StarStrider

Thanks. Your theory makes sense; especially since companies have been pretty slow in putting out laptops with more than 500gb hard drives for a long time. It's really just been this year that they have (beyond lines like Alienware), even though we've had TB desktop drives for a while now. The failing drive was Western Digital 500gb. Probably not one of their higher-end lines though. If you want the exact model number or something, I can repost or message you or something when I pull it. Otw I wasn't planning on touching it until I get the new drive. I was just going to get him a WD Scorpio Blue 320gb. It's what I replaced my own laptop hdd when it failed over a year ago, and while I don't use my laptop every day I've been pleased with it. Plus they have it at Best Buy. He's been considering saving up for a nice desktop anyway, so I'm not too worried about the laptop needing to chug on for years and years. It's an acer anyway, so something else is bound to fail before the new hard drive...lol. Thanks for all your help! =)

He was operating off of an external drive for all data, so I'm not too worried about backing anything up. If I did it would be just a few files here and there. I actually do already have all his drivers downloaded from when I did the clean install this last summer. Just need to remake a Win7 disc, which I'm working on. I *think* I found a good Win7 SP1 64bit HP iso. All right, I stopped the test and ran DiskUtility and it reports the following: Overall assessment is that the "Disk has a few bad sectors" but it's still green lighted. (513 bad sectors reported, temp okay.) Read error rate is good, as is spinup time, spinup retry count, and write error rate, BUT. Reallocated sector count is in red warning, with normalized 153, worst 153, threshold 140, and a value of 513 sectors. So...whatcha think? Edited to add: Just finished making a new Win7 install disk, and popped it in just to see the repair install options, and windows couldn't detect itself on the drive, nor could it read or detect any space on the main data partition. (It recognized a boot partition and a recovery partition, neither of which had windows on according to the disc, and it displayed a blank drive icon for the data partition). So, yeah, sounds like a bad drive to me, but I'd just like someone else's confirmation before I call this a closed case and continue.

I started a disk check through Ubuntu livecd (it's still not done). I don't have a spare drive to test it with. I have my own laptop's drive, but I can't just swap them since mine runs 32-bit and his 64-bit let alone the drivers and everything else. However, I really don't remember a drive checker taking all day to run. (It's just shy of 12 hours.) Actually, I do have a spare PATA laptop drive. Is there any way to rig it up to a SATA connection to try, or would it even be compatible enough to try? My other problem eventually will be that I don't have a Win7 disc. My desktop and his laptop both run OEM Home Premium editions. I of course made a set of recovery discs for my desktop, but they're specific for my desktop. So I guess I'll have to find out where to d/l a vanilla or vanilla SP1 version of Win7 to make a disc.

Sorry for replying again, I'm not trying to bump it, there's just been an update in the problem. I figured out how to create a bootable USB into DOS with the latest BIOS version supplied by Acer for the laptop. So, I attempted to flash the BIOS, but before it actually updated an error came up: Phoenix phlash16 could not open file C:\BIODS.WPH. Yet when I exited DOS and rebooted the computer (I've been able to run Ubuntu off a liveCD), the BIOS loaded. I'm not sure why/how since the flash didn't actually occur... But the laptop still won't boot. After the initial bios screen, there's a horizonal blinking cursor for a few seconds before the screen goes blank like before. I made a Win7 64bit repair disc from my desktop (which also runs Win7 64bit) to try and access the recovery module, but after booting from the disc and letting the files load, nothing would happen and the screen went blank. I retried several times to the same problem. I did try the disc in my desktop to make sure that the disc itself works and it does. ...So, now I'm really stumped what to try next.

I let memtest run for over 8 hours. It made 6 passes with 0 errors, so I feel pretty comfortable that it's not an issue with the RAM. Other suggestions? Or a way to reflash the bios with the correct version (in my original post)?

Just started memtest about 45 minutes ago. I almost couldn't get it running though. I made both a bootable usb (first) and when I couldn't get that to launch--the screen stayed blank; the bios never loads--I tried the CD version just in case, and had the same trouble with it. I finally popped in a LiveCD of Ubuntu, which has memtest on its advanced startup options, and that finally took. So, I still feel like it might be the bios since I couldn't get memtest to run without the ubunutu disk. Also, the fan has been running fine and the laptop hasn't gotten unreasonably hot so far. I'll post again when the memtest is finished with results.

Thanks. I've heard him mention the fan running a lot, but I haven't heard it myself. I do not believe it has overheated ever. I will have him check the monitor just to be 100%. I think I can have him put MemTest86 on a bootable USB. If not it'll have to wait for later in the week.

No I hadn't gotten around to it yet. I used to have MemTest86, but if it can't boot is there a ram testing tool in Ubuntu or PE Builder?

Hey guys, this may be an odd situation. I'm attempting to help my boyfriend fix his computer because I'm the more tech savy of us. However, currently his laptop is an hour and a half away. He's coming to see me this next Thursday for the weekend though, and will likely leave it with me while he's on break for about a month, so I'd like to have a plan of action to start on as soon as I get my hands on it, hence why I'm starting this help request before I physically have it (though I can get him to send me info easily as needed). I really hope you guys are willing to work with me on this even though it's an odd middleman situation for right now. (And maybe it'll take the week to hear from any of you and this will become a moot point. Regardless.) All right. He's got an Acer Aspire 7552G-6061 running on Win7 64-bit. He began having trouble with it freezing on boot, then completely dying on him every time he used memory-intensive programs (playing games, using Skype chats, etc). I performed a clean install on it to rule out as much as possible, but the problems began again immediately. It would take several failed boots for it to finally boot up, but would die as soon as certain programs were used or if it was put into sleep, standby, or hibernation. It currently does not even boot or load the BIOS, and fits the description of the Aspire One "Black screen of death" problem: once the power button is pushed, the screen is blank, black, and nothing happens. I was going to have him try the updated solution I found for that problem: http://eric.chromick.../#axzz2EVvG4Z9o (It's the solution listed at the bottom of the post beyond the struck-out solution bits.) But. For one, the BIOS download for his model of Aspire does not fit the solution's description of BIOS files. For two, I'm fairly certain this solution was developed under WinXP, and his laptop is Win7, so I don't want to try the provided modified BIOS files (especially since it's not the same model of computer anyway). So, I'm not sure what to do. I've tried searching myself for newer, more relevant solution, but haven't found anything. I just really think this might be what's going on though, but maybe you have other ideas? Thanks in advance, guys, you've been wizards for me in the past!

