Security on new Win 7 64 Pro computer

**jholland1964** · 06-07-2012, 09:45 AM

I will always wonder about that counterfeit bleepingcomputer page. I am like the guy who talked with the space aliens. The only visible trace on my computer is a reconstructed IE 9.0 interface.
Incidentally, I installed a free Avira AV after unceasing scoldings coming from the launch bar.

Great minds Ed...I just now came back here to remind you that you had no av program on there.
The "counterfit" bleepingcomputer page, I "think" was a good sign that "things were going to get ugly" and we got things stopped at the right time. I, like you, rarely, if ever have anything found by my scans, that heavens.
I "think" we are finished, but I would like to see a new DDS scan done and the log posted. Just to be absolutely certain there isn't something missed.

By the way, I have Avira print screens if you want to see them for additional set up of scans and updates.

**ed_shaw** · 06-07-2012, 10:24 AM

Yes, I have started a sub folder to record the various configurations. The Avira print screens would go right into it.
By the way, you haven't said anything about a cleaner. I got used to that Cleanup and and the ATF. Are they past tense?
DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Edward Shaw at 9:58:00 on 2012-06-06
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.32664.29648 [GMT -6:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
D:\Programs\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
c:\Program Files (x86)\Hotkey\PowerBiosServer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
D:\Programs\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ms corsvw.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
D:\Programs\Adobe Acrobat 7.0\Distillr\acrotray.exe
D:\Programs\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe
C:\Program Files (x86)\Hotkey\Hotkey.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = https;//www.ixquick.com
uSearch Page = https://www.ixquick.com
uStart Page = https://www.ixquick.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
mWinlogon: Userinit=userinit.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - D:\Programs\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - D:\Programs\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - D:\Programs\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - D:\Programs\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 7.0] "D:\Programs\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
mRun: [Adobe Version Cue CS2] "D:\Programs\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [QuickTime Task] "D:\Programs\QuickTime\QTTask.exe" -atboottime
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\ADOBEA~1.LNK - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\Hotkey.lnk - C:\Program Files (x86)\Hotkey\Hotkey.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\MICROS~1.LNK - D:\Programs\Office\OSA9.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - D:\Programs\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - D:\Programs\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - D:\Programs\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - D:\Programs\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - D:\Programs\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - D:\Programs\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - D:\Programs\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - D:\Programs\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{567BD3D1-608F-4C29-B5D9-D426EC197A09} : DhcpNameServer = 192.168.0.1 205.171.3.25
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programs\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll
BHO-X64: TrueSuite Website Log On - No File
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programs\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programs\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 7.0] "D:\Programs\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
mRun-x64: [Adobe Version Cue CS2] "D:\Programs\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [QuickTime Task] "D:\Programs\QuickTime\QTTask.exe" -atboottime
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Edward Shaw\AppData\Roaming\Mozilla\Firefox\Profiles\z9pb brlw.default\
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: browser.startup.homepage - hxxps://www.ixquick.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_20 2_235.dll
FF - plugin: D:\Programs\Adobe Acrobat 7.0\Acrobat\browser\nppdf32.dll
FF - plugin: D:\Programs\QuickTime\Plugins\npqtplugin.dll
FF - plugin: D:\Programs\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: D:\Programs\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: D:\Programs\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: D:\Programs\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: D:\Programs\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: D:\Programs\QuickTime\Plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpc iflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.s ys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-6-5 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-6-5 110032]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgn tflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 FPLService;TrueSuiteService;C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [2011-11-3 299848]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-22 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-22 161560]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-22 2458944]
