# Gateway nv53a Freezes



## acoers

I have a gateway nv53a and when im on the internet or not on the internet the computer freezes alot.  I got norton antivirus and always do a scan but seems like im already screwed.  Also I put my labtop back to factory default to see if that would change anything.  But after i did that it keeps freezing.  I took it to bestbuy since i got the 3 year warranty on it and they were trying to tell me it was my ip address.  I tried getting it to freeze there but it didnt ofcourse.  Any tips or help would be most apprectiated becuase im about to throw the dam thing out the window.


----------



## johnb35

Are you sure you got that right?  IP address?  Are you wireless or wired connection?  If wired disconnect cable and see if it freezes.  If so, then you may have a bad modem/router.   Was it connected to internet at best buy?


----------



## acoers

johnb35 said:


> Are you sure you got that right?  IP address?  Are you wireless or wired connection?  If wired disconnect cable and see if it freezes.  If so, then you may have a bad modem/router.   Was it connected to internet at best buy?



Well best buy said ip address which didn't sound right. Because it freezes up when im not on the internet. And im wireless connection.


----------



## johnb35

Does it freeze up in safe mode?  If not then most likely a software issue, a program that runs at bootup.   However, please do the following.

Please download Malwarebytes' Anti-Malware from *here* or *here* and save it to your desktop.

Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
*Update Malwarebytes' Anti-Malware*
and *Launch Malwarebytes' Anti-Malware*
 
then click *Finish*.
If an update is found, it will download and install the latest version.  *Please keep updating until it says you have the latest version.*
Once the program has loaded, select *Perform quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
A log will be saved automatically which you can access by clicking on the *Logs* tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr,  Rkill.exe, or Rkill.com  but *DO NOT *reboot the system and then try installing or running Malwarebytes.  If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it.  Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from *here*.  
Run the installer and choose *Install*, indicating that you accept the licence agreement.  The installer will place a shortcut on your desktop and launch HijackThis.

*Vista and Windows 7 users must right click on the hijackthis icon and click on run as.  If the run as option doesn't appear then press and hold the shift key while right clicking on the icon to get it to appear.* 



Click *Do a system scan and save a logfile*

_Most of what HijackThis lists will be harmless or even essential, don't fix anything yet._

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log


----------



## acoers

just ran the malwarebytes scan and it came up with no results.  so should i run hi jack now?


----------



## acoers

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:32:37 AM, on 5/30/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Video Web Camera\traybar.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb139?a=6OyCENGHD1&i=26
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\IPS\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe
O23 - Service: lxdx_device -   - C:\Windows\system32\lxdxcoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8856 bytes


----------



## acoers

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.30.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
coers :: COERS-PC [administrator]

5/30/2012 12:25:14 AM
mbam-log-2012-05-30 (00-25-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204678
Time elapsed: 1 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## johnb35

Have you tried booting to safe mode to see if it freezes there?  If not, we have nailed it down to being a software issue.


----------



## acoers

yep i tried that already and it doesnt freeze in safe mode


----------



## johnb35

Then you have a program running at bootup that is causing the freezing.  Use the msconfig command to disable programs from running at boot time one at a time until you find the one causing the issue.  Reboot each time after disabling a program.


----------



## acoers

Now why would i worry about startup if im not having a issue then. Its only happening when im already running programs or on the internet.  So if I go through each one on the msconfig are there ones I shouldn't disable?


----------



## acoers

johnb35 said:


> Then you have a program running at bootup that is causing the freezing.  Use the msconfig command to disable programs from running at boot time one at a time until you find the one causing the issue.  Reboot each time after disabling a program.



So are there any programs on msconfig that I shouldn't disable.  And what programs are they?


----------



## johnb35

See all these 04 entries?

O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')


These will show up in msconfig to where you can uncheck them one at a time and they will not do any damage to your system.  I do see utorrent toolbar installed.  Have you been downloading torrents?  If so, you still may be infected.  Definately stop the bestbuy pc app from loading, in fact it should be uninstalled.


----------



## acoers

johnb35 said:


> See all these 04 entries?
> 
> O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
> O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
> O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
> O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
> O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
> O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
> O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
> O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
> O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
> O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
> O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
> O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
> 
> 
> These will show up in msconfig to where you can uncheck them one at a time and they will not do any damage to your system.  I do see utorrent toolbar installed.  Have you been downloading torrents?  If so, you still may be infected.  Definately stop the bestbuy pc app from loading, in fact it should be uninstalled.



All right when I get home ill do that. Any reasons why you can't disable more than one at a time. And ill delete the utorrent and the best buy one.


----------



## johnb35

If you uncheck more than one at a time, and you reboot and it doesn't freeze, you won't know exactly which one was causing the freezing.


----------



## acoers

johnb35 said:


> If you uncheck more than one at a time, and you reboot and it doesn't freeze, you won't know exactly which one was causing the freezing.



Well got home and disabled the ones you recommended.  So far it hasn't froze up yet, but ill keep in touch if it happens again.  Thanks for helping me out John.


----------



## acoers

johnb35 said:


> If you uncheck more than one at a time, and you reboot and it doesn't freeze, you won't know exactly which one was causing the freezing.



Well i disabled the ones you told me and i got on today and it has froze up on me twice.  Anymore tips on helping me out.


----------



## johnb35

It still can be software related, maybe a driver.  Please do the following so we can get a better idea.