ComboFix 12-01-05.04 - Thora 01/09/2012 18:50:59.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6914 [GMT -6:00] Running from: E:\ComboFix.exe AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E} SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 ))))))))))))))))))))))))))))))) . . 2012-01-10 07:39 . 2012-01-10 07:39 -------- d-----w- c:\users\Default\AppData\Local\temp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-27 16:22 . 2011-11-27 16:22 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-11-21 11:40 . 2011-12-08 15:18 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE4BF53B-F20A-4A0D-A3BB-0F20379F0D43}\mpengine.dll 2011-11-16 03:40 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-11-16 03:40 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-11-13 01:25 . 2011-11-13 01:25 3 ----a-w- c:\windows\system32\PLD_Framework.cmd 2011-11-12 23:46 . 2011-11-12 23:46 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll 2011-11-12 23:46 . 2011-11-12 23:46 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll 2011-11-12 23:46 . 2011-11-12 23:46 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll 2011-11-12 23:44 . 2011-11-12 23:44 466520 ----a-w- c:\windows\system32\wrap_oal.dll 2011-11-12 23:44 . 2011-11-12 23:44 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2011-11-12 23:44 . 2011-11-12 23:44 123480 ----a-w- c:\windows\system32\OpenAL32.dll 2011-11-12 23:44 . 2011-11-12 23:44 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2011-10-26 03:21 . 2011-10-26 03:21 66560 ----a-w- c:\windows\system32\OpenVideo64.dll 2011-10-26 03:21 . 2011-10-26 03:21 56832 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2011-10-26 03:21 . 2011-10-26 03:21 66560 ----a-w- c:\windows\system32\OVDecoder64.dll 2011-10-26 03:21 . 2011-10-26 03:21 56832 ----a-w- c:\windows\SysWow64\OVDecoder.dll 2011-10-26 03:21 . 2011-10-26 03:21 16991744 ----a-w- c:\windows\system32\amdocl64.dll 2011-10-26 03:20 . 2011-10-26 03:20 13950464 ----a-w- c:\windows\SysWow64\amdocl.dll 2011-10-26 03:19 . 2011-10-26 03:19 51200 ----a-w- c:\windows\system32\OpenCL.dll 2011-10-26 03:19 . 2011-10-26 03:19 44032 ----a-w- c:\windows\SysWow64\OpenCL.dll 2011-10-26 03:05 . 2011-10-26 03:05 10496512 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2011-10-26 02:16 . 2011-10-26 02:16 24866816 ----a-w- c:\windows\system32\atio6axx.dll 2011-10-26 02:06 . 2011-10-26 02:06 159744 ----a-w- c:\windows\system32\atiapfxx.exe 2011-10-26 02:05 . 2011-10-26 02:05 748544 ----a-w- c:\windows\SysWow64\aticfx32.dll 2011-10-26 02:04 . 2010-03-30 07:51 892416 ----a-w- c:\windows\system32\aticfx64.dll 2011-10-26 02:01 . 2011-10-26 02:01 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-10-26 02:01 . 2011-10-26 02:01 517120 ----a-w- c:\windows\system32\atieclxx.exe 2011-10-26 02:00 . 2011-10-26 02:00 204288 ----a-w- c:\windows\system32\atiesrxx.exe 2011-10-26 01:59 . 2011-10-26 01:59 18757120 ----a-w- c:\windows\SysWow64\atioglxx.dll 2011-10-26 01:59 . 2011-10-26 01:59 120320 ----a-w- c:\windows\system32\atitmm64.dll 2011-10-26 01:59 . 2011-10-26 01:59 423424 ----a-w- c:\windows\system32\atipdl64.dll 2011-10-26 01:59 . 2011-10-26 01:59 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll 2011-10-26 01:59 . 2011-10-26 01:59 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll 2011-10-26 01:58 . 2011-10-26 01:58 21504 ----a-w- c:\windows\system32\atimuixx.dll 2011-10-26 01:58 . 2011-10-26 01:58 59392 ----a-w- c:\windows\system32\atiedu64.dll 2011-10-26 01:58 . 2011-10-26 01:58 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2011-10-26 01:55 . 2011-10-26 01:55 4292096 ----a-w- c:\windows\SysWow64\atidxx32.dll 2011-10-26 01:46 . 2010-03-30 07:51 5041664 ----a-w- c:\windows\system32\atidxx64.dll 2011-10-26 01:43 . 2011-10-26 01:43 1113088 ----a-w- c:\windows\system32\atiumd6v.dll 2011-10-26 01:43 . 2011-10-26 01:43 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll 2011-10-26 01:43 . 2011-10-26 01:43 4044288 ----a-w- c:\windows\system32\atiumd6a.dll 2011-10-26 01:38 . 2011-10-26 01:38 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2011-10-26 01:38 . 2011-10-26 01:38 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2011-10-26 01:38 . 2011-10-26 01:38 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2011-10-26 01:38 . 2011-10-26 01:38 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2011-10-26 01:38 . 2011-10-26 01:38 9978880 ----a-w- c:\windows\system32\aticaldd64.dll 2011-10-26 01:35 . 2010-03-30 07:51 4353536 ----a-w- c:\windows\SysWow64\atiumdag.dll 2011-10-26 01:34 . 2011-10-26 01:34 8449024 ----a-w- c:\windows\SysWow64\aticaldd.dll 2011-10-26 01:32 . 2010-03-30 07:51 4189184 ----a-w- c:\windows\SysWow64\atiumdva.dll 2011-10-26 01:29 . 2011-10-26 01:29 5510144 ----a-w- c:\windows\system32\atiumd64.dll 2011-10-26 01:29 . 2010-03-30 07:51 58880 ----a-w- c:\windows\system32\coinst.dll 2011-10-26 01:22 . 2011-10-26 01:22 486912 ----a-w- c:\windows\system32\atiadlxx.dll 2011-10-26 01:22 . 2011-10-26 01:22 339968 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2011-10-26 01:22 . 2011-10-26 01:22 17408 ----a-w- c:\windows\system32\atig6pxx.dll 2011-10-26 01:22 . 2011-10-26 01:22 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2011-10-26 01:22 . 2011-10-26 01:22 14336 ----a-w- c:\windows\system32\atiglpxx.dll 2011-10-26 01:22 . 2011-10-26 01:22 39936 ----a-w- c:\windows\system32\atig6txx.dll 2011-10-26 01:22 . 2011-10-26 01:22 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll 2011-10-26 01:21 . 2011-10-26 01:21 326656 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2011-10-26 01:21 . 2010-03-30 07:51 40960 ----a-w- c:\windows\system32\atiuxp64.dll 2011-10-26 01:21 . 2011-10-26 01:21 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2011-10-26 01:21 . 2011-10-26 01:21 38912 ----a-w- c:\windows\system32\atiu9p64.dll 2011-10-26 01:20 . 2010-03-30 07:51 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2011-10-26 01:20 . 2011-10-26 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2011-10-26 01:16 . 2011-10-26 01:16 54784 ----a-w- c:\windows\system32\atimpc64.dll 2011-10-26 01:16 . 2011-10-26 01:16 54784 ----a-w- c:\windows\system32\amdpcom64.dll 2011-10-26 01:15 . 2011-10-26 01:15 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll 2011-10-26 01:15 . 2011-10-26 01:15 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Steam"="l:\program files (x86)\Steam\Steam.exe" [2011-11-17 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-11-17 244480] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2010-01-22 1016320] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "WebrootTrayApp"="c:\program files (x86)\Webroot\Security\Current\Framework\WRTray.exe" [2011-11-13 1382984] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168] . c:\users\Thora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Jacquie Lawson London Advent Calendar.lnk - l:\program files (x86)\Jacquie Lawson London Advent Calendar\Jacquie Lawson London Advent Calendar.exe [2011-11-29 142336] OneNote 2007 Screen Clipper and Launcher.lnk - l:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Photo Frame.lnk - c:\program files (x86)\Northstar\Photo Frame\Photo Frame.exe [2010-9-20 93568] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-8-29 16032] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-11-12 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-12 79360] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;l:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-11-17 255744] S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [x] S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232] S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320] S2 WRConsumerService;Webroot Client Service;c:\program files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-11-13 3386840] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-01-10 c:\windows\Tasks\Gateway Registration - Data Sending task.job - c:\program files (x86)\Gateway\Registration\GREG.exe [2010-04-28 02:47] . 2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-762615068-2962037878-1970559667-1001Core.job - c:\users\Thora\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-13 04:18] . 2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-762615068-2962037878-1970559667-1001UA.job - c:\users\Thora\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-13 04:18] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320] "RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/?pc=MAGW uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.bing.com/?pc=MAGW mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - l:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Thora\AppData\Roaming\Mozilla\Firefox\Profiles\ak61c9td.default\ FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\Webroot\Security\current\plugins\antimalware\SSU.EXE . ************************************************************************** . Completion time: 2012-01-11 09:23:47 - machine was rebooted ComboFix-quarantined-files.txt 2012-01-11 15:23 . Pre-Run: 278,611,902,464 bytes free Post-Run: 280,160,075,776 bytes free . - - End Of File - - 9EF3FFA07FA204AA322AEE9C8FF1FCF7 . