Jump to content

First HTJ on Laptop 12/16/11


Michael Devaney
 Share

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:14:09 AM, on 12/16/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe

C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe

C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.*.*;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.21\AVG Secure Search_toolbar.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.21\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a

O4 - HKLM\..\Run: [info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [spotify] "C:\Users\Michael\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: CurseClientStartup.ccip

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: spp.aaa.com

O15 - Trusted Zone: spp1.aaa.com

O15 - Trusted Zone: spp2.aaa.com

O15 - Trusted Zone: spp3.aaa.com

O15 - Trusted Zone: sppt.aaa.com

O15 - Trusted Zone: sppt1.aaa.com

O15 - Trusted Zone: sppt2.aaa.com

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: Updater Service - Acer - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - c:\windows\system32\ZuneWlanCfgSvc.exe (file missing)

 

--

End of file - 13250 bytes

Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...

Hello Michael Devaney and :wp:

 

My name is JonTom

  • Malware Logs can sometimes take a lot of time to research and interpret.
  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  • PLEASE NOTE: If you do not reply after 5 days your thread will be closed.
Please let me know exactly what problems you are having and then we'll take a closer look with the following scans:

  • Please perform the following scan

  • Please download DDS from here and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Right click on the DDS icon and select "Run as Administrator" to run the tool (may take up to 3 minutes to run).
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
  • Please post the contents of the DDS.txt and Attach.txt logs in your next reply.
  • aswMBR

    • Download aswMBR.exe to your desktop.
    • Double click the aswMBR.exe to run it.
    • When asked if you want to download Avast's virus definitions please select Yes.
    • Click the "Scan" button to start scan.
    Posted Image

     

    • On completion of the scan click save log, save it to your desktop and post in your next reply.
    Posted Image
  • MBRCheck

    • Please download MBRCheck by clicking here and save it to your desktop.
    • Be sure to disable your security programs.
    • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
    • A window will open on your desktop.
    • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    • If nothing unusual is found just press Enter.
    • A .txt file named MBRCheck_mm.dd.yy_hh.mm:filtered: should appear on your desktop.
    • Please post the contents of that file in your next reply.
    Please post the DDS logs, the aswMBR log and the MBRCheck log in your next reply along with listing the problems the machine is displaying.
Link to comment
Share on other sites

<p><font color="#ff0000"><b><u>DDS.txt</u></b></font></p>

<p> </p>

<p>.</p>

<div>DDS (Ver_2011-08-26.01) - NTFSAMD64 </div>

<div>Internet Explorer: 9.0.8112.16421</div>

<div>Run by Michael at 15:50:53 on 2012-01-08</div>

<div>Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3838.2208 [GMT -8:00]</div>

<div>.</div>

<div>AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}</div>

<div>AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}</div>

<div>AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}</div>

<div>SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}</div>

<div>SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}</div>

<div>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div>

<div>SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}</div>

<div>FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}</div>

<div>.</div>

<div>============== Running Processes ===============</div>

<div>.</div>

<div>C:windowssystem32wininit.exe</div>

<div>C:windowssystem32lsm.exe</div>

<div>C:windowssystem32svchost.exe -k DcomLaunch</div>

<div>C:windowssystem32svchost.exe -k RPCSS</div>

<div>c:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe</div>

<div>C:windowssystem32atiesrxx.exe</div>

<div>C:windowsSystem32svchost.exe -k LocalServiceNetworkRestricted</div>

<div>C:windowsSystem32svchost.exe -k LocalSystemNetworkRestricted</div>

<div>C:windowssystem32svchost.exe -k netsvcs</div>

<div>C:windowssystem32svchost.exe -k LocalService</div>

<div>C:windowssystem32svchost.exe -k NetworkService</div>

<div>C:windowssystem32atieclxx.exe</div>

<div>C:windowsSystem32spoolsv.exe</div>

<div>C:windowssystem32svchost.exe -k LocalServiceNoNetwork</div>

<div>C:windowssystem32taskhost.exe</div>

<div>C:windowssystem32Dwm.exe</div>

<div>C:windowsExplorer.EXE</div>

<div>C:Program Files (x86)AVGAVG PC TuneupBoostSpeed.exe</div>

<div>C:Program FilesCONEXANTcAudioFilterAgentcAudioFilterAgent64.exe</div>

<div>C:Program FilesMicrosoft Security Clientmsseces.exe</div>

<div>C:Program Files (x86)VideoWebCameraVideoWebCamera.exe</div>

<div>C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe</div>

<div>C:Program FilesSUPERAntiSpywareSASCORE64.EXE</div>

<div>C:Program FilesATI TechnologiesATI.ACEReservation ManagerAMD Reservation Manager.exe</div>

<div>C:Program Files (x86)iTunesiTunesHelper.exe</div>

<div>C:Program Files (x86)Common FilesJavaJava Updatejusched.exe</div>

<div>C:Program Files (x86)AVGAVG2012avgtray.exe</div>

<div>C:Program Files (x86)AVG Secure Searchvprot.exe</div>

<div>C:Program Files (x86)AVGAVG2012avgwdsvc.exe</div>

<div>C:Program FilesBonjourmDNSResponder.exe</div>

<div>C:Program FilesGatewayGateway Power ManagementePowerSvc.exe</div>

<div>C:Program Files (x86)GatewayRegistrationGregHSRW.exe</div>

<div>C:windowssystem32svchost.exe -k HsfXAudioService</div>

<div>C:Program Files (x86)MotorolaMotoHelperMotoHelperService.exe</div>

<div>C:Program Files (x86)NewTech InfosystemsGateway MyBackupIScheduleSvc.exe</div>

<div>C:Program Files (x86)MotorolaMotoHelperMotoHelperAgent.exe</div>

<div>C:Program Files (x86)Common FilesPC ToolssMonitorStartManSvc.exe</div>

<div>C:Program Files (x86)AVGAVG2012avgnsa.exe</div>

<div>C:windowssystem32svchost.exe -k imgsvc</div>

<div>C:Program FilesGatewayGateway UpdaterUpdaterService.exe</div>

<div>C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater9.0.1ToolbarUpdater.exe</div>

<div>C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE</div>

<div>C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe</div>

<div>C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe</div>

<div>C:Program FilesiPodbiniPodService.exe</div>

<div>C:windowssystem32SearchIndexer.exe</div>

<div>C:windowssystem32svchost.exe -k NetworkServiceNetworkRestricted</div>

<div>C:windowsSystem32alg.exe</div>

<div>C:windowssystem32svchost.exe -k LocalServiceAndNoImpersonation</div>

<div>C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe</div>

<div>C:Program FilesWindows Media Playerwmpnetwk.exe</div>

<div>C:UsersMichaelAppDataLocalApps2.0LGNDBC18.4AETPVGB1R5.2NCcurs..tion_eee711038731a406_0004.0000_2ad57791d5c42008CurseClient.exe</div>