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

*Combofix*


When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
Save the file to your windows desktop.  The combofix icon will look like this when it has downloaded to your desktop.





We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:


Close all open Windows including this one. 

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found *here*.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Please click on I agree on the disclaimer window.
ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.





ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.





Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:





At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.

Please click on yes in the next window to continue scanning for malware.

ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.

ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.





When ComboFix has finished running, you will see a screen stating that it is preparing the log report.

This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.  

Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy.  Then come to the forum in your reply and right click on your mouse and click on paste.  



In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running

I also need you to post a log that combofix creates but doesn't show you.  After combofix has ran, please navigate to C:\Qoobox and in that folder will be a file named add-remove programs.txt  Please open that file and copy and paste the contents back here.


----------



## acoers

Holy cow you gave me some work for tonight. Ill be getting off at eleven so you might see the update after midnight. We will see what happeneds.


----------



## acoers

ComboFix 12-06-02.01 - coers 06/02/2012   0:52.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3835.2454 [GMT -5:00]
Running from: c:\users\coers\Downloads\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2012-05-02 to 2012-06-02  )))))))))))))))))))))))))))))))
.
.
2012-06-02 06:02 . 2012-06-02 06:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-30 05:31 . 2012-05-30 05:31	--------	d-----w-	c:\program files (x86)\Trend Micro
2012-05-30 05:23 . 2012-05-30 05:23	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-29 05:27 . 2012-05-29 05:27	--------	d-----w-	c:\program files (x86)\Conduit
2012-05-23 16:14 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-05-23 16:14 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-05-23 08:01 . 2012-05-23 08:01	--------	d-----w-	c:\windows\system32\SPReview
2012-05-23 08:00 . 2012-05-23 08:00	--------	d-----w-	c:\windows\system32\EventProviders
2012-05-23 07:51 . 2010-11-05 01:57	48976	----a-w-	c:\windows\system32\netfxperf.dll
2012-05-23 07:51 . 2010-11-05 01:57	1942856	----a-w-	c:\windows\system32\dfshim.dll
2012-05-23 07:49 . 2010-11-20 13:27	695808	----a-w-	c:\windows\system32\wuapi.dll
2012-05-23 07:48 . 2010-11-20 13:27	527872	----a-w-	c:\windows\system32\wmdrmnet.dll
2012-05-23 07:43 . 2010-11-20 13:27	244736	----a-w-	c:\program files\Windows Portable Devices\sqmapi.dll
2012-05-23 07:43 . 2010-11-20 13:27	529408	----a-w-	c:\windows\system32\wbemcomn.dll
2012-05-23 07:42 . 2010-11-20 13:27	244736	----a-w-	c:\windows\system32\sqmapi.dll
2012-05-23 07:39 . 2011-03-25 03:29	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2012-05-23 07:39 . 2011-03-25 03:29	325120	----a-w-	c:\windows\system32\drivers\usbport.sys
2012-05-23 07:39 . 2011-03-25 03:29	52736	----a-w-	c:\windows\system32\drivers\usbehci.sys
2012-05-23 07:39 . 2011-03-25 03:29	98816	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2012-05-23 07:39 . 2011-03-25 03:29	25600	----a-w-	c:\windows\system32\drivers\usbohci.sys
2012-05-23 07:39 . 2011-03-25 03:29	30720	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2012-05-23 07:39 . 2011-03-25 03:28	7936	----a-w-	c:\windows\system32\drivers\usbd.sys
2012-05-23 07:38 . 2011-03-11 06:41	1659776	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-05-23 07:38 . 2011-03-11 06:33	2565632	----a-w-	c:\windows\system32\esent.dll
2012-05-23 07:38 . 2011-03-11 05:33	1699328	----a-w-	c:\windows\SysWow64\esent.dll
2012-05-23 07:38 . 2011-03-11 06:41	189824	----a-w-	c:\windows\system32\drivers\storport.sys
2012-05-23 07:38 . 2011-03-11 06:41	166272	----a-w-	c:\windows\system32\drivers\nvstor.sys
2012-05-23 07:38 . 2011-03-11 06:41	148352	----a-w-	c:\windows\system32\drivers\nvraid.sys
2012-05-23 07:38 . 2011-03-11 06:41	410496	----a-w-	c:\windows\system32\drivers\iaStorV.sys
2012-05-23 07:38 . 2011-03-11 06:41	27008	----a-w-	c:\windows\system32\drivers\amdxata.sys
2012-05-23 07:38 . 2011-03-11 06:41	107904	----a-w-	c:\windows\system32\drivers\amdsata.sys
2012-05-23 07:38 . 2011-03-11 06:30	96768	----a-w-	c:\windows\system32\fsutil.exe
2012-05-23 07:38 . 2011-03-11 05:31	74240	----a-w-	c:\windows\SysWow64\fsutil.exe
2012-05-23 07:09 . 2011-02-19 12:05	1139200	----a-w-	c:\windows\system32\FntCache.dll
2012-05-23 07:09 . 2011-02-19 12:04	902656	----a-w-	c:\windows\system32\d2d1.dll
2012-05-23 07:09 . 2011-02-19 06:30	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2012-05-23 06:59 . 2012-05-23 06:59	--------	d-----w-	c:\windows\SysWow64\Wat
2012-05-23 06:59 . 2012-05-23 06:59	--------	d-----w-	c:\windows\system32\Wat
2012-05-23 06:20 . 2012-05-23 06:20	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2012-05-23 06:03 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-05-23 06:03 . 2012-03-01 06:38	220672	----a-w-	c:\windows\system32\wintrust.dll
2012-05-23 06:03 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2012-05-23 06:03 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2012-05-23 06:03 . 2012-03-01 05:37	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-05-23 06:03 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2012-05-23 06:03 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2012-05-23 05:47 . 2012-05-23 05:47	--------	d-----w-	c:\programdata\Ezprint
2012-05-23 03:46 . 2012-05-23 06:04	--------	d-----w-	c:\programdata\VirtualizedApplications
2012-05-22 18:55 . 2012-05-22 18:55	--------	d-----w-	c:\programdata\Premium
2012-05-22 18:55 . 2012-05-22 18:55	453	----a-w-	C:\user.js
2012-05-22 18:54 . 2012-05-22 18:54	--------	d-----w-	c:\programdata\TheBflixUpdater
2012-05-22 18:53 . 2012-05-22 18:55	--------	d-----w-	c:\programdata\InstallMate
2012-05-22 18:44 . 2012-05-22 18:44	--------	d-----w-	c:\program files (x86)\Lexmark Toolbar
2012-05-22 18:39 . 2012-05-22 18:39	--------	d-----w-	C:\drivers
2012-05-22 18:34 . 2009-10-16 18:10	1069056	----a-w-	c:\windows\system32\lxdxhbn3.dll
2012-05-22 18:34 . 2009-10-16 18:10	598528	----a-w-	c:\windows\system32\lxdxcfg.exe
2012-05-22 18:16 . 2012-05-22 18:16	8769696	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-22 16:45 . 2012-05-23 06:09	--------	d-----w-	c:\program files (x86)\Microsoft Application Virtualization Client
2012-05-22 16:40 . 2012-05-22 18:16	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-22 16:40 . 2012-05-22 18:16	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-22 16:40 . 2012-05-22 16:40	--------	d-----w-	c:\windows\system32\Macromed
2012-05-22 16:36 . 2012-05-22 16:36	--------	d-----w-	c:\program files (x86)\Common Files\Symantec Shared
