Many programs blocked from updating/running, i give up!

[vict0r]

Create a batch file

1. Open Notepad.
2. Copy/paste the following text into the empty Notepad window.
   

   @ECHO OFF
   regedit /e C:\export.txt "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
   Start notepad C:\export.txt

3. Save the file as look.bat on your desktop. Save it with the file type... all types *.*.
4. Double click the file look.bat to execute.
5. Please post the contents of the notepad window that will open.

It looks like you have installed Avast Anti Virus which is good software. However you should uninstall the Norton software since you now have Avast.

Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.


Out of date Adobe Reader and Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. Your Java is fully up to date but Adobe Reader is outdated.


Uninstall misc programs

• Click on Start.
• All programs.
• Accessories.
• Run.
• In the open text box copy/paste appwiz.cpl Then click Ok.
• Wait for the list of programs in the Add/Remove control panel to appear, then uninstall the two programs listed below:
  
  Adobe Reader 7.0
  
  Norton Internet Security
  
  Norton Internet Security (Symantec Corporation)
  
  Norton AntiVirus
  
  Norton Confidential Browser Component
  
  Norton Confidential Web Protection Component
  
  Norton Protection Center
  
  LiveUpdate 3.2 (Symantec Corporation)

If any of the uninstallers ask for a reboot, then do so immediately. After the reboot open the Add/remove control panel again to continue.


When finished uninstalling the Norton programs, please download and run the Norton removal tool. Follow the prompts and instructions, reboot when asked. You can run this tool if any uninstalls above failed.


Is Windows fully updated through Windows Update now?

 

[rune1990]

Yep, windows is fully up to date and thank you for the reminder about adobe!

I will post the results of look.bat while uninstalling the recommended programs.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"
"捁牥吠畯r"=""
"捁牥吠畯⁲敒業摮牥"="㩃䅜散屲捁牥潔牵剜浥湩敤⹲硥e"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

 

[vict0r]

Hi.

Please also uninstall Adobe Flash Player 9 ActiveX (outdated). I will give you instructions how to install Flash and pdf reader in my next post.


Back Up registry with ERUNT

Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.

• Please download ERUNT and save it to your desktop.
• Alternate Download
• Double-click on erunt_setup.exe to install the program
• Untick the NTREGOPT desktop shortcut option
• Click No when you get the option to run Erunt at Windows startup.
• During the installation, tick Launch Erunt.
• Accept the default options for running a backup.
• Erunt will then backup your registry.
• Click OK to finish.
• If you are unable to back up your Registry with ERUNT ....
  • Let me know.
  • Do not follow any further instructions until I tell you to.

Registry fix file.

The following registry fix should only be used on this computer.

• Please copy the contents including any blank lines of the Code Box below to Notepad, Do not include the word CODE:
  
  

  Windows Registry Editor Version 5.00
  
  [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"
  "SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

• Make sure there are NO blank lines before Windows Registry Editor Version 5.00.
• Name the file fix.reg
• Change the Save as Type to All Files
• Save it to your desktop.
• Double-click on the fix.reg file, and when prompted to merge reply "Yes".

Please post a fresh log from DDS, DDS.txt only.

 

[rune1990]

ok!

Adobe flash player 9 activex deleted. Erunt successfully installed and registery backed up. Used the registry fix, never was prompted to merge however.

Fresh dds log follows!