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by Thora at 9:31:13 on 2012-01-11 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6719 [GMT -6:00] . AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork L:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe C:\OEM\USBDECTION\USBS3S4Detection.exe C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe L:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\SSU.EXE C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bing.com/?pc=MAGW mStart Page = hxxp://www.bing.com/?pc=MAGW BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll uRun: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun uRun: [steam] "L:\Program Files (x86)\Steam\Steam.exe" -silent mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r mRun: [updReg] "C:\Windows\UpdReg.EXE" mRun: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun StartupFolder: C:\Users\Thora\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\JACQUI~1.LNK - L:\Program Files (x86)\Jacquie Lawson London Advent Calendar\Jacquie Lawson London Advent Calendar.exe StartupFolder: C:\Users\Thora\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - L:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - L:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - L:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - L:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL TCP: DhcpNameServer = 192.168.1.254 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll BHO-X64: Winamp Toolbar Loader - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll TB-X64: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r mRun-x64: [updReg] "C:\Windows\UpdReg.EXE" mRun-x64: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Thora\AppData\Roaming\Mozilla\Firefox\Profiles\ak61c9td.default\ FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll FF - plugin: C:\Users\Thora\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;L:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-11-17 255744] R2 ssfmonm;ssfmonm;C:\Windows\system32\DRIVERS\ssfmonm.sys --> C:\Windows\system32\DRIVERS\ssfmonm.sys [?] R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-9-20 243232] R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320] R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe [2011-11-12 3997912] R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-11-12 3386840] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-11-12 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-12 79360] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-01-11 15:20:11 -------- d-----w- C:\$RECYCLE.BIN 2012-01-06 01:16:22 98816 ----a-w- C:\Windows\sed.exe 2012-01-06 01:16:22 518144 ----a-w- C:\Windows\SWREG.exe 2012-01-06 01:16:22 256000 ----a-w- C:\Windows\PEV.exe 2012-01-06 01:16:22 208896 ----a-w- C:\Windows\MBR.exe . ==================== Find3M ==================== . 2011-11-27 16:22:07 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-11-16 03:40:50 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-11-16 03:40:49 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-11-13 01:34:57 0 ----a-w- C:\Windows\ativpsrm.bin 2011-11-13 01:25:11 3 ----a-w- C:\Windows\System32\PLD_Framework.cmd 2011-11-12 23:46:20 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll 2011-11-12 23:46:19 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2011-11-12 23:46:19 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2011-11-12 23:44:24 466520 ----a-w- C:\Windows\System32\wrap_oal.dll 2011-11-12 23:44:24 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2011-11-12 23:44:24 123480 ----a-w- C:\Windows\System32\OpenAL32.dll 2011-11-12 23:44:24 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2011-10-26 03:21:54 66560 ----a-w- C:\Windows\System32\OpenVideo64.dll 2011-10-26 03:21:48 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2011-10-26 03:21:40 66560 ----a-w- C:\Windows\System32\OVDecoder64.dll 2011-10-26 03:21:34 56832 ----a-w- C:\Windows\SysWow64\OVDecoder.dll 2011-10-26 03:21:24 16991744 ----a-w- C:\Windows\System32\amdocl64.dll 2011-10-26 03:20:42 13950464 ----a-w- C:\Windows\SysWow64\amdocl.dll 2011-10-26 03:19:56 51200 ----a-w- C:\Windows\System32\OpenCL.dll 2011-10-26 03:19:50 44032 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2011-10-26 03:05:10 10496512 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2011-10-26 02:16:06 24866816 ----a-w- C:\Windows\System32\atio6axx.dll 2011-10-26 02:06:10 159744 ----a-w- C:\Windows\System32\atiapfxx.exe 2011-10-26 02:05:58 748544 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2011-10-26 02:04:28 892416 ----a-w- C:\Windows\System32\aticfx64.dll 2011-10-26 02:01:46 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2011-10-26 02:01:36 517120 ----a-w- C:\Windows\System32\atieclxx.exe 2011-10-26 02:00:58 204288 ----a-w- C:\Windows\System32\atiesrxx.exe 2011-10-26 01:59:48 18757120 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2011-10-26 01:59:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2011-10-26 01:59:22 423424 ----a-w- C:\Windows\System32\atipdl64.dll 2011-10-26 01:59:16 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll 2011-10-26 01:59:04 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll 2011-10-26 01:58:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2011-10-26 01:58:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2011-10-26 01:58:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2011-10-26 01:55:48 4292096 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2011-10-26 01:46:12 5041664 ----a-w- C:\Windows\System32\atidxx64.dll 2011-10-26 01:43:48 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll 2011-10-26 01:43:24 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll 2011-10-26 01:43:12 4044288 ----a-w- C:\Windows\System32\atiumd6a.dll 2011-10-26 01:38:32 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2011-10-26 01:38:30 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2011-10-26 01:38:20 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2011-10-26 01:38:18 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2011-10-26 01:38:08 9978880 ----a-w- C:\Windows\System32\aticaldd64.dll 2011-10-26 01:35:38 4353536 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2011-10-26 01:34:56 8449024 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2011-10-26 01:32:30 4189184 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2011-10-26 01:29:32 5510144 ----a-w- C:\Windows\System32\atiumd64.dll 2011-10-26 01:29:24 58880 ----a-w- C:\Windows\System32\coinst.dll 2011-10-26 01:22:38 486912 ----a-w- C:\Windows\System32\atiadlxx.dll 2011-10-26 01:22:30 339968 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2011-10-26 01:22:20 17408 ----a-w- C:\Windows\System32\atig6pxx.dll 2011-10-26 01:22:16 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2011-10-26 01:22:16 14336 ----a-w- C:\Windows\System32\atiglpxx.dll 2011-10-26 01:22:12 39936 ----a-w- C:\Windows\System32\atig6txx.dll 2011-10-26 01:22:06 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2011-10-26 01:21:58 326656 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2011-10-26 01:21:12 40960 ----a-w- C:\Windows\System32\atiuxp64.dll 2011-10-26 01:21:06 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2011-10-26 01:21:00 38912 ----a-w- C:\Windows\System32\atiu9p64.dll 2011-10-26 01:20:52 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2011-10-26 01:20:20 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2011-10-26 01:16:06 54784 ----a-w- C:\Windows\System32\atimpc64.dll 2011-10-26 01:16:06 54784 ----a-w- C:\Windows\System32\amdpcom64.dll 2011-10-26 01:15:58 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2011-10-26 01:15:58 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll . ============= FINISH: 9:32:39.84 =============== ==== ServiceGroupOrder ========= PNP_TDI TDI NetBIOSGroup ========================== PNP_TDI = [08], 05, 01, 02, 03, 04, 06, 07, 08 SERVICE_NAME: AFD STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) START_TYPE : 1 SYSTEM_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : \SystemRoot\system32\drivers\afd.sys LOAD_ORDER_GROUP : PNP_TDI TAG : 0 DISPLAY_NAME : Ancillary Function Driver for Winsock SERVICE_NAME: BridgeMP STATE : 1 STOPPED (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : system32\DRIVERS\bridge.sys LOAD_ORDER_GROUP : PNP_TDI TAG : 10 DISPLAY_NAME : MAC Bridge Miniport SERVICE_NAME: NDProxy STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : LOAD_ORDER_GROUP : PNP_TDI TAG : 0 DISPLAY_NAME : NDIS Proxy SERVICE_NAME: NetBT STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) START_TYPE : 1 SYSTEM_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : System32\DRIVERS\netbt.sys LOAD_ORDER_GROUP : PNP_TDI TAG : 0 DISPLAY_NAME : NetBT DEPENDENCIES : Tdx, tcpip SERVICE_NAME: Smb STATE : 1 STOPPED (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : system32\DRIVERS\smb.sys LOAD_ORDER_GROUP : PNP_TDI TAG : 8 DISPLAY_NAME : Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session) DEPENDENCIES : Tcpip SERVICE_NAME: Tcpip STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) START_TYPE : 0 BOOT_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : \SystemRoot\System32\drivers\tcpip.sys LOAD_ORDER_GROUP : PNP_TDI TAG : 3 DISPLAY_NAME : TCP/IP Protocol Driver SERVICE_NAME: tdx STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) START_TYPE : 1 SYSTEM_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : system32\DRIVERS\tdx.sys LOAD_ORDER_GROUP : PNP_TDI TAG : 4 DISPLAY_NAME : NetIO Legacy TDI Support Driver DEPENDENCIES : Tcpip SERVICE_NAME: ws2ifsl STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) START_TYPE : 1 SYSTEM_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : \SystemRoot\system32\drivers\ws2ifsl.sys LOAD_ORDER_GROUP : PNP_TDI TAG : 0 DISPLAY_NAME : Winsock IFS Driver ========================== SERVICE_NAME: Dhcp STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) PID : 140 START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : DHCP Client DEPENDENCIES : NSI, Tdx, Afd SERVICE_NAME: Dnscache STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) PID : 1148 START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k NetworkService LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : DNS Client DEPENDENCIES : Tdx, nsi SERVICE_NAME: dot3svc STATE : 1 STOPPED (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : Wired AutoConfig DEPENDENCIES : RpcSs, Ndisuio, Eaphost SERVICE_NAME: lmhosts STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) PID : 140 START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : TCP/IP NetBIOS Helper DEPENDENCIES : NetBT, Afd SERVICE_NAME: Wlansvc STATE : 1 STOPPED (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : WLAN AutoConfig DEPENDENCIES : nativewifip, RpcSs, Ndisuio, Eaphost SERVICE_NAME: WwanSvc STATE : 1 STOPPED (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 1077 (0x435) START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : WWAN AutoConfig DEPENDENCIES : PlugPlay, RpcSs, NdisUio, NlaSvc ========================== NetBIOSGroup = [02], 01, 02 SERVICE_NAME: NetBIOS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) START_TYPE : 1 SYSTEM_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : system32\DRIVERS\netbios.sys LOAD_ORDER_GROUP : NetBIOSGroup TAG : 2 DISPLAY_NAME : NetBIOS Interface DDSAttach Jan12.txt