R2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-7-9 2932224]
R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2011-2-18 35328]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-5 1153368]
R2 Sentinel64;Sentinel64;C:\Windows\system32\Drivers\ Sentinel64.sys --> C:\Windows\system32\Drivers\Sentinel64.sys [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-22 363800]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\system32\DRIVERS\RtsBaStor.sys --> C:\Windows\system32\DRIVERS\RtsBaStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfi lter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-30 129976]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsus bflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-06 15:25:21 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-06-06 15:25:21 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-06-06 15:25:21 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-06-06 04:22:06 -------- d-----w- C:\Users\Edward Shaw\AppData\Roaming\SUPERAntiSpyware.com
2012-06-06 04:21:35 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-06-06 04:21:35 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-06-06 02:16:15 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-06 02:16:15 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-06 00:34:06 -------- d-----w- C:\Users\Edward Shaw\AppData\Roaming\Avira
2012-06-06 00:28:53 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-06-06 00:28:53 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-06-06 00:28:52 -------- d-----w- C:\ProgramData\Avira
2012-06-06 00:28:52 -------- d-----w- C:\Program Files (x86)\Avira
2012-06-05 22:54:50 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-05 18:20:10 -------- d-----w- C:\Downloads
2012-06-05 18:05:20 -------- d-----w- C:\Users\Edward Shaw\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-06-05 16:21:10 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-06-05 16:19:45 -------- d-----w- C:\ProgramData\Anti-phishing Domain Advisor
2012-06-05 16:19:29 -------- d-----w- C:\Users\Edward Shaw\AppData\Local\Google
2012-06-05 16:18:51 -------- d-----w- C:\ProgramData\blekko toolbars
2012-06-05 15:54:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-06-05 15:54:50 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-06-05 15:54:50 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-06-05 15:54:50 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-06-05 15:54:50 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-06-05 15:54:50 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-06-05 15:54:50 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-06-05 13:08:48 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2012-06-05 13:08:48 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-06-05 13:08:48 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-06-05 13:08:48 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-06-05 13:08:48 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2012-06-05 13:08:48 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-06-05 13:08:48 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2012-06-05 13:08:48 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2012-06-05 13:08:48 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2012-06-05 13:08:48 100864 ----a-w- C:\Windows\System32\fontsub.dll
2012-06-05 13:03:20 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-06-05 13:03:18 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AC39B827-6AF8-4204-BF91-C39AFBD206D9}\mpengine.dll
2012-06-04 23:34:30 -------- d-----w- C:\Windows\Panther
2012-06-04 23:31:20 -------- d--h--w- C:\$WINDOWS.~Q
2012-06-04 23:30:46 -------- d--h--w- C:\$INPLACE.~TR
2012-06-04 23:21:40 1560168 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2012-06-04 21:47:37 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-04 21:47:37 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-04 21:47:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-04 21:47:31 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-06-04 21:47:31 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-06-04 21:47:31 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-04 21:47:31 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-06-04 21:35:55 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-06-04 21:35:53 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-06-04 21:35:53 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-06-04 21:35:36 -------- d-----w- C:\Windows\SysWow64\RTCOM
2012-06-04 21:35:36 -------- d-----w- C:\Program Files\Realtek
2012-06-04 21:35:33 -------- d-----w- C:\Program Files\Synaptics
2012-06-01 13:53:35 16152 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys
2012-06-01 13:53:28 356120 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys
2012-06-01 13:53:27 787736 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys
2012-06-01 13:50:36 9888872 ----a-w- C:\Windows\SysWow64\RtsBaStorIcon.dll
2012-06-01 13:50:36 292968 ----a-r- C:\Windows\System32\drivers\RtsBaStor.sys
2012-06-01 13

