Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect and can't update MalwareBytes


  • This topic is locked This topic is locked
2 replies to this topic

#1 lawizard

lawizard

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 24 July 2010 - 04:36 PM

I have had a redirection virus for over two weeks. I tried Microsoft Essentials, MalwareBytes, and Kaspersky to get rid of it and nothing did. Yesterday, I took my computer to a friend who reformatted the hard drive for me and I reinstalled my Windows7 Home Premium. I started IE8 and started downloading Windows updates. I also downloaded AVG 9.? (the latest). While I was online, I started getting redirected again. I would get blank Google Analytic screens and redirected to supposed shopping or ad sites. I ran AVG which found nothing. I downloaded Chrome to see if that would solve any problems. No, still get redirects. Downloaded MalwareBytes and tried to update it. I couldn't. I have also downloaded and run CWShreddeer, HiJack. I downloaded Rootkit buster but when I tried to extract files, my computer said it was empty.

I have run DDDS. Here is the file.



DDS (Ver_10-03-17.01) - NTFSX64
Run by Susan at 16:55:25.55 on Sat 07/24/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2814.1419 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Users\Susan\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
C:\Users\Susan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG9\avgui.exe
C:\Users\Susan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Susan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Susan\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\syswow64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
uRun: [Google Update] "c:\users\susan\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to &Evernote - c:\program files (x86)\evernote\evernote3.5\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files (x86)\evernote\evernote3.5\enbar.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
AppInit_DLLs-X64: avgrssta.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-7-23 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-7-23 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-7-23 317520]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 203264]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-7-23 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-7-23 308136]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-11-5 291328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\avg\avg9\toolbar\ToolbarBroker.exe [2010-7-23 430152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-23 1255736]

=============== Created Last 30 ================

2010-07-24 19:28:30 0 d-----w- C:\_OTL
2010-07-24 12:49:50 0 d-----w- c:\users\susan\appdata\roaming\Malwarebytes
2010-07-24 12:49:42 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-24 12:49:42 0 d-----w- c:\programdata\Malwarebytes
2010-07-24 12:49:42 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-07-24 03:01:22 0 d-----w- c:\program files (x86)\Evernote
2010-07-24 02:29:04 0 d-----w- c:\windows\PCHEALTH
2010-07-24 02:27:58 0 d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2010-07-23 22:59:30 0 d-----w- c:\windows\Panther
2010-07-23 22:33:32 0 d-----w- C:\Windows.old
2010-07-23 22:21:13 0 d-----w- c:\users\susan\Library
2010-07-23 22:20:59 0 d-----w- c:\users\susan\appdata\roaming\Barnes & Noble
2010-07-23 22:20:57 0 d-----w- c:\program files (x86)\Barnes & Noble
2010-07-23 22:02:59 0 ----a-w- c:\windows\ativpsrm.bin
2010-07-23 22:02:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-07-23 21:08:07 0 d-----w- c:\program files (x86)\Trend Micro
2010-07-23 20:51:56 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-07-23 20:51:54 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-07-23 20:51:48 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-07-23 20:51:46 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-07-23 20:51:45 0 d-----w- c:\windows\system32\drivers\Avg
2010-07-23 20:51:43 0 d-----w- c:\programdata\AVG Security Toolbar
2010-07-23 20:48:24 0 d-----w- c:\program files (x86)\AVG
2010-07-23 20:48:03 0 d-----w- c:\programdata\avg9
2010-07-23 20:33:21 311808 ----a-w- c:\windows\system32\msv1_0.dll
2010-07-23 20:33:21 257024 ----a-w- c:\windows\syswow64\msv1_0.dll
2010-07-23 20:25:14 0 d-----w- c:\windows\syswow64\Wat
2010-07-23 20:25:14 0 d-----w- c:\windows\system32\Wat
2010-07-23 20:20:54 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-07-23 20:20:54 3426072 ----a-w- c:\windows\syswow64\d3dx9_32.dll
2010-07-23 20:20:41 0 d-----w- c:\program files (x86)\Microsoft
2010-07-23 20:20:16 0 d-----w- c:\program files (x86)\Windows Live SkyDrive
2010-07-23 20:03:35 0 d-----w- c:\program files (x86)\common files\Windows Live
2010-07-23 19:55:33 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-07-23 19:53:34 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-07-23 19:53:34 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-07-23 19:53:34 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-23 19:53:34 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-07-23 19:53:34 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-23 19:53:34 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-07-23 19:53:34 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-07-23 19:53:34 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-07-23 19:53:34 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-23 19:53:33 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-07-23 19:52:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-07-23 19:52:34 0 d-----w- c:\program files\Synaptics
2010-07-23 19:44:08 25600 ----a-w- c:\windows\syswow64\setup16.exe
2010-07-23 19:44:08 243200 ----a-w- c:\windows\system32\wow64.dll
2010-07-23 19:44:08 14336 ----a-w- c:\windows\syswow64\ntvdm64.dll
2010-07-23 19:44:07 7680 ----a-w- c:\windows\syswow64\instnm.exe
2010-07-23 19:44:07 5120 ----a-w- c:\windows\syswow64\wow32.dll
2010-07-23 19:44:07 2048 ----a-w- c:\windows\syswow64\user.exe
2010-07-23 19:42:58 46592 ----a-w- c:\windows\system32\msasn1.dll
2010-07-23 19:41:02 464896 ----a-w- c:\windows\system32\drivers\srv.sys
2010-07-23 19:41:01 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-07-23 19:28:11 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-07-23 19:26:01 0 d-sh--w- c:\windows\Installer
2010-07-23 19:17:56 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-07-23 19:17:56 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-07-23 19:17:56 139264 ----a-w- c:\windows\system32\cabview.dll
2010-07-23 19:17:56 132608 ----a-w- c:\windows\syswow64\cabview.dll
2010-07-15 14:22:39 0 d-sh--w- C:\Recovery