2012-05-22 16:20 . 2011-10-01 05:45	886784	----a-w-	c:\program files\Common Files\System\wab32.dll
2012-05-22 16:19 . 2011-11-17 06:49	95600	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-05-22 16:18 . 2011-02-19 12:03	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-05-22 16:17 . 2011-08-17 05:26	613888	----a-w-	c:\windows\system32\psisdecd.dll
2012-05-22 16:16 . 2011-11-05 05:32	2048	----a-w-	c:\windows\system32\tzres.dll
2012-05-22 16:16 . 2011-11-05 04:26	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-05-22 16:16 . 2012-03-30 11:35	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-22 16:16 . 2010-11-20 13:33	288640	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-05-22 16:16 . 2012-03-31 05:42	1732096	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-05-22 16:16 . 2012-03-31 05:40	1367552	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-22 16:16 . 2012-03-31 04:29	936960	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-22 16:16 . 2010-11-20 13:24	2164224	----a-w-	c:\program files\Windows Journal\Journal.exe
2012-05-22 16:16 . 2012-03-31 05:40	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2012-05-22 16:16 . 2012-03-31 05:40	1393664	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2012-05-22 16:16 . 2011-11-17 06:41	1731920	----a-w-	c:\windows\system32\ntdll.dll
2012-05-22 16:16 . 2011-11-17 05:38	1292080	----a-w-	c:\windows\SysWow64\ntdll.dll
2012-05-22 16:13 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2012-05-22 16:13 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2012-05-22 10:21 . 2012-05-22 10:21	--------	d-----w-	c:\windows\NAPP_Dism_Log
2012-05-22 09:44 . 2012-05-22 09:44	--------	d-----w-	c:\programdata\Best Buy pc app
2012-05-22 09:44 . 2012-05-22 09:44	--------	dc-h--w-	c:\programdata\{FBF3739B-717D-4429-BCEB-98D514E65F29}
2012-05-22 09:43 . 2006-11-29 20:06	4398360	----a-w-	c:\windows\system32\d3dx9_32.dll
2012-05-22 09:43 . 2006-11-29 20:06	3426072	----a-w-	c:\windows\SysWow64\d3dx9_32.dll
2012-05-22 09:43 . 2012-05-22 09:43	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-05-22 09:42 . 2012-05-22 09:42	--------	d-----w-	c:\program files (x86)\Windows Live SkyDrive
2012-05-22 09:42 . 2012-05-22 09:44	--------	d-----w-	c:\program files (x86)\Windows Live
2012-05-22 09:42 . 2012-05-22 09:42	--------	d-----w-	c:\windows\PCHEALTH
2012-05-22 09:41 . 2012-05-22 09:41	--------	d-----w-	c:\program files (x86)\Common Files\Windows Live
2012-05-22 09:39 . 2012-05-22 08:04	--------	d-----w-	c:\programdata\OEM
2012-05-22 09:39 . 2012-05-22 09:39	--------	d-----w-	c:\program files (x86)\Common Files\CyberLink
2012-05-22 09:38 . 2012-05-22 09:38	353576	----a-w-	c:\windows\SysWow64\msvcr71.dll
2012-05-22 09:38 . 2012-05-22 09:38	29480	----a-w-	c:\windows\SysWow64\msxml3a.dll
2012-05-22 09:38 . 2012-05-22 09:38	505128	----a-w-	c:\windows\SysWow64\msvcp71.dll
2012-05-22 09:37 . 2012-05-22 09:37	--------	d-----w-	c:\program files (x86)\Microsoft
2012-05-22 09:37 . 2012-05-22 08:07	--------	d-----w-	c:\program files (x86)\Bing Bar Installer
2012-05-22 09:33 . 2010-06-09 10:54	206208	----a-w-	c:\windows\PLFSetI.exe
2012-05-22 09:33 . 2010-06-01 08:39	214400	----a-w-	c:\windows\SysWow64\Snpropwp.dll
2012-05-22 09:33 . 2012-05-22 09:33	--------	d-----w-	c:\program files (x86)\Video Web Camera
2012-05-22 09:33 . 2012-05-22 09:33	--------	d-----w-	c:\program files\Synaptics
2012-05-22 09:33 . 2012-05-22 09:33	--------	d-----w-	c:\programdata\ATI
2012-05-22 09:32 . 2012-05-22 09:33	--------	d-----w-	c:\program files (x86)\Launch Manager
2012-05-22 09:30 . 2012-05-22 09:30	0	----a-w-	c:\windows\ativpsrm.bin
2012-05-22 09:29 . 2012-05-22 09:29	3	----a-w-	c:\windows\system32\PLD_Framework.cmd
2012-05-22 09:26 . 2012-05-22 09:26	--------	d-----w-	c:\program files\ATI
2012-05-22 09:26 . 2012-05-22 09:27	--------	d-----w-	c:\program files (x86)\ATI Technologies
2012-05-22 09:02 . 2012-05-22 09:02	--------	d-----w-	c:\users\Public\Symantec
2012-05-22 09:01 . 2012-05-22 08:03	--------	d-----w-	c:\users\coers
2012-05-22 09:01 . 2012-05-22 09:01	--------	d-----w-	C:\Recovery
2012-05-22 08:26 . 2012-05-22 08:26	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-05-22 08:22 . 2012-05-22 08:22	--------	d-----w-	c:\program files\Symantec
2012-05-22 08:22 . 2012-05-22 08:22	175736	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-05-22 08:22 . 2012-05-22 08:22	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2012-05-22 08:21 . 2012-05-22 16:33	--------	d-----w-	c:\windows\system32\drivers\NAVx64
2012-05-22 08:21 . 2012-05-22 08:21	--------	d-----w-	c:\program files (x86)\Norton AntiVirus
2012-05-22 08:17 . 2012-05-22 08:17	--------	d-----w-	c:\programdata\PCSettings
2012-05-22 08:04 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-05-22 08:04 . 2012-01-25 06:33	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-05-22 08:04 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-05-22 08:04 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-05-22 08:04 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-23 15:56 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-05-23 15:56 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2010-06-28 258304]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-29 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [2009-10-16 29184]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 257696]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\Definitions\BASHDefs\20120517.001\BHDrvx64.sys [2012-05-08 1160824]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\Definitions\IPSDefs\20120601.001\IDSvia64.sys [2012-05-19 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1307010.005\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2009-10-16 1039872]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 18:16]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4146500677-1408272314-2758379936-1001Core.job
- c:\users\coers\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01 16:43]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4146500677-1408272314-2758379936-1001UA.job
- c:\users\coers\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01 16:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-06-11 861216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredibar.com/mb139?a=6OyCENGHD1&i=26
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com/?pc=MAGW
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\coers\AppData\Roaming\Mozilla\Firefox\Profiles\jtdaivwp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyCENGHD1&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 621295860000000000001c659d6469c9
FF - user.js: extensions.incredibar_i.instlDay - 15482
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:55
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6OyCENGHD1
FF - user.js: extensions.incredibar_i.upn2n - 92261455241920607
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 20%5F6
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-02  01:11:00 - machine was rebooted
ComboFix-quarantined-files.txt  2012-06-02 06:10
.
Pre-Run: 442,676,559,872 bytes free
Post-Run: 442,688,155,648 bytes free
.
- - End Of File - - 2349AB0871EA91CA478AF4FE103852F5