I've been having some trouble with combofix. It seems to stall around stage 48, and has done so twice now. I'm re-downloading it, just in case, and will try again tomorrow morning. I am disabling all scanners, x-ing out of all open running programs, disabling screen saver and power saver modes, and otherwise just leaving the computer alone. Will let you know how it goes tomorrow morning, otherwise I'll proceed with the other scans and logs just to get this moving DX I was decieved! Logs to follow. Thanks for the wait!

Sorry for the delay, just wanted to let you know that I'm still here. Working on it ASAP!

New topic started at the request of Screen317. Original topic: http://forums.malwarebytes.org/index.php?showtopic=98397&st=0&p=493361&fromsearch=1entry493361 For posterity: I preformed a clean install which got everything back to normal. Everything was working fine until, once again, the computer woke up without internet connection. Rinse and Repeat. Here's my fss log, generated from search files for "afd.sys": Farbar Service Scanner Ran by Thora (administrator) on 11-12-2011 at 20:24:20 Windows 7 Home Premium Service Pack 1 (X64) ************************************************ ================== Search: "afd.sys" =================== C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys [2011-11-13 08:00] - [2011-04-24 21:09] - 0499200 ____A (Microsoft Corporation) F4AD06143EAC303F55D0E86C40802976 C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys [2011-11-13 08:00] - [2011-04-24 20:34] - 0499200 ____A (Microsoft Corporation) D5B031C308A409A0A576BFF4CF083D30 C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys [2011-11-14 15:45] - [2010-11-20 03:23] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys [2011-11-13 08:00] - [2011-04-24 20:44] - 0499712 ____A (Microsoft Corporation) FBFF8B7C9D116229E9208A0D1CAEB49B C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys [2011-11-13 08:00] - [2011-04-24 20:44] - 0499712 ____A (Microsoft Corporation) 6EF20DDF3172E97D69F596FB90602F29 C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys [2009-07-13 17:21] - [2009-07-13 17:21] - 0500224 ____A (Microsoft Corporation) B9384E03479D2506BC924C16A3DB87BC ====== End Of Search ======

Would a clean install of Windows 7 solve the problem, do you think? I only ask because now that I have Ubuntu installed parallel to windows, I'm running into the problem of partition write permissions. When I bought this computer, it was set up for me with Windows7, so, like an idiot, I never bothered to setup a separate partition for my data files. Of course, that means that Ubuntu needs to access the windows partition when I need to use any of my files, and Windows doesn't like me writing to the partition from another OS (it prompts chkdsk every time I boot into windows). I was thinking it would probably be a good idea to re-partition things anyway, so a clean install would be indicated. Of course, my problem with that is that my copy of Windows7 is OEM. I don't have a disc. I remember making a slipstream bootable dvd for XP back with my old computer for the updated SP's. Can a make an install disc for Win7? I have a legal copy of Windows7, so I have a key somewhere, I just don't have a windows7 disc of any kind (that isn't tied up with my computer's 3 recovery discs). Also, by way of being a partition-n00b, if I set up a partition (or even another internal drive) for my data files, is it a good idea to install programs (like iTunes or Photoshop, etc) on that data-partition rather than the Windows OS partition? Or have a program-install partition? (Maybe I'm taking it too far? I can get carried away with organization sometimes, lol.)

Nope =/

I couldn't find a section for Network Adapter. =/ Here's everything in my device manager; two screenshots so everything could be expanded (except USBs). In case it's worth noting, I started the machine from my Ubuntu install disc the other day (I didn't install it, just ran the OS from the disc), and it had no problem finding the network adapter and connecting to the internet.

