chuckiechan

Members
  • Content count

    20
  • Joined

  • Last visited

Community Reputation

0 Neutral

About chuckiechan

  • Rank
    Member
  1. chuckiechan

    aaw7boot.log

    In fairness, I'm planning to get an SSD in a couple of weeks and do a reformat. So unless you are looking for a challenge, I think it's one of those rare problems that are too hard to solve. I personally think it's a virus that has hijacked the AAW file name. And I thank you very much for your trouble.
  2. chuckiechan

    aaw7boot.log

    FWIW, it appears to be part of the Anniversy Edition. As far as I know I never used a LAN Desk item but I'll be glad to install LANdesk and uninstall it to see if that helps.
  3. chuckiechan

    aaw7boot.log

    I found this file: in C: users/ wife&I/app data/roaming/lavasoft statistics
  4. chuckiechan

    aaw7boot.log

    Attach.txt: Thanks for keeping on it.
  5. chuckiechan

    aaw7boot.log

    My Isdelete file is gone. The thing is still running.
  6. chuckiechan

    aaw7boot.log

    It's still there. I deleted the System 32 file, and I did the CMD stop and deletion, and deleted the file itself. When I did CMD sc stop LBD it said something to the effect of no file found. Same with sc delete. Ideas?
  7. chuckiechan

