-
March 9th, 2013, 08:42 PM
#1
[RESOLVED] PROBLEM with TFC by oldtimer
i just used it on a windows7 and it froze it up. i was also using it at the same time on a vista.
that one froze up also. it crashed windows explorer. i had to do a 'hard restart' on both.[hold down the power button].
on a win7 last week it worked just fine. i dl'd it from geekstogo...
what a problemo! it used work real good.....now it's corrupted ?
i am starting the required scans on the win7 to be sure it's clean.
i giving this to my customer next week so it has to be right
TIA
.
Last edited by nlday; March 9th, 2013 at 08:49 PM.
Reason: clarify situation
the more you make...
the more they take.
-
March 9th, 2013, 09:26 PM
#2
here's my mbam...
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.09.13
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
GEO :: DELL7-PC [administrator]
3/9/2013 6:24:56 PM
mbam-log-2013-03-09 (18-24-56).txt
Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 339376
Time elapsed: 28 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
here's the aswMBR...
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-09 19:02:52
-----------------------------
19:02:52.750 OS Version: Windows x64 6.1.7601 Service Pack 1
19:02:52.750 Number of processors: 2 586 0x170A
19:02:52.750 ComputerName: DELL7-PC UserName: GEO
19:02:55.761 Initialize success
19:02:56.495 AVAST engine defs: 13030901
19:03:19.458 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:03:19.458 Disk 0 Vendor: ST3320418AS CC46 Size: 305245MB BusType: 3
19:03:19.473 Disk 0 MBR read successfully
19:03:19.473 Disk 0 MBR scan
19:03:19.473 Disk 0 Windows VISTA default MBR code
19:03:19.473 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
19:03:19.489 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 13118 MB offset 81920
19:03:19.505 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 292086 MB offset 26947584
19:03:19.505 Disk 0 scanning C:\Windows\system32\drivers
19:03:30.144 Service scanning
19:03:44.839 Modules scanning
19:03:44.839 Disk 0 trace - called modules:
19:03:44.886 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:03:44.917 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800336f2d0]
19:03:44.917 3 CLASSPNP.SYS[fffff880018d343f] -> nt!IofCallDriver -> [0xfffffa8002ee0520]
19:03:44.933 5 ACPI.sys[fffff88000fa67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002ef6060]
19:03:51.407 AVAST engine scan C:\Windows
19:03:58.754 AVAST engine scan C:\Windows\system32
19:06:19.435 AVAST engine scan C:\Windows\system32\drivers
19:06:32.056 AVAST engine scan C:\Users\GEO
19:07:13.162 AVAST engine scan C:\ProgramData
19:07:53.098 Scan finished successfully
19:14:18.122 Disk 0 MBR has been saved successfully to "C:\Users\GEO\Desktop\MBR.dat"
19:14:18.122 The log file has been saved successfully to "C:\Users\GEO\Desktop\aswMBR.txt"
the more you make...
the more they take.