----------



## acoers

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:18:31 AM, on 6/2/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Users\coers\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\coers\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\coers\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\coers\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb139?a=6OyCENGHD1&i=26
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\IPS\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe
O23 - Service: lxdx_device -   - C:\Windows\system32\lxdxcoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7045 bytes


----------



## acoers

Acrobat.com
Adobe AIR
Adobe Reader 9.5.1 MUI
Advertising Center
AMD USB Filter Driver
Backup Manager Basic
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CyberLink PowerDVD 9
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Social Networks
Gateway Updater
Google Chrome
HiJackThis
Identity Card
ImagXpress
Junk Mail filter update
Launch Manager
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Norton AntiVirus
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Video Web Camera
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer


----------



## johnb35

How do you feel about uninstalling nortons antivirus temporarily?  Sometimes nortons will play havoc on a system.  You can install a different free antivirus if you want like avast or MSE.


----------



## acoers

well i can try it out, you wanna help me find those.


----------



## johnb35

Avast - http://filehippo.com/download_avast_antivirus/

MSE - http://windows.microsoft.com/en-US/windows/products/security-essentials

Make sure you run the norton removal tool

ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe


----------



## acoers

so if i do this and remove norton what do you want me to do next?


----------



## johnb35

The idea is to see if norton is causing the issue.   I mean if I had the laptop in front of me I could figure it out within an hour most likely but its kinda of hard to tell someone what to do.  I would also recommend to download and run Ccleaner.

http://www.filehippo.com/download_ccleaner/


----------



## acoers

ok i removed norton and installed avast whats the next step


----------



## johnb35

Use the laptop and see if it still freezes up.


----------



## acoers

well got avast working and ran ccleaner, that cleared up 950mb of stuff.  i guess you would just say run it now and see if it freezes up?


----------



## johnb35

yes


----------



## acoers

Well hey ill do that and see if it freezes.  I just noticed i got 30 days with avast so i guess ill see if i go back to norton in 30 days. Would you run avast or mse? And thanks for all the help i really appreciate it.


----------



## johnb35

All you need to do is register avast and you get it free for a year and then reregister every year.  I run avast with no issues.


----------



## acoers

Sounds good John.  So far im surfing the internet,doing a full system scan with avast and downloading updates for windows and no freezing yet.  I know me and my wife are ready to throw this laptop out the window every time it freezes. So lets hope this helps, and keep running strong.


----------



## johnb35

If you lived closer to me, I would offer to look at it for you.  I see you are down there by Peoria, I was there a few weeks ago.  You are about 2 hours from me.


----------



## acoers

Yeah i know i was actually thinking about that to.  I belong to the CVMA Combat Vet Motorcycle Association.  And we recently had a ride up by your direction.  We met in Joliet exit 257 then road to Ottawa to the vets home and down to Marseilles. Yeah our president use to be the manager of the geek squad in Peoria but i know he's real busy so I figured id try and find somewhere to get it fix.  Well looks like I found a great spot.


----------



## acoers

well so far so good.  i just ran combofix so i got the new log here for you to look at.  let me know what you think.  