37 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\iKernel.dll
2012-06-01 13

37 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\ctor.dll
2012-06-01 13

37 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\ISBEW64.exe
2012-06-01 13

37 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\iscript.dll
2012-06-01 13

37 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\iuser.dll
2012-06-01 13

36 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\setup.dll
2012-06-01 13

36 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\iGdi.dll
2012-06-01 13:04:49 -------- d-----w- C:\ProgramData\Downloaded Installations
2012-06-01 04:28:11 -------- d-----w- C:\Users\Edward Shaw\AppData\Local\ElevatedDiagnostics
2012-05-30 14:34:09 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-30 13:47:02 -------- d-----w- C:\Users\Edward Shaw\AppData\Local\Diagnostics
2012-05-29 14:10:37 -------- d-----w- C:\Windows\System32\appmgmt
2012-05-29 00:09:50 -------- d-----w- C:\Users\Edward Shaw\AppData\Local\Apple Computer
2012-05-27 14:16:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-27 14:16:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-27 14:16:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-27 14:16:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-27 14:16:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-27 14:16:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-27 14:16:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-27 14:16:02 -------- d-----w- C:\Users\Edward Shaw\AppData\Local\Apple
2012-05-27 13:44:34 -------- d-----w- C:\Windows\SysWow64\Wat
2012-05-27 13:44:34 -------- d-----w- C:\Windows\System32\Wat
2012-05-27 13:24:22 -------- d-----w- C:\Users\Edward Shaw\AppData\Local\Sony
2012-05-27 13:22:55 -------- d-----w- C:\Program Files (x86)\Sony
2012-05-27 12:16:08 -------- d-----w- C:\Users\Edward Shaw\AppData\Roaming\Avid Technology
2012-05-27 12:15:04 53248 ----a-r- C:\Users\Edward Shaw\AppData\Roaming\Microsoft\Installer\{12E59A19-9883-4BEC-961F-AE95CD454C10}\ARPPRODUCTICON.exe
2012-05-27 12:13:41 53248 ----a-r- C:\Users\Edward Shaw\AppData\Roaming\Microsoft\Installer\{A876EBF9-9046-4953-888D-8A60B8777027}\ARPPRODUCTICON.exe
2012-05-27 12:03:21 -------- d-----w- C:\Users\Edward Shaw\AppData\Roaming\Avid
2012-05-27 12:02:09 -------- d-----w- C:\Users\Edward Shaw\AppData\Roaming\PACE Anti-Piracy
2012-05-27 12:02:09 -------- d-----w- C:\Users\Edward Shaw\AppData\Local\PACE Anti-Piracy
2012-05-27 12:02:09 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
2012-05-27 12:01:57 -------- d-----w- C:\Users\Edward Shaw\AppData\Roaming\NVIDIA
2012-05-27 03:41:22 -------- d-----w- C:\Users\Edward Shaw\AppData\Local\Mozilla
2012-05-27 01:45:19 -------- d-----w- C:\Users\Edward Shaw\AppData\Roaming\Malwarebytes
2012-05-27 01:45:13 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-27 01:45:12 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-27 01:45:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-27 00:56:13 -------- d-----w- C:\ProgramData\Avid
2012-05-27 00:42:26 -------- d-----w- C:\Program Files (x86)\Common Files\Digidesign
2012-05-27 00:42:10 -------- d-----w- C:\Program Files (x86)\Common Files\Avid
2012-05-27 00:41:35 -------- d-----w- C:\ProgramData\PACE
2012-05-27 00:41:34 -------- d-----w- C:\Program Files (x86)\Common Files\PACE
2012-05-27 00:40:23 142120 ----a-w- C:\Windows\System32\drivers\sentinel64.sys
2012-05-27 00:40:22 -------- d-----w- C:\Program Files (x86)\Common Files\SafeNet Sentinel
2012-05-27 00:40:18 -------- d-----w- C:\Windows\Downloaded Installations
2012-05-27 00:40:01 -------- d-----w- C:\Users\Edward Shaw\AppData\Local\{6448F0A6-6813-11D6-A77B-00B0D0160060}
2012-05-27 00:36:03 -------- d-----w- C:\Program Files (x86)\Licenses