For sake of expediency, I went ahead with the scans. So, I'll post the MBAM results, followed by the ComboFix, and finally the DDS. I attached the DDS-attach document. Apologies for my "extra posts," in case they don't all fit here. MBAM Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 7622 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 11/1/2011 3:46:08 PM mbam-log-2011-11-01 (15-46-01).txt Scan type: Quick scan Objects scanned: 177789 Time elapsed: 2 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) COMBOFIX ComboFix 11-11-01.04 - Owner 11/01/2011 16:07:59.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6202 [GMT -5:00] Running from: c:\users\Owner\Desktop\ComboFix.exe AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E} SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Owner\AppData\Roaming\EzeJx.txt c:\users\Owner\AppData\Roaming\Local c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\.ddr c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\cmfgsdexqnts.avi.ddr c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\efuwvdebrrfg.avi.ddr c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\hflbkyciyokg.avi.ddr c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\hteiqhklfpqv.avi.ddr c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\lblpgwpcqipt.avi.ddr c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\ohpcoeqjnizm.avi.ddr c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\owwyxwyzjzaz.avi.ddr c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\qlfmauqwzzyh.avi.ddr c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\8.2727662.avi&b=53(2).ddp c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\8.2727662.avi&b=53.ddp c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\cmfgsdexqnts.avi c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\efuwvdebrrfg.avi c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\hflbkyciyokg.avi.ddp c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\hteiqhklfpqv.avi.ddp c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\lblpgwpcqipt.avi c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\ohpcoeqjnizm.avi c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\owwyxwyzjzaz.avi c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\qlfmauqwzzyh.avi.ddp c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\whfunqkcsipu.avi c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\yitucigazxoq.avi.ddp c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\whfunqkcsipu.avi.ddr c:\users\Owner\AppData\Roaming\Local\Temp\DDM\Settings\yitucigazxoq.avi.ddr c:\users\Owner\AppData\Roaming\Windows . . ((((((((((((((((((((((((( Files Created from 2011-10-02 to 2011-11-02 ))))))))))))))))))))))))))))))) . . 2011-11-02 00:41 . 2011-11-02 00:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-24 19:24 . 2011-10-24 19:24 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes 2011-10-24 19:23 . 2011-10-24 19:23 -------- d-----w- c:\programdata\Malwarebytes 2011-10-24 19:23 . 2011-10-24 19:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-10-24 19:23 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-24 18:02 . 2011-10-24 18:02 -------- d-----w- c:\programdata\Ralink Driver 2011-10-24 17:44 . 2009-06-09 18:28 64000 ------w- c:\windows\SysWow64\agrsmdel.exe 2011-10-24 17:44 . 2009-03-27 23:12 14848 ------w- c:\windows\SysWow64\agrsco64.dll 2011-10-24 17:44 . 2011-10-24 17:44 -------- d-----w- c:\windows\Options 2011-10-21 11:05 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D03FD1C8-B738-4F4B-9AE3-5D996D990CC3}\mpengine.dll 2011-10-20 02:45 . 2011-10-20 02:45 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-10-15 22:56 . 2011-10-15 22:57 -------- d-----w- c:\program files\iTunes 2011-10-15 22:56 . 2011-10-15 22:57 -------- d-----w- c:\program files (x86)\iTunes 2011-10-15 22:56 . 2011-10-15 22:56 -------- d-----w- c:\program files\iPod 2011-10-15 22:55 . 2011-10-15 22:55 -------- d-----w- c:\program files\Bonjour 2011-10-15 22:55 . 2011-10-15 22:55 -------- d-----w- c:\program files (x86)\Bonjour 2011-10-12 21:36 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys 2011-10-12 21:36 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-12 21:36 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2011-10-12 21:36 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2011-10-12 21:36 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-12 21:36 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-12 21:36 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-10-12 21:36 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-10-12 21:36 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-10-09 22:05 . 2011-10-13 13:23 -------- d-----w- c:\users\Owner\AppData\Roaming\SanDisk 2011-10-09 22:02 . 2011-10-09 22:02 -------- d-----w- c:\users\Owner\AppData\Local\Proxure 2011-10-09 22:02 . 2011-10-09 22:02 -------- d-----w- c:\programdata\ClubSanDisk . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-23 10:50 . 2011-09-19 13:21 122516 ----a-w- C:\InformationalData.tmp 2011-10-23 10:50 . 2011-09-19 13:21 13712 ----a-w- C:\DetectionData.tmp 2011-10-13 21:00 . 2011-06-09 02:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-03 10:06 . 2011-07-23 13:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-08-31 04:05 . 2011-08-31 04:05 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-08-31 04:05 . 2011-08-31 04:05 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-08-31 04:05 . 2011-08-31 04:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll 2011-08-31 04:05 . 2011-08-31 04:05 212840 ----a-w- c:\windows\system32\dnssdX.dll 2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-08-31 04:05 . 2011-08-31 04:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll 2011-08-31 04:05 . 2011-08-31 04:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll 2011-08-28 17:45 . 2010-12-23 22:02 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll 2011-08-28 17:45 . 2010-12-23 22:02 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll 2011-08-28 17:45 . 2010-12-23 22:02 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Steam"="c:\games\Steam\steam.exe" [2011-08-11 1242448] "PhotoshopElements8SyncAgent"="c:\program files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe" [2010-09-30 1945536] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "BDAB3CD44D7D45EEC58DB422F61BD03E74CADA2F._service_run"="c:\users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-09-30 1030200] "SanDiskSecureAccess_Manager.exe"="c:\users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2011-10-09 27306624] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-11-17 244480] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-26 98304] "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2010-01-22 1016320] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "WebrootTrayApp"="c:\program files (x86)\Webroot\Security\Current\Framework\WRTray.exe" [2011-09-10 1382984] "DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360] "Adobe Photo Downloader"="c:\program files (x86)\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] "Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] "combofix"="c:\combofix\CF2164.3XE" [2010-11-20 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "combofix"="c:\combofix\CF2164.3XE" [2010-11-20 345088] . c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Jacquie Lawson Advent Calendar.lnk - c:\program files (x86)\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe [N/A] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Photo Frame.lnk - c:\program files (x86)\Northstar\Photo Frame\Photo Frame.exe [2010-9-20 93568] VideoCam Suite.lnk - c:\program files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe [2011-4-30 349600] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-12-23 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-23 79360] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-11-17 255744] S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [x] S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232] S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320] S2 WRConsumerService;Webroot Client Service;c:\program files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-09-10 3381184] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2698566153-145162105-1987238969-1000Core.job - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-24 16:11] . 