ComboFix 12-06-04.03 - coers 06/05/2012   0:35.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3835.2727 [GMT -5:00]
Running from: c:\users\coers\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2012-05-05 to 2012-06-05  )))))))))))))))))))))))))))))))
.
.
2012-06-05 05:40 . 2012-06-05 05:40	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-04 03:24 . 2012-06-04 03:24	--------	d-----w-	c:\program files\CCleaner
2012-06-04 03:19 . 2012-03-06 23:04	337240	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-06-04 03:19 . 2012-03-06 23:01	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-06-04 03:19 . 2012-03-06 23:04	819032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-06-04 03:19 . 2012-03-06 23:02	53080	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-06-04 03:19 . 2012-03-06 23:01	59224	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-06-04 03:19 . 2012-03-06 23:15	258520	----a-w-	c:\windows\system32\aswBoot.exe
2012-06-04 03:19 . 2012-03-06 23:01	69976	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-06-04 03:19 . 2012-03-06 23:15	41184	----a-w-	c:\windows\avastSS.scr
2012-06-04 03:19 . 2012-03-06 23:15	201352	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-06-04 03:18 . 2012-06-04 03:18	--------	d-----w-	c:\programdata\AVAST Software
2012-06-04 03:18 . 2012-06-04 03:18	--------	d-----w-	c:\program files\AVAST Software
2012-05-30 05:31 . 2012-05-30 05:31	--------	d-----w-	c:\program files (x86)\Trend Micro
2012-05-30 05:23 . 2012-05-30 05:23	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-29 05:27 . 2012-05-29 05:27	--------	d-----w-	c:\program files (x86)\Conduit
2012-05-23 16:14 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-05-23 16:14 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-05-23 08:01 . 2012-05-23 08:01	--------	d-----w-	c:\windows\system32\SPReview
2012-05-23 08:00 . 2012-05-23 08:00	--------	d-----w-	c:\windows\system32\EventProviders
2012-05-23 07:51 . 2010-11-05 01:57	48976	----a-w-	c:\windows\system32\netfxperf.dll
2012-05-23 07:51 . 2010-11-05 01:57	1942856	----a-w-	c:\windows\system32\dfshim.dll
2012-05-23 07:49 . 2010-11-20 13:27	695808	----a-w-	c:\windows\system32\wuapi.dll
2012-05-23 07:48 . 2010-11-20 13:27	527872	----a-w-	c:\windows\system32\wmdrmnet.dll
2012-05-23 07:43 . 2010-11-20 13:27	244736	----a-w-	c:\program files\Windows Portable Devices\sqmapi.dll
2012-05-23 07:43 . 2010-11-20 13:27	529408	----a-w-	c:\windows\system32\wbemcomn.dll
2012-05-23 07:42 . 2010-11-20 13:27	244736	----a-w-	c:\windows\system32\sqmapi.dll
2012-05-23 07:39 . 2011-03-25 03:29	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2012-05-23 07:39 . 2011-03-25 03:29	325120	----a-w-	c:\windows\system32\drivers\usbport.sys
2012-05-23 07:39 . 2011-03-25 03:29	52736	----a-w-	c:\windows\system32\drivers\usbehci.sys
2012-05-23 07:39 . 2011-03-25 03:29	98816	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2012-05-23 07:39 . 2011-03-25 03:29	25600	----a-w-	c:\windows\system32\drivers\usbohci.sys
2012-05-23 07:39 . 2011-03-25 03:29	30720	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2012-05-23 07:39 . 2011-03-25 03:28	7936	----a-w-	c:\windows\system32\drivers\usbd.sys
2012-05-23 07:38 . 2011-03-11 06:41	1659776	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-05-23 07:38 . 2011-03-11 06:33	2565632	----a-w-	c:\windows\system32\esent.dll
2012-05-23 07:38 . 2011-03-11 05:33	1699328	----a-w-	c:\windows\SysWow64\esent.dll
2012-05-23 07:38 . 2011-03-11 06:41	189824	----a-w-	c:\windows\system32\drivers\storport.sys
2012-05-23 07:38 . 2011-03-11 06:41	166272	----a-w-	c:\windows\system32\drivers\nvstor.sys
2012-05-23 07:38 . 2011-03-11 06:41	148352	----a-w-	c:\windows\system32\drivers\nvraid.sys
2012-05-23 07:38 . 2011-03-11 06:41	410496	----a-w-	c:\windows\system32\drivers\iaStorV.sys
2012-05-23 07:38 . 2011-03-11 06:41	27008	----a-w-	c:\windows\system32\drivers\amdxata.sys
2012-05-23 07:38 . 2011-03-11 06:41	107904	----a-w-	c:\windows\system32\drivers\amdsata.sys
2012-05-23 07:38 . 2011-03-11 06:30	96768	----a-w-	c:\windows\system32\fsutil.exe
2012-05-23 07:38 . 2011-03-11 05:31	74240	----a-w-	c:\windows\SysWow64\fsutil.exe
2012-05-23 07:09 . 2011-02-19 12:05	1139200	----a-w-	c:\windows\system32\FntCache.dll
2012-05-23 07:09 . 2011-02-19 12:04	902656	----a-w-	c:\windows\system32\d2d1.dll
2012-05-23 07:09 . 2011-02-19 06:30	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2012-05-23 06:59 . 2012-05-23 06:59	--------	d-----w-	c:\windows\SysWow64\Wat
2012-05-23 06:59 . 2012-05-23 06:59	--------	d-----w-	c:\windows\system32\Wat
2012-05-23 06:20 . 2012-05-23 06:20	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2012-05-23 06:03 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-05-23 06:03 . 2012-03-01 06:38	220672	----a-w-	c:\windows\system32\wintrust.dll
2012-05-23 06:03 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2012-05-23 06:03 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2012-05-23 06:03 . 2012-03-01 05:37	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-05-23 06:03 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2012-05-23 06:03 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2012-05-23 05:47 . 2012-05-23 05:47	--------	d-----w-	c:\programdata\Ezprint
2012-05-23 03:46 . 2012-05-23 06:04	--------	d-----w-	c:\programdata\VirtualizedApplications