2012-05-27 00:35:42 -------- d-----w- C:\Program Files (x86)\Avid
2012-05-27 00:11:42 -------- d-----w- C:\ProgramData\AVAST Software
2012-05-27 00:11:42 -------- d-----w- C:\Program Files\AVAST Software
2012-05-26 19:51:21 -------- d-----w- C:\Windows\Msagent
2012-05-26 19:21:39 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-26 19:21:39 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-26 17:44:03 -------- d-----w- C:\Users\Edward Shaw\AppData\Local\Opera
2012-05-26 17:44:02 -------- d-----w- C:\Program Files (x86)\Opera Next
2012-05-26 16:54:31 -------- d--h--w- C:\Windows\msdownld.tmp
2012-05-26 05:38:00 -------- d-----w- C:\Users\Edward Shaw\AppData\Local\Adobe
2012-05-26 05:33:22 -------- d-----w- C:\Windows\SysWow64\spool
2012-05-26 05:29:28 16384 ----a-w- C:\Windows\SysWow64\FileOps.exe
2012-05-26 05:29:28 -------- d-----w- C:\Windows\SysWow64\Adobe
2012-05-26 05:21:35 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe Systems Shared
2012-05-26 03:42:35 -------- d-----w- C:\Users\Edward Shaw\AppData\Local\AuthenTec
2012-05-26 03:40:19 -------- d-----w- C:\Users\Edward Shaw\AppData\Roaming\KeepSafe
2012-05-26 03:40:19 -------- d-----w- C:\Users\Edward Shaw\AppData\Roaming\Intel Corporation
2012-05-26 03:40:09 -------- d-----w- C:\Users\Edward Shaw\AppData\Local\VirtualStore
2012-05-26 03:40:08 -------- d-sh--w- C:\Recovery
2012-05-22 16:41:10 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2012-05-22 16:39:08 -------- d-----w- C:\Windows\SysWow64\NV
2012-05-22 16:39:08 -------- d-----w- C:\Windows\System32\NV
2012-05-22 16:24:52 -------- d-----w- C:\Program Files (x86)\Common Files\Atheros
2012-05-22 16:24:52 -------- d-----w- C:\Program Files (x86)\Bluetooth Suite
2012-05-22 16:24:33 2228736 ----a-w- C:\Windows\System32\athrx.sys
2012-05-22 16:24:33 -------- d-----w- C:\Program Files (x86)\Atheros
2012-05-22 16:24:30 -------- d-----w- C:\ProgramData\Atheros
2012-05-22 15:46:00 -------- d-----w- C:\Program Files\Common Files\Intel
2012-05-22 15:46:00 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2012-05-22 15:44:57 -------- d-sh--w- C:\Windows\Installer
2012-05-22 15:44:57 -------- d-----w- C:\Program Files (x86)\Hotkey
2012-05-22 15:44:29 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-05-22 15:44:29 677480 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-05-22 15:44:29 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-05-22 15:44:17 -------- d-----w- C:\Program Files (x86)\Realtek
2012-05-22 15:44:16 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps. dll
2012-05-22 15:44:16 1698408 ----a-r- C:\Windows\RtlExUpd.dll
2012-05-22 15:44:16 -------- d--h--w- C:\Program Files (x86)\Temp
2012-05-22 15:44:06 -------- d-----w- C:\Intel
2012-05-21 23:12:23 221480 ----a-w- C:\Windows\System32\SynTPAPI.dll
2012-05-21 23:12:23 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
2012-05-21 23:12:23 1393200 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2012-05-21 23:12:23 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2012-05-21 23:12:22 400168 ----a-w- C:\Windows\System32\SynCOM.dll
2012-05-21 23:12:22 272168 ----a-w- C:\Windows\System32\SynCtrl.dll
2012-05-21 23:12:22 218408 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2012-05-21 23:12:22 173352 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2012-05-21 23:11:56 60184 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2012-05-21 23:10:50 -------- d---a-w- C:\Drivers
.
==================== Find3M ====================
.
2012-04-19 02:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 02:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-27 02:25:18 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2712.dll
2012-03-27 00:33:34 52736 ----a-w- C:\Windows\System32\OpenCL.dll