-
March 9th, 2013, 09:29 PM
#3
here's the dds.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.17.2
Run by GEO at 19:17:25 on 2013-03-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3037.1266 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_service.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\GEEK SQUAD UPS\ppped.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_comm_customer.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_system_customer.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_user_customer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\GEEK SQUAD UPS\pppeuser.exe
C:\Program Files (x86)\Dell\ErrorApp\dkab1err.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [PowerPanel Personal Edition User Interaction] "C:\Program Files (x86)\GEEK SQUAD UPS\pppeuser.exe"
uRun: [DKab1err] "C:\Program Files (x86)\Dell\ErrorApp\DKab1err.exe"
uRun: [DKADGmon] "C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DKADGmon] "C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.10.1
TCP: Interfaces\{D60E6F7F-5BF9-4170-BB3E-75223501CECD} : DHCPNameServer = 192.168.10.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe
x64-Run: [DKADGmon] "C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe"
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist Express Customer - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_winlogonx64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\GEO\AppData\Roaming\Mozilla\Firefox\Profiles\qt6and8n.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.thefreedictionary.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-8 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-8 178624]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-9 55280]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-12 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-3-12 377920]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-3-12 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-3-12 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-8 45248]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_service.exe [2013-3-8 611400]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-9 13336]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-9 689472]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-12-9 138752]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-12 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-18 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-03-09 17:29:11 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E94AAB00-CA38-4897-8DE2-DD2F860A9D67}\offreg.dll
2013-03-09 03:13:23 173128 ----a-w- C:\Windows\System32\g2ax_credential_provider64_498.dll
2013-03-08 20:30:50 -------- d-----w- C:\Users\GEO\AppData\Local\Adobe
2013-03-08 19:28:20 -------- d-----w- C:\ProgramData\dl_CATS
2013-03-08 19:02:18 230912 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\DKADGQ4C.DLL
2013-03-08 19:01:55 230912 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\DKFX1N4C.DLL
2013-03-08 19:01:21 421888 ----a-w- C:\Windows\SysWow64\lexlog.dll
2013-03-08 19:01:20 836096 ----a-w- C:\Windows\System32\lexlog.dll
2013-03-08 19:00:32 -------- d-----w- C:\Users\GEO\AppData\Local\ABBYY
2013-03-08 19:00:15 -------- d-----w- C:\ProgramData\ABBYY
2013-03-08 19:00:15 -------- d-----w- C:\Program Files (x86)\Common Files\ABBYY
2013-03-08 19:00:15 -------- d-----w- C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
2013-03-08 18:59:00 -------- d-----w- C:\ProgramData\gn_Logs
2013-03-08 18:57:39 -------- d-----w- C:\Program Files (x86)\Dell V520 Series
2013-03-08 18:56:55 -------- d-----w- C:\Program Files\Dell V520 Series
2013-03-08 18:55:09 -------- d-----w- C:\ProgramData\ADG
2013-03-08 17:27:27 -------- d-----w- C:\ProgramData\Licenses
2013-03-08 17:27:24 129872 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2013-03-08 17:27:24 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2013-03-08 17:27:23 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2013-03-08 16:11:59 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-03-08 16:11:58 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-03-08 15:54:35 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-08 15:30:08 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E94AAB00-CA38-4897-8DE2-DD2F860A9D67}\mpengine.dll
2013-02-22 19:15:02 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-22 19:15:02 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-22 19:12:59 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-22 19:12:57 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-22 19:12:56 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-22 19:12:55 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-22 19:12:50 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-22 19:12:49 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-22 19:12:49 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-22 19:12:48 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-22 19:12:48 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-22 19:12:45 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-22 19:12:13 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-22 19:12:12 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-22 18:58:15 -------- d-----w- C:\Users\GEO\AppData\Roaming\Malwarebytes
2013-02-22 18:58:01 -------- d-----w- C:\ProgramData\Malwarebytes
2013-02-22 18:58:00 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-02-22 18:58:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-22 18:57:37 -------- d-----w- C:\Users\GEO\AppData\Local\Programs
2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2013-03-08 15:54:30 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-08 15:54:30 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-08 15:36:37 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-08 15:36:37 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-06 23:33:21 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-03-06 23:33:21 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-03-06 23:33:20 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-06 23:32:51 41664 ----a-w- C:\Windows\avastSS.scr
2013-01-17 07:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
.