<div>C:windowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe</div>

<div>C:UsersMichaelAppDataLocalGoogleChromeApplicationchrome.exe</div>

<div>C:UsersMichaelAppDataLocalGoogleChromeApplicationchrome.exe</div>

<div>C:UsersMichaelAppDataLocalGoogleChromeApplicationchrome.exe</div>

<div>C:UsersMichaelAppDataLocalGoogleChromeApplicationchrome.exe</div>

<div>C:UsersMichaelDownloadsaswMBR.exe</div>

<div>C:windowsSystem32svchost.exe -k swprv</div>

<div>C:windowssystem32taskeng.exe</div>

<div>C:windowsSysWOW64rundll32.exe</div>

<div>C:UsersMichaelAppDataLocalGoogleChromeApplicationchrome.exe</div>

<div>C:windowssystem32SearchProtocolHost.exe</div>

<div>C:windowssystem32SearchFilterHost.exe</div>

<div>C:windowsSysWOW64cmd.exe</div>

<div>C:windowssystem32conhost.exe</div>

<div>C:windowsSysWOW64cscript.exe</div>

<div>C:windowssystem32wbemwmiprvse.exe</div>

<div>.</div>

<div>============== Pseudo HJT Report ===============</div>

<div>.</div>

<div>uInternet Settings,ProxyOverride = 192.168.*.*;*.local</div>

<div>uURLSearchHooks: H - No File</div>

<div>BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File</div>

<div>BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll</div>

<div>BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:Program Files (x86)AVGAVG2012avgssie.dll</div>

<div>BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:Program Files (x86)Norton Internet SecurityEngine16.8.0.41coIEPlg.dll</div>

<div>BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:Program Files (x86)Norton Internet SecurityEngine16.8.0.41IPSBHO.DLL</div>

<div>BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll</div>

<div>BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:Program Files (x86)AVG Secure Search9.0.0.21AVG Secure Search_toolbar.dll</div>

<div>BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll</div>

<div>BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:Program Files (x86)Javajre6binjp2ssv.dll</div>

<div>TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:Program Files (x86)Norton Internet SecurityEngine16.8.0.41coIEPlg.dll</div>

<div>TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File</div>

<div>TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:Program Files (x86)AVG Secure Search9.0.0.21AVG Secure Search_toolbar.dll</div>

<div>uRun: [Google Update] "C:UsersMichaelAppDataLocalGoogleUpdateGoogleUpdate.exe" /c</div>

<div>uRun: [spotify] "C:UsersMichaelAppDataRoamingSpotifySpotify.exe" /uri spotify:autostart</div>

<div>uRun: [sUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe</div>

<div>uRun: [Facebook Update] "C:UsersMichaelAppDataLocalFacebookUpdateFacebookUpdate.exe" /c /nocrashserver</div>

<div>mRun: [VideoWebCamera] "C:Program Files (x86)VideoWebCameraVideoWebCamera.exe" -a</div>

<div>mRun: [info Center] C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe</div>

<div>mRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"</div>

<div>mRun: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"</div>

<div>mRun: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime</div>

<div>mRun: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"</div>

<div>mRun: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe"</div>

<div>mRun: [vProt] "C:Program Files (x86)AVG Secure Searchvprot.exe"</div>

<div>StartupFolder: C:UsersMichaelAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupCurseClientStartup.ccip</div>

<div>mPolicies-explorer: NoActiveDesktop = 1 (0x1)</div>

<div>mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)</div>

<div>mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)</div>

<div>mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)</div>

<div>mPolicies-system: EnableLUA = 0 (0x0)</div>

<div>mPolicies-system: EnableUIADesktopToggle = 0 (0x0)</div>

<div>mPolicies-system: PromptOnSecureDesktop = 0 (0x0)</div>

<div>IE: E&xport to Microsoft Excel - C:PROGRA~2MICROS~2Office12EXCEL.EXE/3000</div>

<div>IE: Google Sidewiki... - C:Program Files (x86)GoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html</div>

<div>IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll</div>

<div>IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll</div>

<div>IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:PROGRA~2MICROS~2Office12ONBttnIE.dll</div>

<div>IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:PROGRA~2MICROS~2Office12REFIEBAR.DLL</div>

<div>Trusted Zone: aaa.comspp</div>

<div>Trusted Zone: aaa.comspp1</div>

<div>Trusted Zone: aaa.comspp2</div>

<div>Trusted Zone: aaa.comspp3</div>

<div>Trusted Zone: aaa.comsppt</div>

<div>Trusted Zone: aaa.comsppt1</div>

<div>Trusted Zone: aaa.comsppt2</div>

<div>DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab</div>

<div>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab</div>

<div>DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab</div>

<div>DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab</div>

<div>DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll</div>

<div>TCP: DhcpNameServer = 66.76.175.70 208.180.42.100</div>

<div>TCP: Interfaces{B0A13623-457A-4134-ACA7-2F33F1B7C58A} : DhcpNameServer = 66.76.175.70 208.180.42.100</div>

<div>TCP: Interfaces{B0A13623-457A-4134-ACA7-2F33F1B7C58A}14E6769656D20534D275962756C6563737 : DhcpNameServer = 192.168.1.1</div>

<div>TCP: Interfaces{B0A13623-457A-4134-ACA7-2F33F1B7C58A}2375942554438343 : DhcpNameServer = 192.168.1.254</div>

<div>TCP: Interfaces{B0A13623-457A-4134-ACA7-2F33F1B7C58A}3545F425D4D20534F5E4564777F627B6 : DhcpNameServer = 66.76.175.70 208.180.42.100</div>

<div>TCP: Interfaces{B0A13623-457A-4134-ACA7-2F33F1B7C58A}E4544574541425 : DhcpNameServer = 192.168.1.1</div>

<div>TCP: Interfaces{B0A13623-457A-4134-ACA7-2F33F1B7C58A}E626E6D6 : DhcpNameServer = 192.168.137.1</div>

<div>Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll</div>

<div>Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:Program Files (x86)Norton Internet SecurityEngine16.8.0.41CoIEPlg.dll</div>

<div>Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:Program Files (x86)Common FilesAVG Secure SearchViProtocolInstaller9.0.1ViProtocol.dll</div>

<div>Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll</div>

<div>BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File</div>

<div>BHO-X64:     0x1 - No File</div>

<div>BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll</div>

<div>BHO-X64:     AcroIEHelperStub - No File</div>

<div>BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssie.dll</div>

<div>BHO-X64:     WormRadar.com IESiteBlocker.NavFilter - No File</div>

<div>BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program Files (x86)Norton Internet SecurityEngine16.8.0.41coIEPlg.dll</div>

<div>BHO-X64:     Symantec NCO BHO - No File</div>

<div>BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:Program Files (x86)Norton Internet SecurityEngine16.8.0.41IPSBHO.DLL</div>

<div>BHO-X64:     Symantec Intrusion Prevention - No File</div>

<div>BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll</div>

<div>BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program Files (x86)AVG Secure Search9.0.0.21AVG Secure Search_toolbar.dll</div>