2011-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2698566153-145162105-1987238969-1000UA.job - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-24 16:11] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320] "RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/?pc=MAGW uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.bing.com/?pc=MAGW mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4lr3xj0r.default\ FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) AddRemove-1355065252.www1.movie-promo.com - c:\program files (x86)\Microsoft Silverlight\4.0.60310.0\Silverlight.Configuration.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a, 36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d, 36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0 "{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e, 5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:c0,8d,6c,7a,44,16,cc,01 . [HKEY_USERS\S-1-5-21-2698566153-145162105-1987238969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2698566153-145162105-1987238969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-2698566153-145162105-1987238969-1000\Software\SecuROM\License information*] "datasecu"=hex:81,25,ab,e5,9a,b2,18,22,8b,0f,91,33,98,ef,11,69,b7,f6,5d,b6,7b, ed,e4,74,b7,83,a8,b5,7c,db,92,62,1f,9a,26,5c,40,fc,1a,4a,11,aa,22,47,12,9a,\ "rkeysecu"=hex:14,e6,c1,2f,16,40,d1,e1,95,3c,b0,0a,11,2c,fa,20 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\bgsvcgen.exe c:\windows\SysWOW64\HPZipm12.exe c:\program files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe . ************************************************************************** . Completion time: 2011-11-01 19:48:56 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-02 00:48 . Pre-Run: 631,987,580,928 bytes free Post-Run: 633,027,047,424 bytes free . - - End Of File - - 91C4E96D35B21149A937B62C076BBA36 DDS . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Owner at 20:15:30 on 2011-11-01 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6314 [GMT -5:00] . AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\SysWOW64\bgsvcgen.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe C:\Windows\Explorer.EXE C:\Windows\SysWOW64\HPZipm12.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe C:\OEM\USBDECTION\USBS3S4Detection.exe C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Games\Steam\Steam.exe C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\SearchIndexer.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\SSU.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bing.com/?pc=MAGW mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW mStart Page = hxxp://www.bing.com/?pc=MAGW uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll uRun: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun uRun: [steam] "C:\Games\Steam\steam.exe" -silent uRun: [PhotoshopElements8SyncAgent] "C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe" uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [bDAB3CD44D7D45EEC58DB422F61BD03E74CADA2F._service_run] "C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service uRun: [sanDiskSecureAccess_Manager.exe] "C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r mRun: [updReg] "C:\Windows\UpdReg.EXE" mRun: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe" mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [combofix] "C:\ComboFix\CF2164.3XE" /c C:\ComboFix\Combobatch.bat mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\JACQUI~1.LNK - C:\Program Files (x86)\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VIDEOC~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{F917B866-67BA-469C-A53E-C440877E7CAD} : DhcpNameServer = 192.168.1.254 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r mRun-x64: [updReg] "C:\Windows\UpdReg.EXE" mRun-x64: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe" mRun-x64: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start mRun-x64: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [combofix] "C:\ComboFix\CF2164.3XE" /c C:\ComboFix\Combobatch.bat mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4lr3xj0r.default\ FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/ . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-24 366152] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-11-17 255744] R2 ssfmonm;ssfmonm;C:\Windows\system32\DRIVERS\ssfmonm.sys --> C:\Windows\system32\DRIVERS\ssfmonm.sys [?] R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-9-20 243232] R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320] R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe [2010-12-23 3997912] R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-9-10 3381184] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-12-23 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-23 79360] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2011-11-02 01:09:59 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D03FD1C8-B738-4F4B-9AE3-5D996D990CC3}\offreg.dll 2011-11-02 01:06:38 -------- d-sh--w- C:\$RECYCLE.BIN 2011-11-01 21:03:01 98816 ----a-w- C:\Windows\sed.exe 2011-11-01 21:03:01 518144 ----a-w- C:\Windows\SWREG.exe 2011-11-01 21:03:01 256000 ----a-w- C:\Windows\PEV.exe 2011-11-01 21:03:01 208896 ----a-w- C:\Windows\MBR.exe 2011-10-24 19:24:04 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes 2011-10-24 19:23:59 -------- d-----w- C:\ProgramData\Malwarebytes 2011-10-24 19:23:57 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-10-24 19:23:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-10-24 18:02:14 -------- d-----w- C:\ProgramData\Ralink Driver 2011-10-24 17:44:51 64000 ------w- C:\Windows\SysWow64\agrsmdel.exe 2011-10-24 17:44:51 14848 ------w- C:\Windows\SysWow64\agrsco64.dll 2011-10-24 17:44:49 -------- d-----w- C:\Windows\Options 2011-10-21 11:05:31 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D03FD1C8-B738-4F4B-9AE3-5D996D990CC3}\mpengine.dll 2011-10-15 22:56:57 -------- d-----w- C:\Program Files\iTunes 2011-10-15 22:56:57 -------- d-----w- C:\Program Files\iPod 2011-10-15 22:56:57 -------- d-----w- C:\Program Files (x86)\iTunes 2011-10-15 22:55:14 -------- d-----w- C:\Program Files\Bonjour 2011-10-15 22:55:14 -------- d-----w- C:\Program Files (x86)\Bonjour 2011-10-12 21:36:40 3138048 ----a-w- C:\Windows\System32\win32k.sys 2011-10-12 21:36:39 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax 2011-10-12 21:36:39 613888 ----a-w- C:\Windows\System32\psisdecd.dll 2011-10-12 21:36:39 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll 2011-10-12 21:36:38 108032 ----a-w- C:\Windows\System32\psisrndr.ax 2011-10-12 21:36:00 861696 ----a-w- C:\Windows\System32\oleaut32.dll 2011-10-12 21:36:00 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2011-10-12 21:36:00 331776 ----a-w- C:\Windows\System32\oleacc.dll 2011-10-12 21:36:00 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll 2011-10-09 22:05:19 -------- d-----w- C:\Users\Owner\AppData\Roaming\SanDisk 2011-10-09 22:02:30 -------- d-----w- C:\Users\Owner\AppData\Local\Proxure 2011-10-09 22:02:24 -------- d-----w- C:\ProgramData\ClubSanDisk 2011-10-08 22:18:30 -------- d-----w- C:\Users\Owner\AppData\Local\{003F1D45-C024-4CD5-B8FE-3311BEBFDA77} . ==================== Find3M ==================== . 2011-10-23 10:50:05 122516 ----a-w- C:\InformationalData.tmp 2011-10-23 10:50:04 13712 ----a-w- C:\DetectionData.tmp 2011-10-13 21:00:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-03 10:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll 2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll 2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-08-31 04:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe 2011-08-31 04:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll 2011-08-31 04:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll 2011-08-31 04:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll 2011-08-31 04:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe 2011-08-31 04:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll 2011-08-31 04:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll 2011-08-31 04:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll 2011-08-28 17:45:19 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2011-08-28 17:45:19 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2011-08-28 17:45:19 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll . ============= FINISH: 20:16:42.31 =============== Moya Attach 110111 2017.txt