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Rachel at 21:31:35 on 2011-05-23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2045.915 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\rundll32.exe
C:\Users\Rachel\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Rachel\Desktop\dds.com
C:\Windows\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sympatico.msn.ca/
uSEARCH PAGE = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/sp/*http://ca.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.ca.acer.yahoo.com
mDefault_Page_URL = hxxp://en.ca.acer.yahoo.com
uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer Tour]
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe"
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: [AcerOrbicamRibbon] "c:\program files\acer\orbicam10\OrbiCam.exe" /hide
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [eRecoveryService]
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
AppInit_DLLs: c:\windows\system32\guard32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-22 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-22 307928]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 238960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 36568]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-22 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-22 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-22 42184]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-5-23 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-5-22 1153368]
R3 b57nd60x;%SvcDispName%;c:\windows\system32\drivers\b57nd60x.sys [2011-5-23 179712]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-12-2 847392]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2007-4-25 31232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-24 01:07:39 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-24 00:22:09 -------- d-----w- c:\program files\Windows Portable Devices
2011-05-24 00:18:40 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-05-24 00:18:39 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-05-24 00:18:39 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-05-24 00:17:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-05-24 00:17:30 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-05-24 00:17:30 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-05-24 00:17:30 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-05-24 00:17:30 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-05-24 00:17:30 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-05-24 00:17:29 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-05-24 00:15:38 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-05-24 00:15:38 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-05-24 00:15:38 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-05-24 00:11:24 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-05-24 00:11:24 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-05-24 00:11:24 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-24 00:11:24 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-05-24 00:11:24 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-05-24 00:11:23 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-05-24 00:11:23 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-05-24 00:11:23 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-24 00:11:23 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-05-24 00:11:23 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-05-24 00:11:23 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-05-24 00:11:23 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-05-23 23:30:00 -------- d-----w- c:\windows\system32\eu-ES
2011-05-23 23:30:00 -------- d-----w- c:\windows\system32\ca-ES
2011-05-23 23:29:59 -------- d-----w- c:\windows\system32\vi-VN
2011-05-23 23:01:07 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-05-23 23:01:06 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-23 22:49:13 -------- d-----w- c:\windows\system32\EventProviders
2011-05-23 22:21:49 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2011-05-23 22:12:40 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-05-23 22:11:54 355832 ----a-w- c:\program files\internet explorer\pdm.dll
2011-05-23 22:11:54 265720 ----a-w- c:\program files\internet explorer\msdbg2.dll
2011-05-23 20:17:59 619864 ----a-w- c:\windows\system32\icardagt.exe
2011-05-23 20:16:59 71680 ----a-w- c:\windows\system32\propdefs.dll
2011-05-23 20:15:59 941056 ----a-w- c:\program files\common files\microsoft shared\ink\ShapeCollector.exe
2011-05-23 20:02:37 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-23 20:02:37 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-05-23 20:02:36 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-05-23 20:02:36 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-05-23 20:02:36 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-05-23 19:57:16 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2011-05-23 19:57:15 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-05-23 19:57:02 17920 ----a-w- c:\windows\system32\netevent.dll
2011-05-23 19:57:02 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-05-23 19:54:58 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-05-23 19:54:56 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2011-05-23 19:54:51 2048 ----a-w- c:\windows\system32\tzres.dll
2011-05-23 19:54:28 36864 ----a-w- c:\windows\system32\rtutils.dll
2011-05-23 19:54:26 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-05-23 19:54:24 867328 ----a-w- c:\windows\system32\wmpmde.dll
2011-05-23 19:46:04 601600 ----a-w- c:\windows\system32\schedsvc.dll
2011-05-23 19:46:03 352768 ----a-w- c:\windows\system32\taskschd.dll
2011-05-23 19:46:03 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-05-23 19:46:03 270336 ----a-w- c:\windows\system32\taskcomp.dll
2011-05-23 19:46:03 171520 ----a-w- c:\windows\system32\taskeng.exe
2011-05-23 19:46:00 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-05-23 19:44:13 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-23 19:44:11 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-23 19:44:10 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-05-23 19:44:04 128000 ----a-w- c:\windows\system32\spoolsv.exe