<div>BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:Program Files (x86)Windows LiveCompanioncompanioncore.dll</div>

<div>BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll</div>

<div>TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Internet SecurityEngine16.8.0.41coIEPlg.dll</div>

<div>TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File</div>

<div>TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program Files (x86)AVG Secure Search9.0.0.21AVG Secure Search_toolbar.dll</div>

<div>mRun-x64: [VideoWebCamera] "C:Program Files (x86)VideoWebCameraVideoWebCamera.exe" -a</div>

<div>mRun-x64: [info Center] C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe</div>

<div>mRun-x64: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"</div>

<div>mRun-x64: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"</div>

<div>mRun-x64: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime</div>

<div>mRun-x64: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"</div>

<div>mRun-x64: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe"</div>

<div>mRun-x64: [vProt] "C:Program Files (x86)AVG Secure Searchvprot.exe"</div>

<div>.</div>

<div>============= SERVICES / DRIVERS ===============</div>

<div>.</div>

<div>R0 AVGIDSEH;AVGIDSEH;C:windowssystem32DRIVERSAVGIDSEH.Sys --> C:windowssystem32DRIVERSAVGIDSEH.Sys [?]</div>

<div>R0 SymEFA;Symantec Extended File Attributes;C:windowssystem32driversNISx641008030.006SYMEFA64.SYS --> C:windowssystem32driversNISx641008030.006SYMEFA64.SYS [?]</div>

<div>R1 Avgldx64;AVG AVI Loader Driver;C:windowssystem32DRIVERSavgldx64.sys --> C:windowssystem32DRIVERSavgldx64.sys [?]</div>

<div>R1 Avgtdia;AVG TDI Driver;C:windowssystem32DRIVERSavgtdia.sys --> C:windowssystem32DRIVERSavgtdia.sys [?]</div>

<div>R1 IDSVia64;IDSVia64;C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NortonDefinitionsIPSDefs20111013.030IDSviA64.sys [2011-10-13 488568]</div>

<div>R1 MpFilter;Microsoft Malware Protection Driver;C:windowssystem32DRIVERSMpFilter.sys --> C:windowssystem32DRIVERSMpFilter.sys [?]</div>

<div>R1 SASDIFSV;SASDIFSV;C:Program FilesSUPERAntiSpywaresasdifsv64.sys [2011-7-22 14928]</div>

<div>R1 SASKUTIL;SASKUTIL;C:Program FilesSUPERAntiSpywaresaskutil64.sys [2011-7-12 12368]</div>

<div>R1 vwififlt;Virtual WiFi Filter Driver;C:windowssystem32DRIVERSvwififlt.sys --> C:windowssystem32DRIVERSvwififlt.sys [?]</div>

<div>R2 !SASCORE;SAS Core Service;C:Program FilesSUPERAntiSpywareSASCore64.exe [2011-8-11 140672]</div>

<div>R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/05/13 07:28:46];C:Program Files (x86)CyberlinkPowerDVD8000.fcl [2009-7-7 146928]</div>

<div>R2 AMD External Events Utility;AMD External Events Utility;C:windowssystem32atiesrxx.exe --> C:windowssystem32atiesrxx.exe [?]</div>

<div>R2 AMD FUEL Service;AMD FUEL Service;C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe [2011-1-26 354304]</div>

<div>R2 AMD Reservation Manager;AMD Reservation Manager;C:Program FilesATI TechnologiesATI.ACEReservation ManagerAMD Reservation Manager.exe [2010-6-17 194496]</div>

<div>R2 avgwd;AVG WatchDog;C:Program Files (x86)AVGAVG2012avgwdsvc.exe [2011-8-2 192776]</div>

<div>R2 ePowerSvc;Acer ePower Service;C:Program FilesGatewayGateway Power ManagementePowerSvc.exe [2010-5-13 844320]</div>

<div>R2 Greg_Service;GRegService;C:Program Files (x86)GatewayRegistrationGregHSRW.exe [2009-6-4 1150496]</div>

<div>R2 HsfXAudioService;HsfXAudioService;C:windowssystem32svchost.exe -k HsfXAudioService [2009-7-13 20992]</div>

<div>R2 MotoHelper;MotoHelper Service;C:Program Files (x86)MotorolaMotoHelperMotoHelperService.exe [2011-8-10 227184]</div>

<div>R2 NTI IScheduleSvc;NTI IScheduleSvc;C:Program Files (x86)NewTech InfosystemsGateway MyBackupIScheduleSvc.exe [2009-8-20 62720]</div>

<div>R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:Program Files (x86)Common FilesPC ToolssMonitorStartManSvc.exe [2010-11-29 583640]</div>

<div>R2 Updater Service;Updater Service;C:Program FilesGatewayGateway UpdaterUpdaterService.exe [2009-8-14 240160]</div>

<div>R2 vToolbarUpdater;vToolbarUpdater;C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater9.0.1ToolbarUpdater.exe [2011-12-15 869216]</div>

<div>R3 amdiox64;AMD IO Driver;C:windowssystem32DRIVERSamdiox64.sys --> C:windowssystem32DRIVERSamdiox64.sys [?]</div>

<div>R3 amdkmdag;amdkmdag;C:windowssystem32DRIVERSatikmdag.sys --> C:windowssystem32DRIVERSatikmdag.sys [?]</div>

<div>R3 amdkmdap;amdkmdap;C:windowssystem32DRIVERSatikmpag.sys --> C:windowssystem32DRIVERSatikmpag.sys [?]</div>

<div>R3 CAXHWAZL;CAXHWAZL;C:windowssystem32DRIVERSCAXHWAZL.sys --> C:windowssystem32DRIVERSCAXHWAZL.sys [?]</div>

<div>R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:Program Files (x86)Common FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [2011-8-4 136824]</div>

<div>R3 MpNWMon;Microsoft Malware Protection Network Driver;C:windowssystem32DRIVERSMpNWMon.sys --> C:windowssystem32DRIVERSMpNWMon.sys [?]</div>

<div>R3 pneteth;PdaNet Broadband;C:windowssystem32DRIVERSpneteth.sys --> C:windowssystem32DRIVERSpneteth.sys [?]</div>

<div>R3 usbfilter;AMD USB Filter Driver;C:windowssystem32DRIVERSusbfilter.sys --> C:windowssystem32DRIVERSusbfilter.sys [?]</div>

<div>S2 AVGIDSAgent;AVGIDSAgent;C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe [2011-10-12 4433248]</div>

<div>S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]</div>

<div>S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]</div>

<div>S2 gupdate;Google Update Service (gupdate);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2011-4-4 136176]</div>

<div>S2 Norton Internet Security;Norton Internet Security;C:Program Files (x86)Norton Internet SecurityEngine16.8.3.6ccSvcHst.exe [2011-10-10 117648]</div>

<div>S3 BHDrvx64;Symantec Heuristics Driver;C:windowssystem32DriversNISx641008000.029BHDrvx64.sys --> C:windowssystem32DriversNISx641008000.029BHDrvx64.sys [?]</div>