2012-03-27 00:33:34 51200 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-03-27 00:33:28 94208 ----a-w- C:\Windows\System32\IccLibDll_x64.dll
2012-03-27 00:33:28 524800 ----a-w- C:\Windows\System32\iglhsip64.dll
2012-03-27 00:33:28 519680 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
2012-03-27 00:33:28 2967040 ----a-w- C:\Windows\System32\igfxcmjit64.dll
2012-03-27 00:33:28 237056 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2012-03-27 00:33:28 2321408 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
2012-03-27 00:33:28 213504 ----a-w- C:\Windows\System32\iglhcp64.dll
2012-03-27 00:33:28 193024 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2012-03-27 00:33:28 177152 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
2012-03-20 05:44:20 5888792 ----a-w- C:\Windows\System32\GfxUI.exe
2012-03-20 05:44:20 509720 ----a-w- C:\Windows\System32\igfxsrvc.exe
2012-03-20 05:44:20 439064 ----a-w- C:\Windows\System32\igfxpers.exe
2012-03-20 05:44:20 398616 ----a-w- C:\Windows\System32\hkcmd.exe
2012-03-20 05:44:20 276248 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
2012-03-20 05:44:20 250136 ----a-w- C:\Windows\System32\igfxext.exe
2012-03-20 05:44:20 184600 ----a-w- C:\Windows\System32\difx64.exe
2012-03-20 05:44:20 170264 ----a-w- C:\Windows\System32\igfxtray.exe
2012-03-20 05:42:08 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2696.dll
2012-03-20 05:37:12 755188 ----a-w- C:\Windows\SysWow64\igkrng700.bin
2012-03-20 05:37:12 755188 ----a-w- C:\Windows\System32\igkrng700.bin
2012-03-20 05:37:12 561508 ----a-w- C:\Windows\SysWow64\igfcg700m.bin
2012-03-20 05:37:12 561508 ----a-w- C:\Windows\System32\igfcg700m.bin
2012-03-20 05:32:04 14745600 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2012-03-20 05:31:56 8087040 ----a-w- C:\Windows\System32\igdumd64.dll
2012-03-20 05:31:14 79360 ----a-w- C:\Windows\System32\igdde64.dll
2012-03-20 05:26:56 6120960 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2012-03-20 05:25:58 58880 ----a-w- C:\Windows\SysWow64\igdde32.dll
2012-03-20 05:22:10 9605632 ----a-w- C:\Windows\System32\igd10umd64.dll
2012-03-20 05:11:38 7795200 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2012-03-20 05:03:34 3749888 ----a-w- C:\Windows\System32\igdbcl64.dll
2012-03-20 05:03:32 591872 ----a-w- C:\Windows\System32\igdrcl64.dll
2012-03-20 05:03:30 236544 ----a-w- C:\Windows\System32\IntelOpenCL64.dll
2012-03-20 05:00:46 518144 ----a-w- C:\Windows\SysWow64\igdrcl32.dll
2012-03-20 05:00:32 2866688 ----a-w- C:\Windows\SysWow64\igdbcl32.dll
2012-03-20 05:00:28 188416 ----a-w- C:\Windows\SysWow64\IntelOpenCL32.dll
2012-03-20 04:55:04 28992000 ----a-w- C:\Windows\System32\igdfcl64.dll
2012-03-20 04:43:16 23460864 ----a-w- C:\Windows\SysWow64\igdfcl32.dll
2012-03-20 04:33:42 17226240 ----a-w- C:\Windows\System32\ig7icd64.dll
2012-03-20 04:23:38 13024256 ----a-w- C:\Windows\SysWow64\ig7icd32.dll
2012-03-20 04:17:56 28672 ----a-w- C:\Windows\System32\igfxexps.dll
2012-03-20 04:17:46 63488 ----a-w- C:\Windows\System32\igfxsrvc.dll
2012-03-20 04:17:22 110592 ----a-w- C:\Windows\System32\hccutils.dll
2012-03-20 04:17:14 9216 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2012-03-20 04:17:14 434688 ----a-w- C:\Windows\System32\igfxdev.dll
2012-03-20 04:17:14 172032 ----a-w- C:\Windows\System32\gfxSrvc.dll
2012-03-20 04:16:40 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc
2012-03-20 04:16:38 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2012-03-20 04:16:36 9007616 ----a-w- C:\Windows\System32\igfxress.dll
2012-03-20 04:12:06 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2012-03-20 04:11:22 325120 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 9:58:09.82 ===============