2011-05-23 19:40:14 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-05-23 19:34:57 81920 ----a-w- c:\windows\system32\consent.exe
2011-05-23 19:33:58 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-05-23 19:27:57 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-05-23 19:03:18 -------- d-----w- C:\PerfLogs
2011-05-23 14:05:02 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\default\MpEngine.dll
2011-05-23 14:03:59 798208 ----a-w- c:\windows\system32\dbghelp.dll
2011-05-23 14:02:59 1039360 ----a-w- c:\windows\system32\d3d8.dll
2011-05-23 14:01:43 102400 ----a-w- c:\windows\system32\wbem\mofinstall.dll
2011-05-23 14:01:42 357888 ----a-w- c:\windows\system32\wbemcomn.dll
2011-05-23 14:01:36 139264 ----a-w- c:\windows\system32\SmiInstaller.dll
2011-05-23 14:01:36 129536 ----a-w- c:\windows\system32\sqmapi.dll
2011-05-23 14:01:15 35328 ----a-w- c:\windows\system32\mspatcha.dll
2011-05-23 14:01:15 305152 ----a-w- c:\windows\system32\msdelta.dll
2011-05-23 14:01:15 258560 ----a-w- c:\windows\system32\dpx.dll
2011-05-23 00:13:03 -------- d-----w- c:\users\rachel\appdata\local\Adobe
2011-05-22 20:20:00 -------- d-----w- c:\program files\COMODO
2011-05-22 20:18:39 -------- d-----w- c:\programdata\Comodo
2011-05-22 20:16:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-22 20:16:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-22 20:14:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-22 20:10:19 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2011-05-22 20:10:18 -------- d-----w- c:\program files\SpywareBlaster
2011-05-22 14:54:22 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-22 14:54:17 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-22 14:52:35 40112 ----a-w- c:\windows\avastSS.scr
2011-05-22 14:51:55 -------- d-----w- c:\programdata\AVAST Software
2011-05-22 14:51:55 -------- d-----w- c:\program files\AVAST Software
2011-05-22 14:32:31 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-05-22 14:30:06 -------- d-----w- c:\users\rachel\Roaming
2011-05-22 14:30:06 -------- d-----w- c:\programdata\Roaming
2011-05-22 14:29:13 -------- d-----w- c:\program files\Cisco
2011-05-22 14:29:12 -------- d-----w- c:\program files\common files\Intel
2011-05-22 13:50:53 23552 ----a-w- c:\windows\system32\lpk.dll
2011-05-22 13:50:53 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-05-22 13:46:08 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-05-22 13:46:08 272896 ----a-w- c:\windows\system32\polstore.dll
2011-05-22 13:38:41 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-05-22 13:38:41 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-05-22 13:38:41 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-05-22 13:38:41 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-05-22 13:38:41 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-05-22 13:38:41 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-05-22 13:38:41 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-05-22 13:38:41 10240 ----a-w- c:\windows\system32\finger.exe
2011-05-22 13:34:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-05-22 13:34:02 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2011-05-22 13:34:02 65024 ----a-w- c:\windows\system32\wlanapi.dll
2011-05-22 13:34:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-05-22 13:34:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-05-22 13:34:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-05-22 13:33:58 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2011-05-22 13:32:29 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-05-22 13:32:28 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-05-22 13:32:27 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-05-22 13:31:00 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-05-22 13:27:03 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-05-22 13:27:03 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-05-22 13:27:03 2048 ----a-w- c:\windows\system32\mferror.dll
2011-05-22 13:19:15 71680 ----a-w- c:\windows\system32\atl.dll
2011-05-22 13:09:16 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-05-22 13:07:53 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-05-22 13:07:53 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-05-22 13:02:57 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-05-22 12:58:05 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll
2011-05-22 12:58:05 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll
2011-05-22 12:55:02 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-05-22 12:49:54 623616 ----a-w- c:\windows\system32\localspl.dll
2011-05-22 12:45:00 2565432 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-05-22 12:44:54 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{32022ae2-ea0f-4097-b85f-c22bf3710af0}\mpengine.dll
2011-05-22 12:44:54 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-22 12:43:03 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-05-22 12:41:47 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-05-22 12:41:46 9728 ----a-w- c:\windows\system32\lsass.exe
2011-05-22 12:41:46 72704 ----a-w- c:\windows\system32\secur32.dll
2011-05-22 12:41:46 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-05-22 12:41:46 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-05-22 12:41:46 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-05-22 12:32:40 6656 ----a-w- c:\windows\system32\kbd106n.dll
2011-05-22 12:29:25 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-05-22 12:29:25 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-05-22 12:27:11 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-05-22 12:27:11 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2011-05-22 12:27:11 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2011-05-22 12:27:10 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2011-05-22 12:20:00 98304 ----a-w- c:\windows\system32\cabview.dll
2011-05-22 12:16:29 37888 ----a-w- c:\windows\system32\printcom.dll
2011-05-22 12:13:41 14848 ----a-w- c:\windows\system32\wshrm.dll