<div>S3 ccHP;Symantec Hash Provider;C:windowssystem32DriversNISx641008000.029ccHPx64.sys --> C:windowssystem32DriversNISx641008000.029ccHPx64.sys [?]</div>

<div>S3 fssfltr;fssfltr;C:windowssystem32DRIVERSfssfltr.sys --> C:windowssystem32DRIVERSfssfltr.sys [?]</div>

<div>S3 fsssvc;Windows Live Family Safety Service;C:Program Files (x86)Windows LiveFamily Safetyfsssvc.exe [2010-9-22 1493352]</div>

<div>S3 gupdatem;Google Update Service (gupdatem);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2011-4-4 136176]</div>

<div>S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:windowssystem32DRIVERSk57nd60a.sys --> C:windowssystem32DRIVERSk57nd60a.sys [?]</div>

<div>S3 motandroidusb;Mot ADB Interface Driver;C:windowssystem32Driversmotoandroid.sys --> C:windowssystem32Driversmotoandroid.sys [?]</div>

<div>S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:windowssystem32DRIVERSnetr28x.sys --> C:windowssystem32DRIVERSnetr28x.sys [?]</div>

<div>S3 NisDrv;Microsoft Network Inspection System;C:windowssystem32DRIVERSNisDrvWFP.sys --> C:windowssystem32DRIVERSNisDrvWFP.sys [?]</div>

<div>S3 NisSrv;Microsoft Network Inspection;C:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe [2011-4-27 288272]</div>

<div>S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:WindowsSystem32driversRtsUStor.sys [2010-5-13 225280]</div>

<div>S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:windowssystem32DRIVERSrtl8192se.sys --> C:windowssystem32DRIVERSrtl8192se.sys [?]</div>

<div>S3 SrvHsfHDA;SrvHsfHDA;C:windowssystem32DRIVERSVSTAZL6.SYS --> C:windowssystem32DRIVERSVSTAZL6.SYS [?]</div>

<div>S3 SrvHsfV92;SrvHsfV92;C:windowssystem32DRIVERSVSTDPV6.SYS --> C:windowssystem32DRIVERSVSTDPV6.SYS [?]</div>

<div>S3 SrvHsfWinac;SrvHsfWinac;C:windowssystem32DRIVERSVSTCNXT6.SYS --> C:windowssystem32DRIVERSVSTCNXT6.SYS [?]</div>

<div>S3 SYMNDISV;Symantec Network Filter Driver;C:windowssystem32DriversNISx641008000.029SYMNDISV.SYS --> C:windowssystem32DriversNISx641008000.029SYMNDISV.SYS [?]</div>

<div>S3 TsUsbFlt;TsUsbFlt;C:windowssystem32driverstsusbflt.sys --> C:windowssystem32driverstsusbflt.sys [?]</div>

<div>S3 USBAAPL64;Apple Mobile USB Driver;C:windowssystem32Driversusbaapl64.sys --> C:windowssystem32Driversusbaapl64.sys [?]</div>

<div>S3 WatAdminSvc;Windows Activation Technologies Service;C:windowssystem32WatWatAdminSvc.exe --> C:windowssystem32WatWatAdminSvc.exe [?]</div>

<div>S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:Program FilesZuneWMZuneComm.exe [2010-9-24 306416]</div>

<div>S4 wlcrasvc;Windows Live Mesh remote connections service;C:Program FilesWindows LiveMeshwlcrasvc.exe [2010-9-22 57184]</div>

<div>.</div>

<div>=============== Created Last 30 ================</div>

<div>.</div>

<div>2012-01-08 06:38:19<span class="Apple-tab-span" style="white-space:pre"> </span>69000<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{78DEB537-F26E-4374-8385-5CF7A4E627ED}offreg.dll</div>

<div>2012-01-08 06:38:16<span class="Apple-tab-span" style="white-space:pre"> </span>8822856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{78DEB537-F26E-4374-8385-5CF7A4E627ED}mpengine.dll</div>

<div>2012-01-04 19:22:49<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:UsersMichaelAppDataLocalFacebook</div>

<div>2011-12-17 16:23:51<span class="Apple-tab-span" style="white-space:pre"> </span>8822856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll</div>

<div>2011-12-16 02:10:25<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:Program Files (x86)Rift Game</div>

<div>2011-12-15 23:47:24<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:ProgramDataAVG Secure Search</div>

<div>2011-12-15 23:47:13<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:Program Files (x86)Common FilesAVG Secure Search</div>

<div>2011-12-15 23:47:10<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:Program Files (x86)AVG Secure Search</div>

<div>2011-12-15 23:45:22<span class="Apple-tab-span" style="white-space:pre"> </span>917840<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{702A30C1-B314-476B-9E26-25F9B17CDF98}gapaengine.dll</div>

<div>2011-12-15 23:44:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:UsersMichaelAppDataRoamingAVG2012</div>

<div>2011-12-15 23:43:30<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:ProgramDataAVG2012</div>

<div>2011-12-15 23:41:54<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:UsersMichaelAppDataRoamingAVG</div>

<div>2011-12-15 23:40:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:Program Files (x86)Microsoft Security Client</div>

<div>2011-12-15 23:40:39<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:Program FilesMicrosoft Security Client</div>

<div>2011-12-15 23:38:16<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:UsersMichaelAppDataRoamingSUPERAntiSpyware.com</div>

<div>2011-12-15 23:37:41<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:ProgramDataSUPERAntiSpyware.com</div>

<div>2011-12-15 23:37:41<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:Program FilesSUPERAntiSpyware</div>

<div>2011-12-15 23:37:26<span class="Apple-tab-span" style="white-space:pre"> </span>388096<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>C:UsersMichaelAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe</div>

<div>2011-12-15 23:37:26<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:Program Files (x86)Trend Micro</div>

<div>2011-12-15 18:18:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:UsersMichaelAppDataLocalSpotify</div>

<div>2011-12-15 18:17:57<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:UsersMichaelAppDataRoamingSpotify</div>

<div>2011-12-15 16:56:15<span class="Apple-tab-span" style="white-space:pre"> </span>43520<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:windowsSystem32csrsrv.dll</div>

<div>2011-12-15 16:56:09<span class="Apple-tab-span" style="white-space:pre"> </span>3145216<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:windowsSystem32win32k.sys</div>

<div>2011-12-15 16:56:04<span class="Apple-tab-span" style="white-space:pre"> </span>723456<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:windowsSystem32EncDec.dll</div>

<div>2011-12-15 16:56:04<span class="Apple-tab-span" style="white-space:pre"> </span>534528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:windowsSysWow64EncDec.dll</div>

<div>2011-12-15 16:55:40<span class="Apple-tab-span" style="white-space:pre"> </span>2048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:windowsSysWow64tzres.dll</div>

<div>2011-12-15 16:55:40<span class="Apple-tab-span" style="white-space:pre"> </span>2048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:windowsSystem32tzres.dll</div>

