updated malwarebytes and quick scan completed with no detections. Running AVG2011 now. System seems stable. Running about 1/2 so far with no problems. Evidence thus far leads us to blame the former video card as failing. Later I'd like to update Adobe and Java like I just did on my laptop while fixing an intrusion there, and then any other cleanup which might be recommended here. Mike
  8. My old video card won't fit, must be too old. The older computer is maybe 10 years old, old enough where the hard drives aren't compatible either, so maybe that's also why the video card is different too. Odd observation from yesterday.... the computer didn't stay up and stable too long this morning, but yesterday when the Startup Repair was running, that took a good long time and things were pretty stable for that long time. I'm surprised things stayed up long enough to attempt an automatic system repair and also a system restore to the 8/11 restore point.
  9. I tried the old monitor, and the whole computer came up, but I hadn't tried it in a day so I'm thinking that's not convincing of any better performance with simply a monitor swap. While the computer was up and I was logged in, I moved the video cable back to the newer monitor, but by the time I got there, the computer apparenly restarted because I saw the Dell Inspirion startup screen with same pixelling, then the blue screen, and then the screen went black before the blue screen restart timer finished. So I think we completely ruled out the monitor, but nothing else. Does a bad video card have the capability of making a system unstable enough to go to a bluescreen? I have the older video card that I could try.
  10. I agree, likelihood toward the video card or monitor. I have an old computer which doesn't work enough to be useful, but I think the video card and monitor is OK. But before I tried that last night, I tried starting my Dell desktop again, and the display came up, although it still had the slight pixelling, but at least for the moment it is up. The computer didn't boot up, though. A "Startup Repair" window came up, saying the "computer was unable to start", and that Windows was checking the system for problems. When that utility completed, another window popped up saying that "Windows can not repair this computer automatically". There were 2 links available on that window. The first is "view diagnostic and repair details". It ran and passed a bunch of tests except the last one, so I took a photo of it. Here's what it said: ------------------ Root Cause Found: Unspecified changes to system configuration might have caused the problem. Repair action: System Restore Result: Cancelled Repair action: System files integrity check and repair Result: Failed. Error code = 0x490. ------------------ The 2nd link is "view advanced options for system recovery and support". The "System Recovery Options" window showed "Startup Repair" which already didn't work, "System Restore", "System..." something else, my photo has a progress bar in front of it, "Windows Memory Diagnostic", and "Command Prompt". I chose "System Restore", and selected the latest restore point which was a week ago 8/11, and a few days before the nonsense started Wed 8/14. The system restore completed same as how I remember it the few times I've needed to do this before, and I got the comforting message "System Restore successful, ready for reboot". So I rebooted, but then the video didn't come up again, and that's where I am now. So we now know the monitor works since we saw system activity displayed, and it seems to be detecting when it was gettng no signal. And the video card works at least intermittently and can still be our problem. And that a system startup problem has been supposedly fixed with a successful system restore, but that has not been verified yet since the system has not come up yet from the restore utility's reboot. I also took that case panel off and blew a lot of the dust off the power supply fan, case fan, CPU fan, and video card fan. So they're all working but to me they don't seem to be moving much air. This morning I will try your direction of swapping monitors. I'll post the results later, while you have a chance to study the results I wrote above. Mike
  11. On Wednesday morning I was using my Dell Windows 7 Desktop to view a Malwarebytes topic, when the video started some very sligt pixelling and then stalled. I got a "display driver stopped responding and has successfully recovered" Pop-up in the lower right corner of the screen, and then it went away. Then the whole thing repeated 2x more and the computer crashed to a blue screen. Upon restarting, the same thing happened again. Windows came up and I logged in, but I didn't have much time to do anything before the next blue screen. Now on restart, I hear the startup beep, and Windows starts, but then the screen goes black and stays that way. I never get any display any more. I even tried safe mode and never got there, but I only tried this once. I tried booting up again on