Sorry for the delay! My email topic subscription didn't actually email me. =/ How should I update MBAM without internet? I downloaded the installer from my laptop (which I'm posting from) and transferred it via flash drive to install. I can run it as is and post scan results, but the version does say it's outdated by 62 days.

I was redirected here; original post can be found here. Recently, my Gateway FX6840-15e desktop running Win7 woke up unable to connect to the internet. Windows connection diagnostics pinpointed that the network adapter could not be found. I attempted to re-install my model's LAN and Modem drivers from Gateway Support, but encountered an error during the LAN driver installation that the network controller could not be found. The other thing I should mention is that I'm posting/downloading from my laptop, which is running Natty. So far that hasn't been an issue, but I thought I'd mention it. Below are the two logs from DDS. Let me know if you need anything else. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Owner at 15:23:12 on 2011-10-24 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6028 [GMT -5:00] . AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\SysWOW64\bgsvcgen.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\Explorer.EXE C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe C:\OEM\USBDECTION\USBS3S4Detection.exe C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\rundll32.exe C:\Users\Owner\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\SSU.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.bing.com/?pc=MAGW uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW mStart Page = hxxp://www.bing.com/?pc=MAGW uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun uRun: [steam] "C:\Games\Steam\steam.exe" -silent uRun: [PhotoshopElements8SyncAgent] "C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe" uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [bDAB3CD44D7D45EEC58DB422F61BD03E74CADA2F._service_run] "C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service uRun: [sanDiskSecureAccess_Manager.exe] "C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r mRun: [updReg] "C:\Windows\UpdReg.EXE" mRun: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe" mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\JACQUI~1.LNK - C:\Program Files (x86)\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VIDEOC~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{F917B866-67BA-469C-A53E-C440877E7CAD} : DhcpNameServer = 192.168.1.254 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r mRun-x64: [updReg] "C:\Windows\UpdReg.EXE" mRun-x64: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe" mRun-x64: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start mRun-x64: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4lr3xj0r.default\ FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/ FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-24 366152] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-11-17 255744] R2 ssfmonm;ssfmonm;C:\Windows\system32\DRIVERS\ssfmonm.sys --> C:\Windows\system32\DRIVERS\ssfmonm.sys [?] R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-9-20 243232] R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320] R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe [2010-12-23 3997912] R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-9-10 3381184] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-12-23 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-23 79360] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2011-10-24 19:24:04 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes 2011-10-24 19:23:59 -------- d-----w- C:\ProgramData\Malwarebytes 2011-10-24 19:23:57 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-10-24 19:23:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-10-24 18:07:09 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D03FD1C8-B738-4F4B-9AE3-5D996D990CC3}\offreg.dll 2011-10-24 18:02:14 -------- d-----w- C:\ProgramData\Ralink Driver 2011-10-24 17:44:51 64000 ------w- C:\Windows\SysWow64\agrsmdel.exe 2011-10-24 17:44:51 14848 ------w- C:\Windows\SysWow64\agrsco64.dll 2011-10-24 17:44:49 -------- d-----w- C:\Windows\Options 2011-10-21 11:05:31 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D03FD1C8-B738-4F4B-9AE3-5D996D990CC3}\mpengine.dll 2011-10-15 22:56:57 -------- d-----w- C:\Program Files\iTunes 2011-10-15 22:56:57 -------- d-----w- C:\Program Files\iPod 2011-10-15 22:56:57 -------- d-----w- C:\Program Files (x86)\iTunes 2011-10-15 22:55:14 -------- d-----w- C:\Program Files\Bonjour 2011-10-15 22:55:14 -------- d-----w- C:\Program Files (x86)\Bonjour 2011-10-12 21:36:40 3138048 ----a-w- C:\Windows\System32\win32k.sys 2011-10-12 21:36:39 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax 2011-10-12 21:36:39 613888 ----a-w- C:\Windows\System32\psisdecd.dll 2011-10-12 21:36:39 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll 2011-10-12 21:36:38 108032 ----a-w- C:\Windows\System32\psisrndr.ax 2011-10-12 21:36:00 861696 ----a-w- C:\Windows\System32\oleaut32.dll 2011-10-12 21:36:00 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2011-10-12 21:36:00 331776 ----a-w- C:\Windows\System32\oleacc.dll 2011-10-12 21:36:00 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll 2011-10-09 22:05:19 -------- d-----w- C:\Users\Owner\AppData\Roaming\SanDisk 2011-10-09 22:02:30 -------- d-----w- C:\Users\Owner\AppData\Local\Proxure 2011-10-09 22:02:24 -------- d-----w- C:\ProgramData\ClubSanDisk 2011-10-08 22:18:30 -------- d-----w- C:\Users\Owner\AppData\Local\{003F1D45-C024-4CD5-B8FE-3311BEBFDA77} . ==================== Find3M ==================== . 2011-10-23 10:50:05 122516 ----a-w- C:\InformationalData.tmp 2011-10-23 10:50:04 13712 ----a-w- C:\DetectionData.tmp 2011-10-13 21:00:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-03 10:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll 2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll 2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-08-31 04:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe 2011-08-31 04:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll 2011-08-31 04:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll 2011-08-31 04:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll 2011-08-31 04:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe 2011-08-31 04:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll 2011-08-31 04:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll 2011-08-31 04:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll 2011-08-28 17:45:19 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2011-08-28 17:45:19 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2011-08-28 17:45:19 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll . ============= FINISH: 15:24:22.48 ===============