==================== Find3M ====================

2010-06-03 02:41:44 3600384 ----a-w- c:\windows\syswow64\GPhotos.scr
2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-19 19:48:12 144384 ----a-w- c:\windows\system32\cdd.dll
2010-05-09 09:46:00 961024 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:45:57 552960 ----a-w- c:\windows\system32\msdri.dll
2010-05-09 09:14:55 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll
2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-07-14 04:55:03 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 16:56:19.57 ===============

I have also run OTL and here is that file:

OTL logfile created on: 7/24/2010 8:51:14 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Susan\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 204.47 Gb Free Space | 87.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 3.84 Gb Total Space | 0.90 Gb Free Space | 23.36% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUSAN-PC
Current User Name: Susan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/24 08:48:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Susan\Downloads\OTL.exe
PRC - [2010/07/23 17:02:07 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/07/23 16:50:52 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/23 16:50:35 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/23 16:50:05 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/23 15:30:13 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Susan\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/28 22:27:23 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\Susan\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe


========== Modules (SafeList) ==========

MOD - [2010/07/24 08:48:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Susan\Downloads\OTL.exe
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/07/23 17:02:07 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/23 16:50:05 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/07/23 16:51:55 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/23 16:51:48 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/07/23 16:51:47 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/11/05 14:15:40 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/09/21 18:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/14 10:40:44 | 000,260,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/09 05:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5C FE 88 44 9C 2A CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.65 213.109.73.7 1.1.1.1
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/24 08:49:50 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Roaming\Malwarebytes
[2010/07/24 08:49:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/24 08:49:42 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/07/24 08:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/24 08:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/23 23:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote
[2010/07/23 22:29:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/23 22:27:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/07/23 18:59:30 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/07/23 18:33:32 | 000,000,000 | ---D | C] -- C:\Windows.old
[2010/07/23 18:21:13 | 000,000,000 | ---D | C] -- C:\Users\Susan\Library
[2010/07/23 18:21:13 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Roaming\Apple Computer
[2010/07/23 18:21:12 | 000,000,000 | ---D | C] -- C:\Users\Susan\Documents\My BN eBooks
[2010/07/23 18:20:59 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Roaming\Barnes & Noble
[2010/07/23 18:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Barnes & Noble
[2010/07/23 18:03:40 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/07/23 18:01:06 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/07/23 17:08:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/07/23 16:51:56 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/07/23 16:51:54 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/07/23 16:51:48 | 000,269,904 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/07/23 16:51:46 | 000,035,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/07/23 16:51:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/07/23 16:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/07/23 16:48:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/07/23 16:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/07/23 16:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/07/23 16:25:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/07/23 16:25:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/07/23 16:20:54 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010/07/23 16:20:54 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/07/23 16:20:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/07/23 16:20:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/07/23 16:20:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/07/23 16:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/07/23 16:03:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/07/23 15:58:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/07/23 15:53:34 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/07/23 15:53:34 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/07/23 15:53:34 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/07/23 15:53:34 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/07/23 15:53:34 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/07/23 15:53:34 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/07/23 