============= FINISH: 19:17:50.38 ===============
here's the attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/18/2010 3:50:02 PM
System Uptime: 3/9/2013 6:21:28 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 018D1Y
Processor: Pentium(R) Dual-Core CPU E5700 @ 3.00GHz | CPU 1 | 3003/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 245.684 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP56: 1/12/2013 2:41:40 PM - Installed GEEK SQUAD POWER MANAGEMENT
RP57: 1/13/2013 6:30:49 PM - Windows Update
RP58: 1/19/2013 2:35:21 PM - Windows Update
RP59: 2/22/2013 1:13:12 PM - Windows Update
RP60: 3/8/2013 9:28:35 AM - Windows Update
RP61: 3/8/2013 9:54:01 AM - Installed Java 7 Update 17
RP62: 3/8/2013 10:42:38 AM - Removed HP Update
RP63: 3/8/2013 10:43:52 AM - Removed Java(TM) 6 Update 31
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
ABBYY FineReader 9.0 Sprint
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
avast! Free Antivirus
Classic Shell
Consumer In-Home Service Agreement
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell V520 Series Uninstaller
GEEK SQUAD POWER MANAGEMENT
GoToAssist Customer 1.6.0.498
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
Internet Explorer
Java 7 Update 17
Java Auto Updater
Junk Mail filter update
Malwarebytes Anti-Malware version 1.70.0.1100
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Realtek High Definition Audio Driver
Roxio Burn
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Skype Toolbars
Skype™ 6.0
SpywareBlaster 5.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
3/9/2013 6:22:21 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
3/9/2013 5:54:35 PM, Error: Service Control Manager [7034] - The Dock Login Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
the more you make...
the more they take.
-
March 9th, 2013, 11:19 PM
#4
Are you having any particular issues except for TFC problem?
See if you can run TFC from safe mode.
-
March 9th, 2013, 11:59 PM
#5
i have no noticeable problem so far, but hasn't been too long since it crashed. i will get to trying it with safe mode tom. it's getting late here. is possible that a malware could have infiltrated into TFC ? crashes... happened on 2 different computers, dl's within minutes of each other ? i am skeptical and paranoid about it. so will do the drill..all the other sscans if necessary.
the more you make...
the more they take.
-
March 10th, 2013, 12:25 AM
#6
Let me know if it runs OK from safe mode first.
-
March 10th, 2013, 10:02 AM
#7
the more you make...
the more they take.
-
March 10th, 2013, 10:52 AM
#8
yay... on the win7--- it worked like it's supposed to in safe mode. i dl'd it from itx instead of geekstogo.
last evening it did not black out the desktop, it froze the 'puter, .ctrl-alt-delete did not work, or any other commands to get out of it.
on my own 'puter[the vista]....it blacked out the desktop,and the TFC box dissapeared,
mouse and keyboard function was gone...had to do the hard restart.
it hapened on 2 at the same time...coincidence or something worse?
Last edited by nlday; March 10th, 2013 at 11:47 AM.
the more you make...
the more they take.
-
March 10th, 2013, 01:41 PM
#9
I've seen this happening before.
Download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Unselect Cookies.
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Unselect Cookies.
Click the Empty Selected button.
If you use Opera browser
Click Opera at the top and choose: Select All
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Unselect Cookies.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
-
March 10th, 2013, 02:09 PM
#10
I, also have seen it happen. Vista was the OS. Ley vista do the repair and all has been fine since then. Just my experience.
-
March 10th, 2013, 02:39 PM
#11
ok. i did the ATF, on the main tab it removed 47mb's.
there were none removed from firefox..?
none left in firefox, because TFC removed them ?
the more you make...
the more they take.
-
March 10th, 2013, 02:42 PM
#12
See if TFC will run now, normal or safe mode.
-
March 10th, 2013, 02:46 PM
#13
i'm just checking the win 7. it did work in safe mode,b4. ATF
so now will do TFC normal mode. crossin all fingers.
i really don't want another bad shutdown....
the more you make...
the more they take.
-
March 10th, 2013, 02:52 PM
#14
TFC did not black out the desktop.
it did clean out 7 more mb's
then asked for restart. and restarted ok
so those other scans not needed at this time? tom, i'll do this drill on my vista.
the more you make...
the more they take.
-
March 10th, 2013, 02:53 PM
#15
You should be good to go
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|