**jholland1964** · 06-07-2012, 10:29 AM

Looks 100% better that is for sure. Much more "normal" looking than that previous DDS scan. I think really we caught things "right on the edge" of going "ballistic".
Post the Attach.txt log, then I will have a couple suggestions, including a cleaner and a program to control unnecessary auto starts, and you do have a few there. ATF has gone by the wayside really. Good program for the older systems but not as good for 7.

**ed_shaw** · 06-07-2012, 10:56 AM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/4/2012 3:46:09 PM
System Uptime: 6/6/2012 9:28:07 AM (1 hours ago)
.
Motherboard: CLEVO | | P170EM
Processor: Intel(R) Core(TM) i7-3920XM CPU @ 2.90GHz | SOCKET 0 | 3101/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 167 GiB total, 82.339 GiB free.
D: is FIXED (NTFS) - 699 GiB total, 676.667 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 699 GiB total, 681.876 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Bluetooth Module
Device ID: USB\VID_13D3&PID_3304\5&C580294&0&4
Manufacturer: Atheros Communications
Name: Bluetooth Module
PNP Device ID: USB\VID_13D3&PID_3304\5&C580294&0&4
Service: BTHUSB
.
==== System Restore Points ===================
.
RP3: 6/4/2012 3:47:26 PM - Windows Update
RP4: 6/4/2012 3:47:39 PM - Windows Update
RP5: 6/4/2012 4:01:04 PM - Installed Realtek Ethernet Controller Driver
RP6: 6/4/2012 4:02:02 PM - Installed Realtek PCIE Card Reader
RP7: 6/4/2012 7:32:40 PM - Removed Avid FilmScribe.
RP8: 6/5/2012 9:40:07 AM - Installed HiJackThis
RP9: 6/5/2012 9:45:49 AM - Removed HiJackThis
RP10: 6/5/2012 9:54:27 AM - Windows Update
RP11: 6/5/2012 10:26:53 AM - Windows Update
RP12: 6/5/2012 11:57:43 AM - avast! Internet Security Setup
RP13: 6/5/2012 7:47:22 PM - Windows Update
RP14: 6/5/2012 7:50:41 PM - Windows Update
RP15: 6/6/2012 9

18 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Acrobat 7.0 Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
Anti-phishing Domain Advisor
Apple Application Support
Apple Software Update
Atheros Client Installation Program
Avid Codecs LE
Avid EDL Manager
Avid FilmScribe
Avid License Control
Avid Log Exchange
Avid MediaLog
Avid MetaFuze
Avira Free Antivirus
ESET Online Scanner v3
Hotkey 6.0045
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
License Support
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
NVIDIA PhysX
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sentinel Protection Installer 7.4.0
Spybot - Search & Destroy
Suite Specific
THX TruStudio Pro
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Visual C++ 64-bit Redistributables
Visual C++ Redistributables
XDCAM EX Clip Browser
.
==== Event Viewer Messages From Past Week ========
.
6/6/2012 9:28:22 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor
6/5/2012 7:58:50 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
6/5/2012 4:08:35 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
6/5/2012 10:46:33 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8800405cb00, 0xfffff88007517b50, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060512-17425-01.
6/5/2012 10:15:51 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2632503).
6/5/2012 10:15:51 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).
6/5/2012 10:15:51 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2544521).
6/5/2012 10:13:06 AM, Error: Service Control Manager [7023] -
6/4/2012 5:46:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom iaStor
6/4/2012 5:18:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
6/4/2012 4:34:26 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The service has not been started.
6/1/2012 7:32:22 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
5/31/2012 9:33:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000020, 0xfffffa800903a630, 0xfffffa800903ae30, 0x0000000004809bb0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 053112-18423-01.
5/31/2012 10:30:45 PM, Error: Microsoft-Windows-SharedAccess_NAT [30009] - The DHCP allocator encountered a network error while attempting to reply on IP address 0.0.0.0 to a request from a client. The data is the error code.
5/30/2012 11:15:41 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
5/30/2012 11:13:22 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nvsvc service.
.
==== End Of File ===========================

**jholland1964** · 06-07-2012, 11:12 AM

The Blekko deal is still listed as the default search in Firefox, though the toolbar HAS BEEN removed. But you need to change the setting in Firefox this way:

In the Address Bar of Firefox type; about:config
Hit enter.
You will get their "crazy warning" about "voiding your warranty"...hit the "I'll Be Careful" button.
When about:config opens you will see a box labeled Search
In that box type the following:

browser.search.defaultengine

when that opens up you can either Right Click and choose Modify or double click. Either way a box comes up where you then type in the default search engine you want to use. Once you have that new name in there click OK.