<div>2011-12-13 16:50:16<span class="Apple-tab-span" style="white-space:pre"> </span>8822856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:ProgramDataMicrosoftWindows DefenderDefinition Updates{47D46F75-D473-4EB0-B053-8CFB4F85878C}mpengine.dll</div>

<div>.</div>

<div>==================== Find3M  ====================</div>

<div>.</div>

<div>2011-11-23 15:35:58<span class="Apple-tab-span" style="white-space:pre"> </span>414368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:windowsSysWow64FlashPlayerCPLApp.cpl</div>

<div>2011-11-04 01:53:39<span class="Apple-tab-span" style="white-space:pre"> </span>2309120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:windowsSystem32jscript9.dll</div>

<div>2011-11-04 01:44:47<span class="Apple-tab-span" style="white-space:pre"> </span>1390080<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:windowsSystem32wininet.dll</div>

<div>2011-11-04 01:44:21<span class="Apple-tab-span" style="white-space:pre"> </span>1493504<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:windowsSystem32inetcpl.cpl</div>

<div>2011-11-04 01:34:43<span class="Apple-tab-span" style="white-space:pre"> </span>2382848<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:windowsSystem32mshtml.tlb</div>

<div>2011-11-03 22:47:42<span class="Apple-tab-span" style="white-space:pre"> </span>1798144<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:windowsSysWow64jscript9.dll</div>

<div>2011-11-03 22:40:21<span class="Apple-tab-span" style="white-space:pre"> </span>1427456<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:windowsSysWow64inetcpl.cpl</div>

<div>2011-11-03 22:39:47<span class="Apple-tab-span" style="white-space:pre"> </span>1127424<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:windowsSysWow64wininet.dll</div>

<div>2011-11-03 22:31:57<span class="Apple-tab-span" style="white-space:pre"> </span>2382848<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:windowsSysWow64mshtml.tlb</div>

<div>2011-10-24 22:29:02<span class="Apple-tab-span" style="white-space:pre"> </span>94208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:windowsSysWow64QuickTimeVR.qtx</div>

<div>2011-10-24 22:29:02<span class="Apple-tab-span" style="white-space:pre"> </span>69632<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:windowsSysWow64QuickTime.qts</div>

<div>2011-10-11 05:07:53<span class="Apple-tab-span" style="white-space:pre"> </span>561800<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:windowsSystem32driversNISx641008030.006cchpx64.sys</div>

<div>.</div>

<div>============= FINISH: 15:51:23.92 ===============</div>

<div> </div>

<div><u><strong><span style="color:#ff0000;">Attach.txt</span></strong></u></div>