    aaw7boot.log

    DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2 Run by Chuck and Jen at 8:12:14 on 2014-01-19 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8148.6520 [GMT -8:00] . AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe D:\Program Files (x86)\Softland\FBackup 5\bService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe D:\Program Files (x86)\Softland\FBackup 5\bTray.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe D:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\taskhost.exe C:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned> uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll mWinlogon: Userinit = userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll uRun: [FBackup Scheduler] <no file> mRun: [DMXLauncher] "C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KILLER~1.LNK - C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - D:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{8C4A3DCF-E0DB-49F2-BFAA-3C0FA8A14D83} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{C69C0F6C-9BF3-4232-9CE4-856F549B3FE1} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{CDCD0B50-6B56-4DA5-A360-3FE55E44997E} : DHCPNameServer = 75.75.75.75 75.75.76.76 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s x64-Run: [VIAxHCUtl] C:\Program Files\VIA XHCI UASP Utility\usb3Monitor x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-9-20 69376] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-13 52664] R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2013-12-16 17192] R1 BfLwf;Qualcomm Atheros Bandwidth Control;C:\Windows\System32\drivers\bflwfx64.sys [2013-2-13 67888] R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2009-6-10 14136] R2 FBackup5Srv;FBackup 5 Service;D:\Program Files (x86)\Softland\FBackup 5\bService.exe [2014-1-15 2699856] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944] R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-3 1494304] R2 Qualcomm Atheros Killer Service V2;Qualcomm Atheros Killer Service V2;C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [2013-8-8 343040] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-23 414496] R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2014-1-17 65408] R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-8-25 94208] R3 Ke2200;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;C:\Windows\System32\drivers\e22W7x64.sys [2013-3-20 154320] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376] R3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\System32\drivers\NMgamingms.sys [2012-9-26 11264] R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-23 39200] R3 VUSB3HUB;VIA USB 3 Root Hub Service;C:\Windows\System32\drivers\ViaHub3.sys [2014-1-18 223744] R3 xhcdrv;VIA USB eXtensible Host Controller Service;C:\Windows\System32\drivers\xhcdrv.sys [2014-1-18 295424] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-6-21 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2013-10-30 458960] S3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-12-16 32344] S3 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-31 15129376] S3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2013-11-29 47632] S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-1-3 19152] S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-1-3 12504] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-5 19456] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392] S3 SaiK0D25;SaiK0D25;C:\Windows\System32\drivers\SaiK0D25.sys [2013-1-19 181024] S3 SIUSBXP;SIUSBXP;C:\Windows\System32\drivers\SiUSBXp.sys [2009-11-3 19456] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-5 57856] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-11 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2014-01-19 00:24:42 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C8838230-CB2E-4E02-9765-8747A6A27747}\mpengine.dll 2014-01-18 16:44:58 -------- d-----w- C:\Program Files\VIA XHCI UASP Utility 2014-01-18 16:44:24 223744 ----a-w- C:\Windows\System32\drivers\ViaHub3.sys 2014-01-18 16:44:23 86064 ----a-w- C:\Windows\System32\drivers\vusbstor.sys 2014-01-18 16:43:44 -------- d-----w- C:\Program Files (x86)\VIA 2014-01-18 16:43:14 295424 ----a-w- C:\Windows\System32\drivers\xhcdrv.sys 2014-01-18 04:42:25 877480 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2014-01-18 04:42:25 800168 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2014-01-18 04:40:13 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2014-01-18 00:00:05 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2014-01-18 00:00:05 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys 2014-01-18 00:00:05 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2014-01-18 00:00:05 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2014-01-18 00:00:05 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2014-01-18 00:00:05 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2014-01-18 00:00:05 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2014-01-18 00:00:04 376768 ----a-w- C:\Windows\System32\drivers\netio.sys 2014-01-18 00:00:04 3156480 ----a-w- C:\Windows\System32\win32k.sys 2014-01-17 23:55:35 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-01-17 23:51:16 -------- d-----w- C:\ProgramData\Qualcomm 2014-01-17 23:50:51 -------- d-----w- C:\Program Files\Qualcomm Atheros 2014-01-17 23:50:37 -------- d-----w- C:\ProgramData\Downloaded Installations 2014-01-17 23:47:16 65408 ----a-w- C:\Windows\System32\drivers\EtronHub3.sys 2013-12-30 16:18:05 63776 ----a-w- C:\Windows\System32\nvshext.dll 2013-12-30 16:18:05 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll 2013-12-30 16:18:04 922912 ----a-w- C:\Windows\System32\nvvsvc.exe 2013-12-30 16:18:04 6674208 ----a-w- C:\Windows\System32\nvcpl.dll 2013-12-30 16:18:04 3498475 ----a-w- C:\Windows\System32\nvcoproc.bin 2013-12-30 16:18:04 219424 ----a-w- C:\Windows\System32\nvmctray.dll 2013-12-30 16:17:49 61216 ----a-w- C:\Windows\System32\OpenCL.dll 2013-12-30 16:17:49 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2013-12-27 14:32:30 -------- d-----w- C:\Users\Chuck and Jen\AppData\Roaming\Malwarebytes 2013-12-27 14:32:17 -------- d-----w- C:\ProgramData\Malwarebytes 2013-12-27 14:32:16 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-12-27 14:32:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-24 01:45:15 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys 2013-12-24 01:45:15 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll . ==================== Find3M ==================== . 