Thursday and I still couldn't see a display on bootup, and thereby can't even tell if bootup was successful. So the time between first observation of pixelling, and then losing my display, was less than 1/2 hour. Usually I see problems taking longer to emerge. I did some research and people talk about overheating as a cause, voltage problems, overclocking issues, outdated drivers, failing hardware, and someone who wrote a convincing article about a virus which attacked his video card, which is what prompted me to create this topic today. All I had used the computer for in the days leading up to the problem, was to read a Malwarebytes topic to help fix my laptop, I downloaded some recommended utilities from malwarebyte-recommended locations, and posted program result logs back onto the topic. It seems that my desktop computer is pretty much disabled with this display problem, so I'm not sure even how to proceed, so hopefully I can get some successful direction here. Thanks, Mike
  12. Excellent. I think we've wrapped up this topic. I'll make a donation now. Thanks, Mike
  13. Super Anti Spyware usually runs real long for a full scan, like a day or more, not sure why. But I stopped it to get your answer. It flagged: C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\SVCHOST.exe I'm thinking we'll select Trust/Allow that item. Would that be correct? Odd that it flagged it as a Trojan. Mike
  14. I think you're right about multiple versions. If I right click the "Java Update Available" icon in the lower right part of the tray, and click Properties, I get a window which has the Update Tab. If I then click on the Java Tab and then click the View button, I see products 1.6.0_05 and 1.6.0_30. If I open Programs and Features, I see "Java 7 Update 25 (64 bit)", "Java 6 Update 5", and "Java Update 30". Since we just installed Java 7 Update 25, I assume the other two are the older version, and the same ones related to the Java icon in the tray. If I uninstall the latter 2 in Programs and Features, I assume that will eliminate the older versions. Do you agree. Also, while running Super Anti Spyware, a full scan that's still running into it's 10th hour, it saw 190 adware tracking cookies, and 1 Trojan.Dropper/SVCHost-Fake. I assume the tool will eliminate that as it completes, but shouldn't we have found everything by now?
  15. Java 7 Update 25, so the version and updates are right, but I don't have an Update tab in the Java Control Panel. There's General. Java, Security, and Advanced. I didn't see update control under any of the tabs.
  16. Oh, one other thing. My Malwarebytes free version, what all is it supposed to do? Does it fix things but not prevent things from getting in? Is that one possible reason we had to fix this recent intrusion? Is the paid version required for real-time protection in addition to a problem-fixing capability?
  17. I updated Java and Adobe, also downloaded Foxit. After running OTC the computer rebooted, but then Java updater popped up like it always does and says yet another update was available. I had always ignored this thinking it wasn't real, but now that I'm updated I thought this wouldn't appear, and it did. Should the java updater still be bugging me like this? Aside of that Java quirk still going on, I think we might be done. Do you agree? I'm frustrated at how long we had to work on this, but I'm pleased that it appears to be succesful. Thanks for the Preventative Maintenance recommendations, I will try to adopt them for myself. Thanks, Mike
  18. Thanks for your help over the past few days. I can't believe we had to run so many utilities to fix the phoney anti-virus virus, but after so many steps I feel confident the job is done. I appreciate people like you being available to help novice non-experts like me.

  19. SecurityCheck ran OK. Here's the result. Talk more tonight. Mike Checkup.txt ----------------------- Results of screen317's Security Check version 0.99.72 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton 360 AVG Anti-Virus Free Edition 2011 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SUPERAntiSpyware Free Edition Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 30 Java 6 Update 5 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe AVG avgwdsvc.exe AVG avgtray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1 % ````````````````````End of Log``````````````````````