<div> </div>

<div>.</div>

<div>UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.</div>

<div>IF REQUESTED, ZIP IT UP & ATTACH IT</div>

<div>.</div>

<div>DDS (Ver_2011-08-26.01)</div>

<div>.</div>

<div>Microsoft Windows 7 Home Premium </div>

<div>Boot Device: DeviceHarddiskVolume2</div>

<div>Install Date: 8/19/2010 1:29:29 PM</div>

<div>System Uptime: 1/6/2012 4:09:00 PM (47 hours ago)</div>

<div>.</div>

<div>Motherboard: Gateway         |  | SJV50TR                        </div>

<div>Processor: AMD Athlon II Dual-Core M300 | Socket S1G3 | 2000/200mhz</div>

<div>.</div>

<div>==== Disk Partitions =========================</div>

<div>.</div>

<div>C: is FIXED (NTFS) - 454 GiB total, 343.679 GiB free.</div>

<div>D: is CDROM ()</div>

<div>.</div>

<div>==== Disabled Device Manager Items =============</div>

<div>.</div>

<div>==== System Restore Points ===================</div>

<div>.</div>

<div>No restore point in system.</div>

<div>.</div>

<div>==== Installed Programs ======================</div>

<div>.</div>

<div> Update for Microsoft Office 2007 (KB2508958)</div>

<div>2007 Microsoft Office Suite Service Pack 2 (SP2)</div>

<div>Acrobat.com</div>

<div>Adobe AIR</div>

<div>Adobe Flash Player 11 ActiveX</div>

<div>Adobe Reader 9.4.1 MUI</div>

<div>Adobe Shockwave Player 11.5</div>

<div>AMD USB Filter Driver</div>

<div>Apple Application Support</div>

<div>Apple Software Update</div>

<div>ASIO4ALL</div>

<div>AVG PC Tuneup</div>

<div>Backup Manager Basic</div>

<div>Catalyst Control Center - Branding</div>

<div>Catalyst Control Center Core Implementation</div>

<div>Catalyst Control Center Graphics Full Existing</div>

<div>Catalyst Control Center Graphics Full New</div>

<div>Catalyst Control Center Graphics Light</div>

<div>Catalyst Control Center Graphics Previews Common</div>

<div>Catalyst Control Center InstallProxy</div>

<div>Catalyst Control Center Localization All</div>

<div>ccc-core-static</div>

<div>CCC Help English</div>

<div>Collab</div>

<div>Compatibility Pack for the 2007 Office system</div>

<div>Curse Client</div>

<div>CyberLink Power2Go</div>

<div>CyberLink PowerDVD 8</div>

<div>D3DX10</div>

<div>Drumaxx</div>

<div>eBay Worldwide</div>

<div>Facebook Video Calling 1.0.0.8953</div>

<div>FL Studio 9</div>

<div>Gateway InfoCentre</div>

<div>Gateway MyBackup</div>

<div>Gateway Power Management</div>

<div>Gateway Recovery Management</div>

<div>Gateway Registration</div>

<div>Gateway ScreenSaver</div>

<div>Gateway Updater</div>

<div>Google Chrome</div>

<div>Google Earth</div>

<div>Google Update Helper</div>

<div>Hardcore</div>

<div>HiJackThis</div>

<div>Identity Card</div>

<div>IL Download Manager</div>

<div>Info Center 1.0.0.7</div>

<div>Java Auto Updater</div>

<div>Java 6 Update 29</div>

<div>Junk Mail filter update</div>

<div>Launch Manager</div>

<div>Malwarebytes' Anti-Malware version 1.51.2.1300</div>

<div>Mesh Runtime</div>

<div>Messenger Companion</div>

<div>Microsoft Office Excel MUI (English) 2007</div>

<div>Microsoft Office File Validation Add-In</div>

<div>Microsoft Office Home and Student 2007</div>

<div>Microsoft Office OneNote MUI (English) 2007</div>

<div>Microsoft Office PowerPoint MUI (English) 2007</div>

<div>Microsoft Office PowerPoint Viewer 2007 (English)</div>

<div>Microsoft Office Proof (English) 2007</div>

<div>Microsoft Office Proof (French) 2007</div>

<div>Microsoft Office Proof (Spanish) 2007</div>

<div>Microsoft Office Proofing (English) 2007</div>

<div>Microsoft Office Shared MUI (English) 2007</div>

<div>Microsoft Office Shared Setup Metadata MUI (English) 2007</div>

<div>Microsoft Office Suite Activation Assistant</div>

<div>Microsoft Office Word MUI (English) 2007</div>

<div>Microsoft Silverlight</div>

<div>Microsoft SQL Server 2005 Compact Edition [ENU]</div>

<div>Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053</div>

<div>Microsoft Visual C++ 2005 Redistributable</div>

<div>Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570</div>

<div>Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022</div>

<div>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148</div>

<div>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161</div>

<div>Microsoft Works</div>

<div>MotoHelper 2.0.53 Driver 5.2.0</div>

<div>MotoHelper MergeModules</div>

<div>MSVCRT</div>

<div>MSVCRT_amd64</div>

<div>MSXML 4.0 SP2 (KB954430)</div>

<div>MSXML 4.0 SP2 (KB973688)</div>

<div>Norton Internet Security</div>

<div>Norton Online Backup</div>

<div>PdaNet for Android 2.45</div>

<div>PoiZone</div>

<div>QuickTime</div>

<div>Realtek USB 2.0 Card Reader</div>

<div>Registry Mechanic 10.0</div>

<div>Sakura</div>

<div>Sawer</div>

<div>Security Update for 2007 Microsoft Office System (KB2288621)</div>

<div>Security Update for 2007 Microsoft Office System (KB2288931)</div>

<div>Security Update for 2007 Microsoft Office System (KB2345043)</div>

<div>Security Update for 2007 Microsoft Office System (KB2553089)</div>

<div>Security Update for 2007 Microsoft Office System (KB2553090)</div>

<div>Security Update for 2007 Microsoft Office System (KB2584063)</div>

<div>Security Update for 2007 Microsoft Office System (KB969559)</div>

<div>Security Update for 2007 Microsoft Office System (KB976321)</div>

<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)</div>

<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)</div>

<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)</div>

<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)</div>

<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)</div>

<div>Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)</div>

<div>Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition</div>

<div>Security Update for Microsoft Office InfoPath 2007 (KB979441)</div>

<div>Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition</div>

<div>Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition</div>

<div>Security Update for Microsoft Office system 2007 (972581)</div>

<div>Security Update for Microsoft Office system 2007 (KB974234)</div>

<div>Security Update for Microsoft Office Visio Viewer 2007 (KB973709)</div>

<div>Security Update for Microsoft Office Word 2007 (KB2344993)</div>

<div>Spotify</div>

<div>Toxic Biohazard</div>

<div>Update for 2007 Microsoft Office System (KB2284654)</div>

<div>Update for 2007 Microsoft Office System (KB967642)</div>

<div>Update for Microsoft .NET Framework 4 Client Profile (KB2468871)</div>

<div>Update for Microsoft .NET Framework 4 Client Profile (KB2533523)</div>

<div>Update for Microsoft Office 2007 Help for Common Features (KB963673)</div>

<div>Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition</div>

<div>Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition</div>

<div>Update for Microsoft Office 2007 System (KB2539530)</div>

<div>Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition</div>

<div>Update for Microsoft Office Excel 2007 Help (KB963678)</div>

<div>Update for Microsoft Office OneNote 2007 (KB980729)</div>

<div>Update for Microsoft Office OneNote 2007 Help (KB963670)</div>

<div>Update for Microsoft Office Powerpoint 2007 Help (KB963669)</div>

<div>Update for Microsoft Office Script Editor Help (KB963671)</div>

<div>Update for Microsoft Office Word 2007 Help (KB963665)</div>

<div>Ventrilo Client</div>

<div>Video Web Camera</div>

<div>Visual Studio 2008 x64 Redistributables</div>

<div>Windows Live Communications Platform</div>

<div>Windows Live Essentials</div>

<div>Windows Live Installer</div>

<div>Windows Live Mail</div>

<div>Windows Live Mesh</div>

<div>Windows Live Mesh ActiveX Control for Remote Connections</div>

<div>Windows Live Messenger</div>

<div>Windows Live Messenger Companion Core</div>

<div>Windows Live Movie Maker</div>

<div>Windows Live Photo Common</div>

<div>Windows Live Photo Gallery</div>

<div>Windows Live PIMT Platform</div>

<div>Windows Live SOXE</div>

<div>Windows Live SOXE Definitions</div>

<div>Windows Live Sync</div>

<div>Windows Live UX Platform</div>

<div>Windows Live UX Platform Language Pack</div>

<div>Windows Live Writer</div>

<div>Windows Live Writer Resources</div>

<div>World of Warcraft</div>

<div>World of Warcraft Public Test</div>

<div>.</div>

<div>==== Event Viewer Messages From Past Week ========</div>

<div>.</div>

<div>1/8/2012 3:39:30 PM, Error: amdsata [11]  - The driver detected a controller error on DeviceRaidPort0.</div>

<div>1/8/2012 3:32:43 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013]  - The DHCP allocator has disabled itself on IP address 192.168.1.100, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.</div>

<div>1/8/2012 3:32:42 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.</div>

<div>1/8/2012 3:32:40 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.</div>

<div>1/5/2012 9:43:26 AM, Error: Server [2505]  - The server could not bind to the transport DeviceNetBT_Tcpip_{B0A13623-457A-4134-ACA7-2F33F1B7C58A} because another computer on the network has the same name.  The server could not start.</div>

<div>1/4/2012 9:10:17 AM, Error: Microsoft-Windows-SharedAccess_NAT [34001]  - The ICS_IPV6 failed to configure IPv6 stack.</div>

<div>1/4/2012 8:40:03 AM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.</div>

<div>1/4/2012 8:37:52 AM, Error: Service Control Manager [7003]  - The AVGIDSAgent service depends the following service: AVGIDSDriver. This service might not be installed.</div>

<div>1/4/2012 8:37:39 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Norton Internet Security service to connect.</div>

<div>1/4/2012 8:37:39 AM, Error: Service Control Manager [7000]  - The Norton Internet Security service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.</div>

<div>1/4/2012 12:57:48 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer OWNER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B0A13623-457A-4134-ACA7-2F33F1B7C58A}. The master browser is stopping or an election is being forced.</div>

<div>1/2/2012 7:26:43 AM, Error: Microsoft-Windows-SharedAccess_NAT [30005]  - The DHCP allocator has detected a DHCP server with IP address 192.168.1.1 on the same network as the interface with IP address 192.168.137.1. The allocator has disabled itself on the interface to avoid confusing DHCP clients.</div>

<div>.</div>

<div>==== End Of File ===========================</div>

<div> </div>

<div><strong><u><span style="color:#ff0000;">aswMBR</span></u></strong></div>

<div> </div>

<div>

<div>aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software</div>

<div>Run date: 2012-01-08 15:40:26</div>

<div>-----------------------------</div>

<div>15:40:26.611    OS Version: Windows x64 6.1.7601 Service Pack 1</div>

<div>15:40:26.611    Number of processors: 2 586 0x602</div>

<div>15:40:26.611    ComputerName: MICHAEL-PC  UserName: Michael</div>

<div>15:40:31.235    Initialize success</div>

<div>15:41:45.250    AVAST engine defs: 12010801</div>

<div>15:44:42.720    Disk 0 (boot) DeviceHarddisk0DR0 -> Device0000006b</div>

<div>15:44:42.720    Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 11</div>