2012-05-22 18:55 . 2012-05-22 18:55	--------	d-----w-	c:\programdata\Premium
2012-05-22 18:55 . 2012-05-22 18:55	453	----a-w-	C:\user.js
2012-05-22 18:54 . 2012-05-22 18:54	--------	d-----w-	c:\programdata\TheBflixUpdater
2012-05-22 18:53 . 2012-05-22 18:55	--------	d-----w-	c:\programdata\InstallMate
2012-05-22 18:44 . 2012-05-22 18:44	--------	d-----w-	c:\program files (x86)\Lexmark Toolbar
2012-05-22 18:39 . 2012-05-22 18:39	--------	d-----w-	C:\drivers
2012-05-22 18:34 . 2009-10-16 18:10	1069056	----a-w-	c:\windows\system32\lxdxhbn3.dll
2012-05-22 18:34 . 2009-10-16 18:10	598528	----a-w-	c:\windows\system32\lxdxcfg.exe
2012-05-22 18:16 . 2012-05-22 18:16	8769696	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-22 16:45 . 2012-05-23 06:09	--------	d-----w-	c:\program files (x86)\Microsoft Application Virtualization Client
2012-05-22 16:40 . 2012-05-22 18:16	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-22 16:40 . 2012-05-22 18:16	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-22 16:40 . 2012-05-22 16:40	--------	d-----w-	c:\windows\system32\Macromed
2012-05-22 16:20 . 2011-10-01 05:45	886784	----a-w-	c:\program files\Common Files\System\wab32.dll
2012-05-22 16:19 . 2011-11-17 06:49	95600	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-05-22 16:18 . 2011-02-19 12:03	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-05-22 16:17 . 2011-08-17 05:26	613888	----a-w-	c:\windows\system32\psisdecd.dll
2012-05-22 16:16 . 2011-11-05 05:32	2048	----a-w-	c:\windows\system32\tzres.dll
2012-05-22 16:16 . 2011-11-05 04:26	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-05-22 16:16 . 2012-03-30 11:35	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-22 16:16 . 2010-11-20 13:33	288640	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-05-22 16:16 . 2012-03-31 05:42	1732096	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-05-22 16:16 . 2012-03-31 05:40	1367552	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-22 16:16 . 2012-03-31 04:29	936960	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-22 16:16 . 2010-11-20 13:24	2164224	----a-w-	c:\program files\Windows Journal\Journal.exe
2012-05-22 16:16 . 2012-03-31 05:40	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2012-05-22 16:16 . 2012-03-31 05:40	1393664	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2012-05-22 16:16 . 2011-11-17 06:41	1731920	----a-w-	c:\windows\system32\ntdll.dll
2012-05-22 16:16 . 2011-11-17 05:38	1292080	----a-w-	c:\windows\SysWow64\ntdll.dll
2012-05-22 16:13 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2012-05-22 16:13 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2012-05-22 10:21 . 2012-05-22 10:21	--------	d-----w-	c:\windows\NAPP_Dism_Log
2012-05-22 09:44 . 2012-05-22 09:44	--------	d-----w-	c:\programdata\Best Buy pc app
2012-05-22 09:44 . 2012-05-22 09:44	--------	dc-h--w-	c:\programdata\{FBF3739B-717D-4429-BCEB-98D514E65F29}
2012-05-22 09:43 . 2006-11-29 20:06	4398360	----a-w-	c:\windows\system32\d3dx9_32.dll
2012-05-22 09:43 . 2006-11-29 20:06	3426072	----a-w-	c:\windows\SysWow64\d3dx9_32.dll
2012-05-22 09:43 . 2012-05-22 09:43	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-05-22 09:42 . 2012-05-22 09:42	--------	d-----w-	c:\program files (x86)\Windows Live SkyDrive
2012-05-22 09:42 . 2012-05-22 09:44	--------	d-----w-	c:\program files (x86)\Windows Live
2012-05-22 09:42 . 2012-05-22 09:42	--------	d-----w-	c:\windows\PCHEALTH
2012-05-22 09:41 . 2012-05-22 09:41	--------	d-----w-	c:\program files (x86)\Common Files\Windows Live
2012-05-22 09:39 . 2012-05-22 08:04	--------	d-----w-	c:\programdata\OEM
2012-05-22 09:39 . 2012-05-22 09:39	--------	d-----w-	c:\program files (x86)\Common Files\CyberLink
2012-05-22 09:38 . 2012-05-22 09:38	353576	----a-w-	c:\windows\SysWow64\msvcr71.dll
2012-05-22 09:38 . 2012-05-22 09:38	29480	----a-w-	c:\windows\SysWow64\msxml3a.dll
2012-05-22 09:38 . 2012-05-22 09:38	505128	----a-w-	c:\windows\SysWow64\msvcp71.dll
2012-05-22 09:37 . 2012-05-22 09:37	--------	d-----w-	c:\program files (x86)\Microsoft
2012-05-22 09:37 . 2012-05-22 08:07	--------	d-----w-	c:\program files (x86)\Bing Bar Installer
2012-05-22 09:33 . 2010-06-09 10:54	206208	----a-w-	c:\windows\PLFSetI.exe
2012-05-22 09:33 . 2010-06-01 08:39	214400	----a-w-	c:\windows\SysWow64\Snpropwp.dll
2012-05-22 09:33 . 2012-05-22 09:33	--------	d-----w-	c:\program files (x86)\Video Web Camera
2012-05-22 09:33 . 2012-05-22 09:33	--------	d-----w-	c:\program files\Synaptics
2012-05-22 09:33 . 2012-05-22 09:33	--------	d-----w-	c:\programdata\ATI
2012-05-22 09:32 . 2012-05-22 09:33	--------	d-----w-	c:\program files (x86)\Launch Manager
2012-05-22 09:30 . 2012-05-22 09:30	0	----a-w-	c:\windows\ativpsrm.bin
2012-05-22 09:29 . 2012-05-22 09:29	3	----a-w-	c:\windows\system32\PLD_Framework.cmd
2012-05-22 09:26 . 2012-05-22 09:26	--------	d-----w-	c:\program files\ATI
2012-05-22 09:26 . 2012-05-22 09:27	--------	d-----w-	c:\program files (x86)\ATI Technologies
2012-05-22 09:02 . 2012-05-22 09:02	--------	d-----w-	c:\users\Public\Symantec
2012-05-22 09:01 . 2012-05-22 08:03	--------	d-----w-	c:\users\coers
2012-05-22 09:01 . 2012-05-22 09:01	--------	d-----w-	C:\Recovery
2012-05-22 08:26 . 2012-05-22 08:26	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-05-22 08:22 . 2012-06-04 03:12	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2012-05-22 08:21 . 2012-05-22 16:33	--------	d-----w-	c:\windows\system32\drivers\NAVx64