15:53:34 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/07/23 15:53:33 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/07/23 15:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/07/23 15:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/07/23 15:44:08 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/07/23 15:44:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/07/23 15:44:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/07/23 15:44:07 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/07/23 15:44:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/07/23 15:44:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010/07/23 15:43:59 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010/07/23 15:43:55 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/07/23 15:43:55 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/07/23 15:43:55 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/07/23 15:43:54 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/07/23 15:43:54 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/07/23 15:43:54 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/07/23 15:43:54 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/07/23 15:43:53 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/07/23 15:43:53 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/07/23 15:43:53 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/07/23 15:43:53 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/07/23 15:43:53 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/07/23 15:43:53 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/07/23 15:43:52 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/07/23 15:43:52 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/07/23 15:43:52 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/07/23 15:43:49 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/07/23 15:43:48 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/07/23 15:43:46 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010/07/23 15:43:46 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010/07/23 15:43:44 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/07/23 15:43:44 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/07/23 15:43:42 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/07/23 15:43:42 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/07/23 15:43:42 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010/07/23 15:43:39 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010/07/23 15:43:38 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/07/23 15:43:38 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/07/23 15:43:37 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/07/23 15:43:37 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/07/23 15:43:12 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/07/23 15:42:58 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010/07/23 15:42:44 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/07/23 15:42:44 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/07/23 15:42:42 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/07/23 15:42:42 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/07/23 15:42:42 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/07/23 15:42:42 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/07/23 15:42:41 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/07/23 15:42:41 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/07/23 15:42:41 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/07/23 15:42:39 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/07/23 15:42:39 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/07/23 15:42:38 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/07/23 15:42:36 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/07/23 15:42:36 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/07/23 15:42:35 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/07/23 15:42:35 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/07/23 15:42:33 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/07/23 15:42:33 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/07/23 15:42:33 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/07/23 15:42:33 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/07/23 15:42:33 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/07/23 15:42:33 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/07/23 15:42:32 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/07/23 15:42:31 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/07/23 15:32:57 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Local\Diagnostics
[2010/07/23 15:31:17 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Roaming\Macromedia
[2010/07/23 15:31:17 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Roaming\Adobe
[2010/07/23 15:30:14 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Local\Google
[2010/07/23 15:29:51 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Local\Apps
[2010/07/23 15:29:50 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Local\Deployment
[2010/07/23 15:26:01 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/07/23 15:17:56 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/07/23 15:17:56 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/07/23 15:17:56 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/07/23 15:17:56 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/07/23 15:16:46 | 000,000,000 | R--D | C] -- C:\Users\Susan\Searches