<div>15:44:42.735    Disk 0 MBR read successfully</div>

<div>15:44:42.751    Disk 0 MBR scan</div>

<div>15:44:42.829    Disk 0 unknown MBR code</div>

<div>15:44:42.845    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        12000 MB offset 2048</div>

<div>15:44:42.876    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 24578048</div>

<div>15:44:42.907    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       464838 MB offset 24782848</div>

<div>15:44:42.923    Service scanning</div>

<div>15:44:43.734    Service MpNWMon C:windowssystem32DRIVERSMpNWMon.sys **LOCKED** 32</div>

<div>15:44:44.467    Modules scanning</div>

<div>15:44:44.467    Disk 0 trace - called modules:</div>

<div>15:44:44.529    ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys storport.sys hal.dll amdsata.sys </div>

<div>15:44:45.044    1 nt!IofCallDriver -> DeviceHarddisk0DR0[0xfffffa800419f370]</div>

<div>15:44:45.060    3 CLASSPNP.SYS[fffff88001b5a43f] -> nt!IofCallDriver -> [0xfffffa800418e040]</div>

<div>15:44:45.060    5 amdxata.sys[fffff880010e88b9] -> nt!IofCallDriver -> [0xfffffa800418de40]</div>

<div>15:44:45.075    7 ACPI.sys[fffff88000f2d7a1] -> nt!IofCallDriver -> Device0000006b[0xfffffa800418a060]</div>

<div>15:44:57.103    AVAST engine scan C:windows</div>

<div>15:45:10.815    AVAST engine scan C:windowssystem32</div>

<div>15:48:40.702    AVAST engine scan C:windowssystem32drivers</div>

<div>15:48:58.470    AVAST engine scan C:UsersMichael</div>

<div>15:58:45.852    Disk 0 MBR has been saved successfully to "C:UsersMichaelDesktopMBR.dat"</div>

<div>15:58:45.867    The log file has been saved successfully to "C:UsersMichaelDesktopaswMBR.txt"</div>

<div> </div>

<div> </div>

</div>

<p><strong><u><span style="color:#ff0000;">MBRcheck</span></u></strong></p>

<p> </p>

<p>MBRCheck, version 1.2.3</p>

<div>© 2010, AD</div>

<div> </div>

<div>Command-line:<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>Windows Version:<span class="Apple-tab-span" style="white-space:pre"> </span>Windows 7 Home Premium Edition</div>

<div>Windows Information:<span class="Apple-tab-span" style="white-space:pre"> </span>Service Pack 1 (build 7601), 64-bit</div>

<div>Base Board Manufacturer:<span class="Apple-tab-span" style="white-space:pre"> </span>Gateway</div>

<div>BIOS Manufacturer:<span class="Apple-tab-span" style="white-space:pre"> </span>Phoenix Technologies LTD</div>

<div>System Manufacturer:<span class="Apple-tab-span" style="white-space:pre"> </span>Gateway</div>

<div>System Product Name:<span class="Apple-tab-span" style="white-space:pre"> </span>NV53</div>

<div>Logical Drives Mask:<span class="Apple-tab-span" style="white-space:pre"> </span>0x0000000c</div>

<div> </div>

<div>Kernel Drivers (total 216):</div>

<div>  0x02C1B000 SystemRootsystem32ntoskrnl.exe</div>

<div>  0x03204000 SystemRootsystem32hal.dll</div>

<div>  0x00B9E000 SystemRootsystem32kdcom.dll</div>

<div>  0x00C26000 SystemRootsystem32mcupdate_AuthenticAMD.dll</div&

Link to comment
Share on other sites

Hello Michael Devaney

 

not sure what all the <div> is about but i didn't put it in >.<

I'm not sure what they are all about either....

 

The MBRCheck log has been cut off. Could you please send it again and provide the requested description of all the symptoms the machine is displaying (popups, error messages, redirects etc).

Link to comment
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

 

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer: Gateway

BIOS Manufacturer: Phoenix Technologies LTD

System Manufacturer: Gateway

System Product Name: NV53

Logical Drives Mask: 0x0000000c

 

Kernel Drivers (total 216):

0x02C1B000 SystemRootsystem32ntoskrnl.exe

0x03204000 SystemRootsystem32hal.dll

0x00B9E000 SystemRootsystem32kdcom.dll

0x00C26000 SystemRootsystem32mcupdate_AuthenticAMD.dll

0x00C33000 SystemRootsystem32PSHED.dll

0x00C47000 SystemRootsystem32CLFS.SYS

0x00CA5000 SystemRootsystem32CI.dll

0x00E6F000 SystemRootsystem32driversWdf01000.sys

0x00F13000 SystemRootsystem32driversWDFLDR.SYS

0x00F22000 SystemRootsystem32driversACPI.sys

0x00F79000 SystemRootsystem32driversWMILIB.SYS

0x00F82000 SystemRootsystem32driversmsisadrv.sys

0x00F8C000 SystemRootsystem32driverspci.sys

0x00FBF000 SystemRootsystem32driversvdrvroot.sys

0x00FCC000 SystemRootSystem32driverspartmgr.sys

0x00FE1000 SystemRootsystem32DRIVERScompbatt.sys

0x00FEA000 SystemRootsystem32DRIVERSBATTC.SYS

0x00E00000 SystemRootsystem32driversvolmgr.sys

0x00D65000 SystemRootSystem32driversvolmgrx.sys

0x00E15000 SystemRootSystem32driversmountmgr.sys

0x00E2F000 SystemRootsystem32driversatapi.sys

0x00E38000 SystemRootsystem32driversataport.SYS

0x00E62000 SystemRootsystem32driversmsahci.sys

 

 

 

and its been oddly sluggish on Boot lately, with the occasional lock up while playing games and such

Link to comment
Share on other sites

Hello Michael Devanay

 

Thank you for the logs.

 

thats all the mbrCheck log posts to notepad

Thanks for letting me know.

 

its been oddly sluggish on Boot lately, with the occasional lock up while playing games and such

Can you confirm to me that you are not experiencing any browser redirects when surfing the net?

  • Please create a new System Restore point

  • Click on your "Windows Orb".
  • Right click on "Computer" and then select "Properties".
  • Click on the "Sytem Protection" link.
  • Select the "System Protection" tab and click on "Create".
  • Give the restore point a name (for example, todays date) then click on "Create".
  • You should receive notification that the restore point was created.
  • Security Programs

    • I can see from your log that you have a number of real-time security programs running, namely Microsoft Security Essentials, Norton Internet Security and AVG Anti-Virus 2012.
    • Whilst these programs provide good security, they may clash with each other which can leave your system vulnerable to infection.
    • You are advised to remove two of these programs.
    • Please make sure that you only have ONE Firewall and ONE real-time Antivirus running on your system.
  • Registry Cleaners

    • You have Registry Mechanic 10.0 installed.
    • We tend not to recommend the use of registry cleaners as in many cases they can cause more harm than good.
    • If you do not use this program you should uninstall it.
    • More information can be found here.
    When you ran aswMBR, a file called MBR.dat would have been created on your desktop.