2011-05-22 12:12:38 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-05-22 12:12:38 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-05-22 12:12:38 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-05-22 12:12:36 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-05-22 12:12:36 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2011-05-22 12:12:35 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-05-22 12:12:35 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-05-22 12:12:35 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2011-05-22 12:11:24 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-05-22 12:11:24 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-05-22 12:11:24 332288 ----a-w- c:\windows\system32\msdrm.dll
2011-05-22 12:11:24 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-05-22 12:11:24 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-05-22 12:11:23 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-05-22 12:11:23 518144 ----a-w- c:\windows\system32\RMActivate.exe
2011-05-22 12:11:23 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2011-05-22 12:11:23 471552 ----a-w- c:\windows\system32\secproc.dll
2011-05-22 02:30:22 84480 ----a-w- c:\windows\system32\INETRES.dll
2011-05-22 02:29:54 60928 ----a-w- c:\windows\system32\msasn1.dll
2011-05-22 02:28:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2011-05-22 02:27:46 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-05-22 02:27:46 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-05-22 02:27:46 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-05-22 02:24:54 243712 ----a-w- c:\windows\system32\rastls.dll
2011-05-22 02:24:27 355328 ----a-w- c:\windows\system32\WSDApi.dll
2011-05-22 02:23:45 -------- d-----w- c:\program files\MSXML 4.0
2011-05-22 02:21:59 91136 ----a-w- c:\windows\system32\avifil32.dll
2011-05-22 02:21:59 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-05-22 02:21:59 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-05-22 02:21:59 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-05-22 02:21:59 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-05-22 02:21:59 1314816 ----a-w- c:\windows\system32\quartz.dll
2011-05-22 02:21:59 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-05-22 02:21:58 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-05-22 02:21:58 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-05-22 02:21:58 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2011-05-22 02:21:10 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-05-22 02:20:24 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-05-22 02:20:24 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2011-05-22 01:35:18 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-05-22 01:35:18 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-05-22 01:35:18 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-05-22 01:35:18 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-05-22 01:35:18 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-05-22 01:35:18 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-05-22 01:35:17 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-05-22 00:47:26 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-05-22 00:46:38 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-05-22 00:46:11 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-05-22 00:46:11 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-05-22 00:42:55 -------- d--h--w- c:\users\rachel\appdata\local\acer eNM
2011-05-22 00:37:14 360448 ----a-w- c:\windows\system32\CheckD2DSystem.exe
2011-05-22 00:37:14 327680 ----a-w- c:\windows\system32\Remove_eRecovery.exe
2011-05-22 00:37:14 16384 ----a-w- c:\windows\system32\LauncheRyAgentUser.exe
2011-05-22 00:37:14 16384 ----a-w- c:\windows\system32\ClearEvent.exe
2011-05-22 00:37:14 1402880 ----a-w- c:\windows\system32\ERUpdateHidden.EXE
2011-05-22 00:36:31 8704 ----a-w- c:\windows\system32\drivers\TVicPort64.sys
2011-05-22 00:36:31 69632 ----a-w- c:\windows\system32\drivers\int15.sys
2011-05-22 00:36:31 6144 ----a-w- c:\windows\system32\drivers\zntport64.sys
2011-05-22 00:36:31 6080 ----a-w- c:\windows\system32\drivers\zntport.sys
2011-05-22 00:36:31 15656 ----a-w- c:\windows\system32\drivers\int15_64.sys
2011-05-22 00:36:31 14544 ----a-w- c:\windows\system32\drivers\TVicPort.sys
2011-05-22 00:35:36 65536 ----a-w- c:\windows\system32\NATTraversal.dll
2011-05-22 00:31:45 53248 ----a-w- c:\windows\system32\acpimof.dll
2011-05-22 00:30:51 -------- d-----w- c:\windows\system32\i386
2011-05-22 00:30:23 -------- d-----w- c:\program files\common files\Logitech
2011-05-22 00:30:23 -------- d-----w- c:\program files\Acer
2011-05-22 00:29:00 229376 ----a-w- c:\windows\system32\BtwRSupport.dll
2011-05-22 00:28:51 -------- d-----w- c:\windows\system32\es-MX
2011-05-22 00:28:51 -------- d-----w- c:\windows\system32\es-AR
2011-05-22 00:28:49 -------- d-----w- c:\program files\WIDCOMM
2011-05-22 00:28:15 1285 ----a-w- c:\windows\CLEANUP.CMD
2011-05-22 00:27:37 -------- d-----w- c:\program files\Acer Registration
2011-05-22 00:26:33 506368 ----a-w- c:\windows\system32\athr.sys
2011-05-22 00:26:33 -------- d-----w- c:\program files\Atheros
2011-05-22 00:26:32 -------- d-----w- c:\windows\Options
2011-05-22 00:26:16 -------- d-----w- C:\temp
2011-05-22 00:25:41 176 ----a-w- c:\windows\system32\drivers\RTHDAEQ0.DAT
2011-05-22 00:24:33 1655464 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2011-05-22 00:24:33 14336 ----a-w- c:\windows\system32\RtkCoInst.dll
2011-05-22 00:24:32 4186112 ----a-w- c:\windows\RtHDVCpl.exe
2011-05-22 00:23:45 -------- d-----w- c:\program files\Launch Manager
2011-05-22 00:22:54 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-22 00:20:29 -------- d-----w- c:\users\rachel\appdata\local\VirtualStore
2011-05-03 00:36:34 36568 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-05-03 00:36:32 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-05-03 00:36:32 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-05-03 00:36:04 284744 ----a-w- c:\windows\system32\guard32.dll
.
==================== Find3M ====================
.
2011-05-23 15:18:49 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-05-23 15:18:40 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-05-22 14:27:59 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui
2011-05-22 02:32:08 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2011-05-22 00:24:38 319984 ----a-w- c:\windows\DIFxAPI.dll
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
============= FINISH: 21:34:38.21 ===============