2014-01-18 21:31:21 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2014-01-18 21:22:11 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2013-12-11 18:39:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-11 18:39:13 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-12-10 02:13:11 982232 ----a-w- C:\Windows\SysWow64\nvspcap.dll 2013-12-10 02:13:01 1100248 ----a-w- C:\Windows\System32\nvspcap64.dll 2013-12-05 08:42:26 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll 2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll 2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll 2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll 2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll 2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-11-23 20:18:38 590112 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll 2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe 2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-10-30 20:55:10 458960 ----a-w- C:\Windows\System32\drivers\k57nd60a.sys 2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll 2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll 2013-10-29 16:49:13 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2013-10-29 03:09:07 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2013-10-23 10:30:23 1884448 ----a-w- C:\Windows\System32\nvdispco6433165.dll 2013-10-23 10:30:23 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433165.dll . ============= FINISH: 8:12:47.18 =============== ATTACH.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 3/9/2011 5:55:38 PM System Uptime: 1/19/2014 7:55:09 AM (1 hours ago) . Motherboard: ASRock | | 990FX Killer Processor: AMD FX-8350 Eight-Core Processor | CPUSocket | 4000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 129 GiB total, 17.876 GiB free. D: is FIXED (NTFS) - 11 GiB total, 8.253 GiB free. E: is CDROM () G: is FIXED (NTFS) - 1397 GiB total, 1001.36 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP432: 1/17/2014 3:47:03 PM - Configured Etron USB3.0 Host Controller RP433: 1/17/2014 3:54:55 PM - Windows Update RP434: 1/17/2014 4:02:18 PM - Windows Update RP435: 1/17/2014 8:39:40 PM - Installed Java 7 Update 51 RP436: 1/18/2014 8:19:31 AM - FBackup 5.0 RP437: 1/18/2014 8:21:29 AM - FBackup 5.0 RP438: 1/18/2014 8:43:29 AM - Installed Platform . ==== Installed Programs ====================== . 7-Zip 9.20 (x64 edition) ACDSee 15 ACDSee Photo Editor 2008 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.9) Adobe Shockwave Player 12.0 AnyDVD Apple Application Support Apple Mobile Device Support Apple Software Update ASRock App Charger v1.0.5 AutoUpdate Avery Template - U_0332_01_L Battlefield 4™ Battlelog Web Plugins BF4 Settings Editor Bonjour Broadcom Gigabit NetLink Controller Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX Canon IJ Network Scanner Selector EX Canon IJ Network Tool Canon MP Navigator EX 4.1 Canon MX410 series MP Drivers Canon MX410 series User Registration Canon My Printer Canon Solution Menu EX Canon Speed Dial Utility CCleaner CloneDVD2 Compatibility Pack for the 2007 Office system CPUID CPU-Z 1.62.0 D3DX10 DivX ESN Sonar Etron USB3.0 Host Controller Facebook Video Calling 2.0.0.447 FBackup 5 FBackup 5.0 FotoSlate 4 Game Fire GeForce Experience NvStream Client Components Google SketchUp 8 iCloud iTunes Java 7 Update 51 Java Auto Updater Junk Mail filter update Malwarebytes Anti-Malware version 1.75.0.1300 Mesh Runtime Messenger Companion Microsoft .NET Framework 1.1 Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Mouse and Keyboard Center Microsoft Office Access database engine 2007 (English) Microsoft Office File Validation Add-In Microsoft Office Outlook Connector Microsoft Office Professional Edition 2003 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Streets & Trips 2009 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 MiniTool Partition Wizard Home Edition 8.1.1 MobileMe Control Panel MozBackup 1.5.1 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Musicnotes Player V1.32.2 and Viewer V1.19.0 Musicnotes Software Suite 1.7.2 NVIDIA 3D Vision Controller Driver 331.93 NVIDIA 3D Vision Driver 331.93 NVIDIA Control Panel 331.93 NVIDIA GeForce Experience 1.8.1 NVIDIA Graphics Driver 331.93 NVIDIA HD Audio Driver 1.3.26.4 NVIDIA Install Application NVIDIA LED Visualizer 1.0 NVIDIA Network Service NVIDIA Optimus Update 10.11.15 NVIDIA PhysX NVIDIA PhysX System Software 9.13.0725 NVIDIA ShadowPlay 10.11.15 NVIDIA Stereoscopic 3D Driver NVIDIA Update 10.11.15 NVIDIA Update Core NVIDIA Virtual Audio 1.2.19 Origin Platform PunkBuster Services PVSonyDll Qualcomm Atheros Bandwidth Control Filter Driver Qualcomm Atheros Killer E220x Drivers Qualcomm Atheros Killer Network Manager Suite Qualcomm Atheros Network Manager QuickTime Realtek High Definition Audio Driver Revo Uninstaller 1.95 Roxio Easy Media Creator 9 Suite SeaMonkey 2.23 (x86 en-US) SHIELD Streaming Smart Technology Programming Software 7.0.27.13 SmartScore X Midi Edition swMSM System Requirements Lab Tetris TuneUp Companion 3.0.5.0 VD64Inst VIA Platform Device Manager Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WinDirStat 1.1.2 Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin Xingtone Ringtone Maker Xtreme Technologies Gateway (Driver Removal) XWizard Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 1/19/2014 7:55:59 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter 1/17/2014 4:25:59 PM, Error: Schannel [36888] - The following fatal alert was generated: 43. The internal error state is 252. 1/17/2014 3:41:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 109.61.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.10003.0&sig=109.61.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.1.10003.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 1/17/2014 3:41:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.1229.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 1/17/2014 3:41:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.1229.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.10201.0&avdelta=1.165.1229.0&asdelta=1.165.1229.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 1/17/2014 3:41:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.1229.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.10201.0&avdelta=1.165.1229.0&asdelta=1.165.1229.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 1/17/2014 3:31:46 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 109.61.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.10003.0&sig=109.61.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.1.10003.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 1/17/2014 3:31:46 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.1229.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 1/17/2014 3:31:46 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.1229.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.10201.0&avdelta=1.165.1229.0&asdelta=1.165.1229.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 1/17/2014 3:31:46 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.1229.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.10201.0&avdelta=1.165.1229.0&asdelta=1.165.1229.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved . ==== End Of File ===========================
  8. chuckiechan