2012-05-22 08:17 . 2012-05-22 08:17	--------	d-----w-	c:\programdata\PCSettings
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-23 15:56 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-05-23 15:56 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-06-02_06.03.54   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-05 05:40 . 2012-06-05 05:40	13318              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-06-02 06:02 . 2012-06-02 06:02	13318              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2009-07-14 04:54 . 2012-06-05 05:41	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-23 05:46	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-23 05:46	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-05 05:41	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-05 05:41	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-23 05:46	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-06-05 05:43	40126              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-05-22 09:58 . 2012-06-05 01:38	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-05-22 09:58 . 2012-06-01 05:47	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-22 09:58 . 2012-06-05 01:38	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-05-22 09:58 . 2012-06-01 05:47	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-06-05 01:38 . 2012-06-05 01:38	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012060420120605\index.dat
- 2009-07-14 04:54 . 2012-06-01 05:47	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-05 01:38	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-06-04 16:20	91680              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-05-22 16:34 . 2012-06-05 05:43	5582              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4146500677-1408272314-2758379936-1001_UserData.bin
- 2012-06-02 06:03 . 2012-06-02 06:03	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-05 05:41 . 2012-06-05 05:41	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-02 06:03 . 2012-06-02 06:03	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-05 05:41 . 2012-06-05 05:41	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-22 16:02 . 2012-06-05 04:57	216524              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-06-04 16:22	624622              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-01 05:18	624622              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-01 05:18	106708              c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-04 16:22	106708              c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-06-02 06:02	228720              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-05 05:40	228720              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-05-24 06:18 . 2012-06-02 06:02	428776              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4146500677-1408272314-2758379936-1001-12288.dat
+ 2012-05-24 06:18 . 2012-06-05 05:40	428776              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4146500677-1408272314-2758379936-1001-12288.dat
- 2009-07-14 04:45 . 2012-05-24 06:22	7113258              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-06-04 16:20	7113258              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 02:34 . 2012-05-24 06:18	10747904              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-06-04 04:11	10747904              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2010-06-28 258304]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-29 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [2009-10-16 29184]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 257696]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2009-10-16 1039872]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 18:16]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4146500677-1408272314-2758379936-1001Core.job
- c:\users\coers\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01 16:43]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4146500677-1408272314-2758379936-1001UA.job
- c:\users\coers\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01 16:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	135408	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-06-11 861216]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredibar.com/mb139?a=6OyCENGHD1&i=26
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com/?pc=MAGW
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\coers\AppData\Roaming\Mozilla\Firefox\Profiles\jtdaivwp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyCENGHD1&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 621295860000000000001c659d6469c9
FF - user.js: extensions.incredibar_i.instlDay - 15482
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:55
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6OyCENGHD1
FF - user.js: extensions.incredibar_i.upn2n - 92261455241920607
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 20%5F6
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Completion time: 2012-06-05  00:46:46 - machine was rebooted
ComboFix-quarantined-files.txt  2012-06-05 05:46
ComboFix2.txt  2012-06-02 06:11
.
Pre-Run: 443,500,642,304 bytes free
Post-Run: 443,439,153,152 bytes free
.
- - End Of File - - E346654C115AF8B540C514ED4206FE2C