  20. OK, maybe not a problem but I'll let you decide. I saw the 12 items again, halted the scan and saved the results, and they're the 12 items stored in C:\Qoobox\Quarrantine\C\Users\Owner. That Qoobox directory is new, and has some Combofix documents in it, so I'm guessing that's ok since Combofix created it. Here's the log from the full scan which I interrupted after I saw the 12 items detected. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.15.03 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Owner :: GATEWAY-LAPTOP [administrator] 8/15/2013 6:56:29 AM MBAM-log-2013-08-15 (07-29-05).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 119483 Time elapsed: 28 minute(s), 47 second(s) [aborted] Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 12 C:\Qoobox\Quarantine\C\Users\Owner\acrobat.exe.vir (Trojan.FakeMS.WL) -> No action taken. C:\Qoobox\Quarantine\C\Users\Owner\acrobatreader50761.exe.vir (Trojan.FakeMS.WL) -> No action taken. C:\Qoobox\Quarantine\C\Users\Owner\flashplayer553906.exe.vir (Trojan.FakeMS.WL) -> No action taken. C:\Qoobox\Quarantine\C\Users\Owner\flashplayer821120.exe.vir (Trojan.FakeMS.WL) -> No action taken. C:\Qoobox\Quarantine\C\Users\Owner\icq.exe.vir (Rootkit.0Access) -> No action taken. C:\Qoobox\Quarantine\C\Users\Owner\notepad.exe.vir (Rootkit.0Access) -> No action taken. C:\Qoobox\Quarantine\C\Users\Owner\opera.exe.vir (Rootkit.0Access) -> No action taken. C:\Qoobox\Quarantine\C\Users\Owner\rundll32266486.exe.vir (Trojan.FakeMS.WL) -> No action taken. C:\Qoobox\Quarantine\C\Users\Owner\skype.exe.vir (Rootkit.0Access) -> No action taken. C:\Qoobox\Quarantine\C\Users\Owner\vlcplayer314397.exe.vir (Trojan.FakeMS.WL) -> No action taken. C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\cba6fad2-434e-422f-8b70-23e287c83523ad\cbafadefbecad.exe.vir (Trojan.FakeMS.WL) -> No action taken. C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\74F0.tmp.vir (Trojan.Krypt) -> No action taken. (end)
  21. Full scan with Malwarebytes showed 12 items, ugh. It was 90min in and still running, so I let it continue overnight. But this morning it looked like Windows update automatically downloaded some updates at 3:19AM and did a reboot and interrupted the scan, so I don't see a malwarebytes report generated since that last quick scan I ran and posted yesterday that seemed to be clean. When I logged in something new asked me permission to run and I denied it. It had a name I didn't recognize. So I started another full scan again at 7AM today (Thur 8/15) and will post the log tonight. We can discuss that before doing our final security checks. Regarding the other computer, some blogs from several month ago talk about video card voltage changes, and some claim a virus that attacks the video card, but I will open a new topic for that later per direction.
  22. It seems to be working great. If you think this task is done, I'd like to run a full scan Malwarebytes, full scan AVG2011 (they're great for removing tracking cookies), and a full scan Super-Anti-Spyware, but the earlier instructions say don't run extra scans until we're done. Those are my feel-good utilities. Is it time for these now? Another side item, may want to open a new topic for it, my other 'working' computer seemed to crap out just this morning. Don't think it's a virus though. The screen started to flicker, I got a box that says the video driver stalled and recovered, that repeated a few times, and then I got blue sceen. After reboot, same thing happened a few times, and now I can't seem to bring the system up even in safe mode. Did my video card up and die today? Time to open a 2nd topic? Thanks for everything, and let me know if you think we've completed. Mike
  23. AdwCleaner[s1]: --------------------------------- # AdwCleaner v2.306 - Logfile created 08/14/2013 at 20:34:02 # Updated 19/07/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (64 bits) # User : Owner - GATEWAY-LAPTOP # Boot Mode : Normal # Running from : C:\Users\Owner\Desktop\adwcleaner v2.306.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16496 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [3458 octets] - [14/08/2013 20:21:10] AdwCleaner[s1].txt - [3116 octets] - [14/08/2013 20:34:02] ########## EOF - C:\AdwCleaner[s1].txt - [3176 octets] ########## jrt.txt --------------------------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.4.5 (08.13.2013:1) OS: Windows Vista Home Premium x64 Ran by Owner on Wed 08/14/2013 at 20:42:32.89 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2D3FF308-244A-4F51-A2BF-564622F9C1EC} Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2D75E8E9-7F30-4477-9302-50724928B300} Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{3CE9B52D-98FF-40A6-B788-D9B994DD7DD6} Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4AD34232-4315-4AA8-A56A-0166B3FA5DE9} Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4E228082-D949-4710-8A61-6EC571B28F71} Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{51A4C48F-E5EC-407D-B8DE-D7B9124D1C6C} Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6EA168E2-D310-4EE8-8CEA-2B03A36A879F} Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6FBCB31C-8984-41A2-9D9A-98FDA8E9C923} Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8FD3B8A3-0A2E-487E-9869-D5EE210454C0} Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9DBCAD16-E5B7-4ECA-A5B3-F3A330D33ECD} Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A96A5507-D608-4513-B3E7-F69C4BE03BF8} Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B57ABAB6-A9B8-4A37-94C0-10324D58D78C} Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{CADD9825-93DA-42D9-9EA9-1F133F362C2E} Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E2D46164-7ACD-4196-9F96-B3A321BF7B6D} Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FF17C52C-7741-4768-AA14-3E9798236FA9} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 08/14/2013 at 20:48:20.35 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ mbam-log-2013-08-14 (20-51-20) --------------------------------- Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.14.03 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Owner :: GATEWAY-LAPTOP [administrator] 8/14/2013 8:51:20 PM mbam-log-2013-08-14 (20-51-20).