[2010/07/23 15:16:46 | 000,000,000 | -H-D | C] -- C:\Users\Susan\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/07/23 15:16:32 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Roaming\Identities
[2010/07/23 15:16:28 | 000,000,000 | R--D | C] -- C:\Users\Susan\Contacts
[2010/07/23 15:16:24 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Local\VirtualStore
[2010/07/23 15:16:08 | 000,000,000 | -HSD | C] -- C:\Users\Susan\AppData\Local\Temporary Internet Files
[2010/07/23 15:16:08 | 000,000,000 | -HSD | C] -- C:\Users\Susan\Templates
[2010/07/23 15:16:08 | 000,000,000 | -HSD | C] -- C:\Users\Susan\Start Menu
[2010/07/23 15:16:08 | 000,000,000 | -HSD | C] -- C:\Users\Susan\SendTo
[2010/07/23 15:16:08 | 000,000,000 | -HSD | C] -- C:\Users\Susan\Recent
[2010/07/23 15:16:08 | 000,000,000 | -HSD | C] -- C:\Users\Susan\PrintHood
[2010/07/23 15:16:08 | 000,000,000 | -HSD | C] -- C:\Users\Susan\NetHood
[2010/07/23 15:16:08 | 000,000,000 | -HSD | C] -- C:\Users\Susan\Documents\My Videos
[2010/07/23 15:16:08 | 000,000,000 | -HSD | C] -- C:\Users\Susan\Documents\My Pictures
[2010/07/23 15:16:08 | 000,000,000 | -HSD | C] -- C:\Users\Susan\Documents\My Music
[2010/07/23 15:16:08 | 000,000,000 | -HSD | C] -- C:\Users\Susan\My Documents
[2010/07/23 15:16:08 | 000,000,000 | -HSD | C] -- C:\Users\Susan\Local Settings
[2010/07/23 15:16:08 | 000,000,000 | -HSD | C] -- C:\Users\Susan\AppData\Local\History
[2010/07/23 15:16:08 | 000,000,000 | -HSD | C] -- C:\Users\Susan\Cookies
[2010/07/23 15:16:08 | 000,000,000 | -HSD | C] -- C:\Users\Susan\Application Data
[2010/07/23 15:16:08 | 000,000,000 | -HSD | C] -- C:\Users\Susan\AppData\Local\Application Data
[2010/07/23 15:16:07 | 000,000,000 | --SD | C] -- C:\Users\Susan\AppData\Roaming\Microsoft
[2010/07/23 15:16:07 | 000,000,000 | R--D | C] -- C:\Users\Susan\Videos
[2010/07/23 15:16:07 | 000,000,000 | R--D | C] -- C:\Users\Susan\Saved Games
[2010/07/23 15:16:07 | 000,000,000 | R--D | C] -- C:\Users\Susan\Pictures
[2010/07/23 15:16:07 | 000,000,000 | R--D | C] -- C:\Users\Susan\Music
[2010/07/23 15:16:07 | 000,000,000 | R--D | C] -- C:\Users\Susan\Links
[2010/07/23 15:16:07 | 000,000,000 | R--D | C] -- C:\Users\Susan\Favorites
[2010/07/23 15:16:07 | 000,000,000 | R--D | C] -- C:\Users\Susan\Downloads
[2010/07/23 15:16:07 | 000,000,000 | R--D | C] -- C:\Users\Susan\My Documents
[2010/07/23 15:16:07 | 000,000,000 | R--D | C] -- C:\Users\Susan\Desktop
[2010/07/23 15:16:07 | 000,000,000 | -H-D | C] -- C:\Users\Susan\AppData
[2010/07/23 15:16:07 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Local\Temp
[2010/07/23 15:16:07 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Local\Microsoft
[2010/07/23 15:16:07 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Roaming\Media Center Programs
[2010/07/23 13:14:39 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/07/15 10:22:39 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2010/07/24 08:53:15 | 000,786,432 | -HS- | M] () -- C:\Users\Susan\NTUSER.DAT
[2010/07/24 08:49:45 | 000,001,037 | ---- | M] () -- C:\Users\Susan\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/07/24 08:35:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3374005518-2895179640-3984085010-1001UA.job
[2010/07/24 08:00:44 | 000,012,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/24 08:00:44 | 000,012,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/24 07:58:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/23 18:19:09 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/23 18:19:09 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/23 18:19:09 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/23 18:16:43 | 062,394,897 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/07/23 18:05:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/23 18:05:26 | 2212,884,480 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/23 18:04:50 | 000,041,962 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/07/23 18:04:50 | 000,041,962 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/07/23 18:04:27 | 001,331,434 | -H-- | M] () -- C:\Users\Susan\AppData\Local\IconCache.db
[2010/07/23 18:02:59 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010/07/23 18:02:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/07/23 17:12:03 | 000,002,975 | ---- | M] () -- C:\Users\Susan\Desktop\HiJackThis.lnk
[2010/07/23 16:51:57 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/07/23 16:51:55 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/07/23 16:51:48 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/07/23 16:51:47 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/07/23 16:51:46 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/07/23 16:30:25 | 000,001,134 | ---- | M] () -- C:\Users\Susan\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/07/23 16:26:51 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/07/23 15:52:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01007.Wdf
[2010/07/23 15:35:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3374005518-2895179640-3984085010-1001Core.job
[2010/07/23 15:26:24 | 000,057,560 | ---- | M] () -- C:\Users\Susan\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/23 15:21:29 | 000,001,441 | ---- | M] () -- C:\Users\Susan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/23 15:19:25 | 000,524,288 | -HS- | M] () -- C:\Users\Susan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/23 15:19:25 | 000,524,288 | -HS- | M] () -- C:\Users\Susan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/23 15:19:25 | 000,065,536 | -HS- | M] () -- C:\Users\Susan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/23 15:16:08 | 000,000,020 | -HS- | M] () -- C:\Users\Susan\ntuser.ini