     

    I would like to take a closer look at this file as follows:

  • Please scan the following files

    • On the page you'll find a "Browse" button.
    • Click on the Browse button.
    • In the Choose File to Upload window which opens, copy and paste this into the File Name box.
    C:\Users\Michael\Desktop\MBR.dat

     

     

    • Next, click the Open button.
    • Then click the "Send File" button just below.
    • This will scan the file. Please be patient.
    • If you get a message saying File has already been analyzed: click Reanalyze file now.
    • Once scanned, copy and paste the link to the results page in your next reply.
    Please post the link to the VT scan page in your next reply and let me know if the machine is running any better after dealing with the multiple security programs, and if you are being redirected while browsing (very important).
Link to comment
Share on other sites

Hello Michael Devaney

 

The link you have posted is for the VT home page rather than the file scan result page.

 

Lets try this:

 

Scan the file again as described in my previous post and once complete, click on the show all button, then copy/paste the whole results page into your reply.

 

Is the machine running any better after removing the extra security programs?

Link to comment
Share on other sites

seems to of booted up quicker this morning,

Antivirus Version Last Update Result AhnLab-V3 2012.01.08.00 2012.01.08 - AntiVir 7.11.20.195 2012.01.08 - Antiy-AVL 2.0.3.7 2012.01.08 - Avast 6.0.1289.0 2012.01.08 - AVG 10.0.0.1190 2012.01.08 - BitDefender 7.2 2012.01.08 - ByteHero 1.0.0.1 2011.12.31 - CAT-QuickHeal 12.00 2012.01.08 - ClamAV 0.97.3.0 2012.01.07 - Commtouch 5.3.2.6 2012.01.07 - Comodo 11216 2012.01.08 - DrWeb 5.0.2.03300 2012.01.08 - Emsisoft 5.1.0.11 2012.01.08 - eSafe 7.0.17.0 2012.01.08 - eTrust-Vet 37.0.9668 2012.01.06 - F-Prot 4.6.5.141 2012.01.07 - F-Secure 9.0.16440.0 2012.01.08 - Fortinet 4.3.388.0 2012.01.08 - GData 22 2012.01.08 - Ikarus T3.1.1.109.0 2012.01.08 - Jiangmin 13.0.900 2012.01.08 - K7AntiVirus 9.123.5881 2012.01.06 - Kaspersky 9.0.0.837 2012.01.08 - McAfee 5.400.0.1158 2012.01.08 - McAfee-GW-Edition 2010.1E 2012.01.08 - Microsoft 1.7903 2012.01.08 - NOD32 6777 2012.01.08 - nProtect 2012-01-08.01 2012.01.08 - Panda 10.0.3.5 2012.01.08 - PCTools 8.0.0.5 2012.01.08 - Prevx 3.0 2012.01.10 - Rising 23.91.04.02 2012.01.06 - Sophos 4.73.0 2012.01.08 - SUPERAntiSpyware 4.40.0.1006 2012.01.07 - Symantec 20111.2.0.82 2012.01.08 - TheHacker 6.7.0.1.373 2012.01.08 - TrendMicro 9.500.0.1008 2012.01.08 - TrendMicro-HouseCall 9.500.0.1008 2012.01.08 - VIPRE 11370 2012.01.08 - ViRobot 2012.1.7.4869 2012.01.08 - VirusBuster 14.1.157.0 2012.01.08 -

Additional information

Show all MD5 : e045215ce31e81c725603f5aaa385a25 SHA1 : 90a453ed8e1f37981e54f776424022f15b9b2e1a SHA256: e2275c2a1036e43789e2853a8b59b5c0b2d6e879840b3f952fc79467f4b1ba73 ssdeep: 6:PekYd2kQCuPQRJDNDVdi0CTQm0HSCXEG4TqzZueSCXEG1uUiwQOaNYRdKYwNYRuu:mTd2LCu+

n2TQBfpZuCfNCnibZOwuY+g File size : 512 bytes First seen: 2012-01-10 02:51:29 Last seen : 2012-01-10 14:49:19 TrID:

Unknown! sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned ExifTool:

file metadata

Error: Unknown file type

FileSize: 512 bytes

Link to comment
Share on other sites

Hello Michael Devaney

 

Thank you for the scan data.

  • Please RUN HijackThis

  • Click the "Do a System Scan Only" button to produce a log.
  • Place a check mark beside each one of the following items (if they are present):

 

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O15 - Trusted Zone: spp.aaa.com

O15 - Trusted Zone: spp1.aaa.com

O15 - Trusted Zone: spp2.aaa.com

O15 - Trusted Zone: spp3.aaa.com

O15 - Trusted Zone: sppt.aaa.com

O15 - Trusted Zone: sppt1.aaa.com

O15 - Trusted Zone: sppt2.aaa.com

 

 

  • Now with all the items selected, and all windows closed except for HJT, delete the selected items by clicking the FIX checked button. Close the HijackThis window.
  • Temporary File Cleaner

    • Download TFC to your desktop.
    • Close any open windows.
    • Right click the TFC icon and select "Run as Administrator" to run the program.
    • TFC will close all open programs itself in order to run.
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish.
    • Once complete it should automatically reboot your machine.
    • If your machine does not reboot automatically, manually reboot to ensure a complete clean.
    • Note: After running TFC your machine may take slightly longer to boot the first time. This is normal.
  • MalwareBytes AntiMalware:

    • I can see that you have MBAM installed.
    • Double click on your MalwareBytes AntiMalware icon to launch the program.
    • Click on the "Update" tab and then on "Check for Updates".
    • The program will now install the latest Malware definition files.
    • Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
    • Once the program has scanned your computer, a log file will be created in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
    • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
    • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
    • Come back here to this thread and Paste the log in your next reply.
  • Please run the following scan

    • Note: You will need to use Internet Explorer for this scan.
    • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
    • Please disable your real time security programs before performing the scan.
    • Scan your system with Eset Online Scanner
    • Place a check mark in the box YES, I accept the Terms Of Use.
    • Click the Posted Image button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
    • Check Posted Image
    • Click the Posted Image button.
    • Accept any security warnings from your browser.
    • Check Posted Image
    • Make sure that the option to "Remove Found Threats" is UN checked.
    • Push the "Start" button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push Posted Image
    • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the Posted Image button.
    • Push Posted Image
    Please post the MBAM log, the ESET log and a new set of DDS logs in your next reply and let me know how the machine is running now.
Link to comment
Share on other sites

Due to inactivity, this topic has been closed.

 

If you are the topic starter and need this topic reopened, please PM a staff member (include the address of this thread in your request).

 

Everyone else please start a new topic.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...