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 263573 Time elapsed: 5 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  24. AdwCleaner v2.306 ran to completion. Here is the report. # AdwCleaner v2.306 - Logfile created 08/14/2013 at 20:21:10 # Updated 19/07/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (64 bits) # User : Owner - GATEWAY-LAPTOP # Boot Mode : Normal # Running from : C:\Users\Owner\AppData\Local\Temp\Temp1_adwcleaner.zip\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Found : HKU\S-1-5-21-527796589-1831931498-153139764-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKU\S-1-5-21-527796589-1831931498-153139764-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16496 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [3337 octets] - [14/08/2013 20:21:10] ########## EOF - C:\AdwCleaner[R1].txt - [3397 octets] ##########
  25. I'll try that version. I looked in the C:\AdwCleaner directory and saw reports from the stalled runs. Since the first run stalled just before reboot, that report looks complete, so I will include it here, even though the reboot didn't happen. Should I be running this stuff from safe mode, or is regular OK? So does this report tell us what we need? Do I still need to reboot? Should I still run the zipped version from the prior message? AdwCleaner[0]: -------------------- # AdwCleaner v3.000 - Report created14/08/2013at18:54:17 # Updated 13/08/2013 by Xplode # Operating System : Windows Vista Home Premium Service Pack 2 (64 bits) # Username : Owner - GATEWAY-LAPTOP # Running from : C:\Users\Owner\Desktop\adwcleaner.exe ***** [ Services ] ***** ***** [ Files / Folders ] ***** [!] Folder Deleted : C:\ProgramData\AVG Security Toolbar [!] Folder Deleted : C:\Program Files (x86)\Conduit [!] Folder Deleted : C:\Program Files (x86)\Zynga [!] Folder Deleted : C:\Program Files (x86)\Zynga [!] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search [!] Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit [!] Folder Deleted : C:\Users\Owner\AppData\LocalLow\Zynga [!] Folder Deleted : C:\Users\Owner\AppData\LocalLow\Zynga ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\335faa7e-27f8-43e6-b0af-1777fcc76730 Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\47489790-fe7b-4523-976e-90345c2ac603 Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\e1ccf4af-152a-40df-a849-a3b4b5831430 Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\f776144f-d495-4bba-8e57-c40e9175e51d Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\f958346a-6a58-4ff2-9743-cf8fc3f419d1 Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F0FA81DA-7F8F-489A-873D-816A3C7BDC84} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4f78-89AB-DD002F2490EE} Key Deleted : HKLM\SOFTWARE\Classes\AVGRewards.AVGRewardsWorker Key Deleted : HKLM\SOFTWARE\Classes\AVGRewards.AVGRewardsWorker.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6AC2A2B1-1D83-47E5-894F-8F0D87426F64} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6AC2A2B1-1D83-47E5-894F-8F0D87426F64} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6AC2A2B1-1D83-47E5-894F-8F0D87426F64} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B13EC3E-999A-4B70-B9CB-2617B8323822} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B13EC3E-999A-4B70-B9CB-2617B8323822} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B13EC3E-999A-4B70-B9CB-2617B8323822} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7B13EC3E-999A-4B70-B9CB-2617B8323822} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7B13EC3E-999A-4B70-B9CB-2617B8323822}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7B13EC3E-999A-4B70-B9CB-2617B8323822}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7B13EC3E-999A-4B70-B9CB-2617B8323822}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7B13EC3E-999A-4B70-B9CB-2617B8323822}] Key Deleted : HKCU\Software\performersoft llc Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\Savings Sidekick Key Deleted : HKCU\Software\AppDataLow\Software\Zynga Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Zynga Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zynga Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Zynga Toolbar ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16496 [OK] No bad entry found. ************************* AdwCleaner[0].txt - [6566 octets] - [14/08/2013 18:54:17] ########## EOF - C:\AdwCleaner\AdwCleaner[0].txt - [6625 octets] ##########
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.