Then you can just close out about:config.

A question, Do you actually use Adobe Acrobat Professional or was it installed for you by the "techs" when they installed other things?

Also, what did you decide about this, Sentinel Protection Installer 7.4.0 ? did you put it on the computer or did somebody else, or is it connected to one of the other programs you use that I don't really know anything about?

**ed_shaw** · 06-07-2012, 11:43 AM

Sure enough, there was Blekko. I don't think these guys are novices. Changed it to ixquick. Hope it sticks. Might have to demolish IE9.0. Hate to do that.
Acrobat professional comes along with Adobe CSS 2.0. If I recall, it allows .pdf editing seamless with InDesign (hi-end desktop publishing) Are you seeing a problem. I may have updated it. Adobe updates sometimes go on my machine as an unconscious gesture.
I do save .pdf files quite often. Could get by with the reader if you suggest. Rarely if ever use the pro features.
As for Sentinal, that was not my doing. I've been around the block with the protection scam. Never heard of it. Main thing is I can't find it to uninstall it. I'll look again. If I type it in under Search Explorer, no results. I've been looking for it since you noticed it.
Have no idea.

**ed_shaw** · 06-07-2012, 11:50 AM

OK..I found the Sentinal using uninstall. It is there, plain as day. Don't know why I couldn't see it.
I'll find out what it does and get rid of it. Thanks for noticing that.

**jholland1964** · 06-07-2012, 12:19 PM

You can't "demolish" IE 9....it is an intergral part of the operating system, entertwined with many, many other operating system files, do too much to it and you can damage other key files. You don't have to use it, except for a few web sites where it IS required, MS Updates for one. But otherwise it doesn't have to be used.

If you don't actually use Adobe Acrobat, except for reading then I would dump it in favor of
Foxit Reader

http://www.foxitsoftware.com/downloads/

That is what I use and have used for quite a few years. It's free of course.

Since Windows search results in no Sentinel files then it's likely a dead listing showing, don't worry about it. The only place it shows at all is in the Installed File listing in Attach log.

I noticed in the Installed programs that this time there was NO SpywareBlaster listed, did you uninstall it? Now before Avira is installed it does now give a warning of possible conflicts with some security programs and this is ONLY an alert, SpywareBlaster is one of those always listed, but it absolutely DOES NOT interfere with any other program on the computer because it does NOT run in the background. So this may be when you uninstalled it.

It truly is an absolute MUST in maintaining security. I absolutely refuse to run a computer without having it installed, updated and all protection enabled.

Put it back on there, install, update, enable ALL protection and close the program. Manually check for updates every couple weeks and if new ones are available, install them, enable all protection and close the program.

You can get it from Majorgeeks

http://www.majorgeeks.com/downloadge...7615f4682b4cef

To clean up temps, cookies, etc. I recommend CCleaner.

http://www.piriform.com/ccleaner/download/standard

I will give you print screens of the correct configuration of CCleaner in a bit.

There are at least two Firefox Addons that I strongly recommend you use:
First is Web Of Trust (WOT) this gives a visible warning and has the capability of Blocking very risky web sites.

https://addons.mozilla.org/en-US/fir...browsing-tool/

Second one is AdBlockPlus, which actually blocks ads on web pages for you, you won't even see them at all. Gives you that added protection against "errant clicking"

http://adblockplus.org/en/

It DOES work with Firefox 13, I have it on mine, which was released yesterday and is super fast by the way.

Also download CodeStuff Starter to help control unneeded auto starts. I will give you the list of unnecessary programs you have autostarting in another post as soon as I am finished going through your list with instructions how to use the program.

http://www.snapfiles.com/get/starter.html

I will have to put the print screens of CCleaner and Avira configurations in an email. Too many to upload here.

**ed_shaw** · 06-07-2012, 01:02 PM

Thanks for those and that, Judy. I might have done something rash --- no, if anything, I'll get MS to reinstate IE. Later, though.