========== Files Created - No Company Name ==========

[2010/07/24 08:49:45 | 000,001,037 | ---- | C] () -- C:\Users\Susan\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/07/23 18:02:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/07/23 18:02:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/07/23 17:08:09 | 000,002,975 | ---- | C] () -- C:\Users\Susan\Desktop\HiJackThis.lnk
[2010/07/23 16:51:46 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/07/23 16:51:45 | 062,394,897 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/07/23 16:30:25 | 000,001,134 | ---- | C] () -- C:\Users\Susan\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/07/23 15:52:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01007.Wdf
[2010/07/23 15:30:16 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3374005518-2895179640-3984085010-1001UA.job
[2010/07/23 15:30:15 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3374005518-2895179640-3984085010-1001Core.job
[2010/07/23 15:21:29 | 000,001,441 | ---- | C] () -- C:\Users\Susan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/23 15:16:08 | 000,524,288 | -HS- | C] () -- C:\Users\Susan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/23 15:16:08 | 000,524,288 | -HS- | C] () -- C:\Users\Susan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/23 15:16:08 | 000,262,144 | -HS- | C] () -- C:\Users\Susan\ntuser.dat.LOG1
[2010/07/23 15:16:08 | 000,065,536 | -HS- | C] () -- C:\Users\Susan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/23 15:16:08 | 000,000,020 | -HS- | C] () -- C:\Users\Susan\ntuser.ini
[2010/07/23 15:16:08 | 000,000,000 | -HS- | C] () -- C:\Users\Susan\ntuser.dat.LOG2
[2010/07/23 15:16:07 | 000,786,432 | -HS- | C] () -- C:\Users\Susan\NTUSER.DAT
[2010/07/23 15:16:07 | 000,000,290 | ---- | C] () -- C:\Users\Susan\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/07/23 15:16:07 | 000,000,272 | ---- | C] () -- C:\Users\Susan\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/07/23 13:14:40 | 2212,884,480 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========



< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\System32\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< End of report >


When I tried to run GMER this is the message I got and a snap shot of the screen is attached.
C:\\Windows\System32\config\system: The system cannot find the file specified.

If formatting it once didn't help, I don't know what else to do.

I have also downloaded Evernote, Barnes and Noble reader, House Call Launcher 6, Microsoft Essentials Security, Picassa, Windows Live Writer, and ATF Cleaner.

I have not run ATF Cleaner since it looked like I was going to have to get into safe mode and I'm not sure Windows 7 even has that feature.

Thank you for any help that you can recommend.


Attached Files



BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:13 AM

Posted 02 August 2010 - 03:59 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  1. Double click on RSIT.exe to run RSIT.
  2. Click Continue at the disclaimer screen.
  3. Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  1. Reply to this thread; do not start another!
  2. Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  3. Do not run any other tool until instructed to do so!
  4. Let me know if any of the links do not work or if any of the tools do not work.
  5. Tell me about problems or symptoms that occur during the fix.
  6. Do not run any other programs or open any other windows while doing a fix.
  7. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:13 AM

Posted 08 August 2010 - 10:18 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users