 

[vict0r]

Used the registry fix, never was prompted to merge however.

Ok, my mistake. The fix was successful.


Delete the following files

Please delete the following files on your desktop:

dds.com
export.txt
look.bat
fix.reg


Adobe

Download and install the latest Adobe Flash Player from the following link: Adobe Flash Player

Adobe Reader is a large program. If you prefer a smaller program you can get Foxit 4.3 instead from http://cdn01.foxitsoftware.com/pub/foxit/reader/desktop/win/4.x/4.3/enu/FoxitReader431_enu_Setup.exe

If you decide to install Foxit 4.3, do the following during Foxit's Setup/Installation process:

Uncheck the following boxes and click Decline to avoid installation of The Foxit Search Bar powered by Ask:

• I accept the License Terms and want to install Foxit Toolbar
• Make Ask.com my default search

Windows updates

Choose your desired settings:

Click Start (Vista orbiter) -> Control Panel -> Security -> Windows Update -> Change Settings

1. Select Install updates automatically (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
2. Select Download updates but let me choose whether to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
3. Select Check for updates but let me choose whether to download and install them radio button if you want to be notified of the updates.

Click OK to save any changes.


Keep your non-Microsoft applications updated as well

Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it and install the suggested updates at least once a week.



Consider using the following to secure your computer further

• Malwarebytes' Anti-Malware
  Install Malwarebytes Anti-Malware, update and perform a quick scan 1-2 times a week. Download from the following link: Malwarebytes Anti Malware
  
  
• Make use of the HOSTS file included with Spybot Search & Destroy
  Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy.
  • Run Spybot Search & Destroy.
  • Click on Mode, and then place a tick next to Advanced mode.
  • Click Yes.
  • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File.
  • Click on Add Spybot-S&D hosts list.
  
  Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue:
  • Click Start > Run
  • Type services.msc & click OK
  • In the list, find the service called DNS Client & double click on it.
  • On the dropdown box, change the setting from automatic to manual.
  • Click OK & then close the Services window.
  
  For a more detailed explanation of the HOSTS file, click here.
  
  
• Use an alternative to Internet Explorer
  Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead. I can recommend Firefox with the NoScript addon to avoid malicious scripting attacks.

It is ABSOLUTELY ESSENTIAL to keep Windows, Java, Adobe and all of your security programs up to date.


Read these articles to learn more about how to protect yourself while on the internet:

• Reducing Your Risk to Malware.
• Is It Real or is it ScareWare?

Do you have further questions related to this case?

 

[rune1990]

I think you have covered everything! And I have taken all your suggestions, thank you so much for all your help reo:

 

[vict0r]

You're welcome, I'm glad I could help.

Since this issue appears to be resolved ... this Topic has been closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.