Thanks Firefox, I installed the drivers I'd downloaded...I'm not completely sure that any of them were for the network adapter, which is what Window's diagnostics nudged at. I tried Gateway's Realtek LAN driver and Liteon's Modem driver under my desktop's model support information. In repairing the driver installation for the Realtek LAN, the installer came up with an error: "The Realtek Network Controller was not found. If deep sleep mode is enabled Please Plug the Cable." It doesn't appear that anything made a difference, even after restart; the network adapter is still evidently MIA. I did install and run HJT, so I have a log I can c/p here or elsewhere.

Hey guys, I woke up my Gateway FX6840-15e desktop running Win7 this morning to discover that it could no longer connect to the internet. I already troubleshooted my internet service (through ATT) and that does not appear to be the issue, as my laptop can connect to the internet through both wireless and wired home connections (even from the same box & cable). I ran Win7's network troubleshooter and it comes up saying that Windows "did not detect a properly installed network adapter. If you have a network adapter, you will need to re-install the driver." So, I'm assuming I need to download my computer's modem driver to re-install? I just went to Gateway's support page for my model (again, FX series, model 6840) and downloaded both LAN drivers, the modem driver, and the wireless driver on this laptop (running Natty). But I was going to wait to install them (for one, I'm not sure how to do so--can they be installed like any other program, or do I need to install them through "special" means?) until I heard back from here. Also, why would the drivers just seemingly disappear over night? Like most people, I have a browser open all the time, so obviously the computer has been connected the internet previously/constantly. Let me know if you need more info or anything!

I'm running OneNote (and the rest of Office 2007) through PlayOnLinux. POL helps them install and configures it so they run through Wine for compatibility. The programs work fine as far as I can tell (though I haven't used them extensively yet), I'm just sorting out shortcuts and how every time I exit they tell me an error occurred and they have to shut down, but those aren't end-of-the-world annoyances. I mostly just wanted OneNote because I use it for my novels and art materials. And hmm. That certainly doesn't fill one with confidence. =/ I guess I'll keep an eye on it as best I can. Is there another OS you would recommend for a laptop? I had been thinking of putting my desktop's copy of Windows 7 on it, but then I realized the desktop runs 64-bit version and my laptop would need 32-bit. (Plus it came pre-installed, so I think I'd have to make a slipstream cd for it, as I don't believe I have one...) Oi. Such complications.

Natty installed just fine! Just working out some issues with using Microsoft OneNote 2007, which I think I have the front of. Though I do have a problem right now...Things have been working perfectly for a day or so, but when I started it up today the laptop-mouse wouldn't register. Luckily I have a wireless mouse that seems to be working fine, but I don't yet know Natty well enough to diagnose/fix the original problem. (No, I haven't restarted it yet, but I thought it would be handy to know if there was a solution I could employ sans restart should the problem recur.) So far I'm loving it, though! =)

Hey all, Slightly over a year ago the hard drive for my 2005 Gateway 8510GZ laptop failed. For further specs, here's the laptop's Gateway support info. In case that doesn't show, the laptop serial number is T225701007262. I decided recently to resurrect it so I could use it for fairly minimal computer stuff (plus I'll be house-sitting for a few weeks and could really use a laptop then). I picked up a Western Digital 500GB internal laptop drive on sale and will soon install it. So here's my very "n00b" question... I've never done a clean install or, for that matter, replaced a main hard drive before. I was planning on installing Ubuntu to use as my OS, which I can do just fine. But what do I do about drivers? I figure I'll need to re-install all the hardware drivers for the laptop, which I'll have to do via downloads from Gateway Support, but I'm not sure how best to do that or even how to do it considering that beyond using Ubuntu from a disc for data rescue, I've barely used it. So...help? StarStrider

Hey all, My 6 month-old computer has been showing the blue screen error for 0x00009088 when resuming from hibernation (not every time, but perhaps 20% of the time). As far as I can tell, it's a problem with the Intel Matrix Storage Manager driver, but I haven't been able to find a current stable download for a patch or upgrade to fix the problem. Maybe I'm just looking in the wrong places, but I figured you guys would be able to help me sort it out. =) Further stop details: 0xFFFFF8800799F8C0 0xFFFFF880099F8C4 0xFFFFF880099F8C8 0xFFFFF880099F8CC Computer details: Windows 7 64-bit; Gateway desktop FX6840; i7; ATI Radeon HD 5750 1024MB. (1TB hdd, 8GB DDR3) Let me know if you need anything else!