Those are all good recommendations, which I will follow.

I did uninstall Acrobat Reader. Prior to that, SuperAnti Spy found the White-Gen infection on it, either again or the original one that was never removed. Also, removed the Sentinal Setup and the TruStudio, a free audio program that came from who knows where. Maybe to enhance the
work day of the tech who "dialed in" the computer. This has to do with understanding that somewhere along the line, stuff got put on that I never ordered. How about that?

Anyway, both are gone. Before I go for the mirror phase, I'll run through the scans again after installing the recent items.
Yes, Spyware Blaster is gone. I moved the shortcut into a subfolder holding all the spyware-malware info and programs, and it is dead.i just checked it. Gone to who knows where. I'll reinstall right now. Could have been the Alvira talking.

**jholland1964** · 06-07-2012, 03:13 PM

I'll get MS to reinstate IE. Later, though.

I hope SOONER rather than later. You don't have to USE IE to surf the net, go ahead and make Firefox your Default browser.
To explain why it's a BAD idea to do too much to IE further;
The first job of Internet Explorer, like most web browsers, is to display HTML encoded web pages. But not just web pages that are encoded in HTML these days. Many applications use HTML as part of their user interface, their documentation, or their online help system.

The core HTML rendering engine in Internet Explorer is actually functionality used and provided by Windows for other many other applications to use and not just Microsoft applications either, many 3rd party programs also use those files.
Do too much to IE or, as you said earlier, "demolish" IE and you can really have a very bad effect on many other Windows Features AND many other programs that are used on the computer. One thing it can cause is the continual loss of some default settings even though you reset them time and time again.
As I said, you don't physically have to use IE, but then all you do is don't use it, period. BUT, you MUST also always take any updates released that have to do with IE Security because those updates often also will also boost security for other parts of the Windows system. So even if you do not use IE, ALWAYS take the security updates you don't need to take the version-to-version updates until something else forces the issue, it's important to continue to take Internet Explorer security updates even if you don't use more than once a year Internet Explorer. I guarantee you that WILL happen, when you least expect it and it is always on a web site where you absolutely must go, that never fails.
That is ALL I do with IE. I don't use it but I keep it up to date. Occasionally a web site will demand that you only use IE, those these are getting fewer and farther between, but there are some so you absolutely DO need to keep it and keep it up to date.

Now, presuming you installed the CodeStuff Starter program, if not, do.
Then open the program. You will see three Tabs:
Startups, Processes, Services.
Startups are the Programs that auto start, Processes is just like the Task Manager, only it shows you more, Services are...well the services that run of course.
The tab you want it Start ups.
On the Far Left, click at the top where it says All Sections. This will then allow you to see ALL programs that start up on the computer when you start it up.

In the window to the right of that you will show you the programs by name, with boxes next to them, some with check marks.

Take the check marks out of these only, since you removed the Adobe Acrobat those may not be listed and if they aren't that's fine but if they are then take the check mars out of those noted below:

Acrobat Assistant 7.0
Adobe Version Cue CS2
QuickTime Task
UpdReg
OSA9.EXE
Adobe Gamma Loader.exe
SC_Acrobat.exe

After you have removed the check marks then close the program and reboot the computer. That's it.

Be sure you have turned the Windows Firewall ON...also be sure you have Windows Updates to Check for updates and notify you if there are ones available but let you decide to install the ones you want. I prefer this so that I know WHEN it's updating and what it is putting on there. Windows normally releases updates on or around the 2nd Tuesday of each month.

Since you are new to Windows 7 and it IS somewhat different here are some good sites to find info on the new system. I began using these when I got my Windows 7 computer last year. Lots of good information.

http://www.howtogeek.com/tag/windows...ning-windows-7

http://www.w7forums.com/windows-7-articles-f14.html

http://www.sevenforums.com/#windows-7-help-support

Here are the CCleaner print screens, pretty self-explanatory though you also need to click on the Applications Tab and put a check mark in Firefox Internet Cache.
Will email Avira ones

Thread: Security on new Win 7 64 Pro computer

Thread Tools

Display

Thread Information

Users Browsing this Thread

Posting Permissions