    aaw7boot.log

    This showed up on my C drive after a new mother board. It seems to update every few seconds of minutes. It just keeps going. I've never seen it before. I don't have a Lavasoft product on my computer at this time. Can someone tell me how to delete or disable it? It's apparetly been running since Feb of 2013! Thanks in advance. It's like the Everready bunny!
  9. chuckiechan

    Groupon full screen popup

    [quote name='Blade81' post='128085' date='Jul 8 2011, 09:48 AM']I'm not right person to answer this but I believe that ad you keep seeing is not malicious one and that's why programs, other than ad blockers in general, don't automatically block it.[/quote] First of all, Adblock plus seems to have finally done the trick. Regarding maliciousness, anything that takes up 100% of my 21" screen is something that should be neutered. Personally, I don't believe Adaware knows how to stop it, or hasn't invested the resources in dealing with it. But thanks for your help anyway.
  10. chuckiechan

    Groupon full screen popup

    I pretty much give up on Adaware. So far it looks like Adblock Plus is working, but you never know. I'll know for sure in a couple of days. Why can't Adaware catch this? There are starting to more and more complaints.
  11. chuckiechan

    Groupon full screen popup

    [quote name='Blade81' post='127712' date='Jun 21 2011, 09:28 PM']You're welcome [/quote] Quick update: It is still doing it, but what I discovered is certain web sites like Washington Post, or New York Times trigger it. (for all I know it's some combination of page numbers or something) I suspect I have a cookie or some adware file that lies in wait until a target website is hit, then it appears. It also seems to pop up only once per browser session. If I close then go back to Washington Post, it pops up again. It has a box "confirm your city" with Sacramento in it. (actually I'm in a suburb of Sacramento that goes by another name). I did find some Groupon Cookies so I deleted them and flaged as "not to let deleted cookies set future cookies" - but I think I did this before. So, it seems I'm stuck with it. I understand Groupon is a Google product, so like Microsoft, if they want to put it in your face you are pretty well stuck with it, since they have the ability to go much deeper into my OS that a typical adware creep. I'd like to interactively add and remove cookies like you do MSCONFIG, but I've never heard of such a thing. And... I seem to be the only one complaining! But I take satisfaction in knowing that the "Groupon arc" has already gone flat, and it is understood to be a horribly bad investment! LOL! So I have no idea what to do next.
  12. chuckiechan

    Groupon full screen popup

    [quote name='Blade81' post='127616' date='Jun 17 2011, 01:22 PM']Ok, shall wait for your report [/quote] Well, it seems to be gone. (watch, the sucker will popup as soon as I said that!) I didn't really do anything. I wonder if LSAAW caught up with it. No way to know for sure. If it pops up again, I'll let you know and see if we can track it down. Thank you for all your help!
  13. chuckiechan

    Groupon full screen popup

    I have an idea I want to try. The popup is a sign up. Groupon is isn't as bad as some markerters out there. So I'm going to follow the sign up process and then hope to unsubscribe. I think that my do the trick, I'll try the ComboFix tool. I'll keep you posted with our without success. [quote name='Blade81' post='127598' date='Jun 17 2011, 01:28 AM']Hi, Please visit this webpage for download links, and instructions for running ComboFix tool: [url="http://www.bleepingcomputer.com/combofix/how-to-use-combofix"]http://www.bleepingcomputer.com/combofix/how-to-use-combofix[/url] Please continue as follows:[list=1] [*][b]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix[/b], [url="http://www.bleepingcomputer.com/forums/topic114351.html"]link[/url] Remember to re-enable them afterwards. [*]Click [b]Yes[/b] to allow ComboFix to continue scanning for malware. [/list]When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system: [b]C:\ComboFix.txt New dds log.[/b] [color="#ff0000"][b]A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.[/b][/color][/quote]
  14. chuckiechan

    Groupon full screen popup

    [quote name='Blade81' post='127589' date='Jun 16 2011, 09:21 AM']But does it only appear on some specific site (Sacbee.com in this case) or on random ones?[/quote] It's hard to pin down. But it pops up and obscures my desktop when I close my browser. It's like they switch places. I have my screen minimized so I have 1/2 borders showing my desktop to "catch" it as it happens, and it doesn't happen when my browser is open. Only when I close my browser, boom, there it is. I'm experimenting right now trying to determine which site triggers it. I don't think it's random. I'll keep trying to narrow it down. I think it's either sacbee.com or my netscape / seamonkey (mozilla) mail. My wife opened up a groupon e mail I suspect and that's where it all started.
  15. chuckiechan

    Groupon full screen popup

    [quote name='Blade81' post='127586' date='Jun 16 2011, 08:13 AM']Hi, Could you specify if those popups appear only on that specifc site, please? Also, could you provide a screenshot?[/quote] At the risk of sending to much, I included the screen shot, it's "page source" plus a shot of my task manager processes. It acts like a browser hyjack. When the screen is up, I have to close it before I can open my (Seamonkey) browser.