----------



## johnb35

There was no need to run combofix again. Just keep me updated if it still freezes up.


----------



## acoers

will do john, so far so good.


----------



## acoers

Well i had the laptop freeze twice on me today. Its defantly not doing it as much as it was before. So I guess we didnt fix the issue.


----------



## johnb35

Well, it could be an issue with the hard drive or an installed program.  You may have to back up your data and do a fresh install of windows.  Something like this is hard to track down.  You said it didn't freeze up in safe mode, means it could be a software issue with an installed program.  So you'll have to take it in to have it diagnosed or try a fresh install of windows.  I wished I could be more help.


----------



## acoers

well hey john you defantly help me with this issue.  I know you can only do so much when your on the internet, but it sure has helped.  So ill have to bring it in and see whats wrong with it.


----------



## acoers

Stupid question but would it help if you ran a remote desktop with my laptop?


----------



## johnb35

That is an option if you would want me to.  Download and install teamviewer and then all I would need is your ID number and password.

www.teamviewer.com

Click on where it says "start full version, its free" 

i'll be up for a little while longer, you can email me your id and password to


----------



## acoers

johnb35 said:


> That is an option if you would want me to.  Download and install teamviewer and then all I would need is your ID number and password.
> 
> www.teamviewer.com
> 
> Click on where it says "start full version, its free"
> 
> i'll be up for a little while longer, you can email me your id and password to



just sent you an email


----------



## acoers

hey john havent been on here for awhiel cause the latops been good. Well here recently I checked the windows update to make sure it was updated.  Well its coming up that i cant update because the services are not installed.  Any idea why this is going on?


----------



## johnb35

Do this.  Click on start and in the search box type "services" without the quotes and hit enter.  Find the service Windows Update and double click on it.  What is the service status and the startup type?


----------



## acoers

johnb35 said:


> Do this.  Click on start and in the search box type "services" without the quotes and hit enter.  Find the service Windows Update and double click on it.  What is the service status and the startup type?


Went to the services and looked down the list and don't even see a windows update. Say if you want you can do that a remote access and check it out like you did before if that will help you.  My email is coer86@gmail.com if you wanna talk to me that way.


----------



## johnb35

So you don't have this listed?






Try the fixit program here.

http://support.microsoft.com/kb/971058


----------



## acoers

ran it and got this to come up


----------



## johnb35

What happens when you click on next?


----------



## acoers

i get this


----------



## johnb35

If the issue hasn't been fixed then click on hasn't been fixed and click on next and continue on and see what happens.


----------



## acoers

it looks like I'm suppose to go to the internet and look for solutions. It brings me to these two pages.


----------



## acoers

here ya go what they look like


----------



## johnb35

Try this one.  its a different one.

http://support.microsoft.com/mats/windows_update/


----------



## acoers

did that and ended up in the same place as before as not fixed


----------



## johnb35

The only other thing I can think of is to rerun your malware scanners to check for infections, malwarebytes, combofix, online eset scan.  You may be forced to do a reinstall of windows.  Some infections will screw up windows update.


----------



## acoers

well went to try and run malware and now im getting this code 0x80070424


----------



## johnb35

When running malwarebytes?  Try reinstalling the program and see if that helps.


----------



## acoers

got it running now and it found 2 items so far, ill let you know how it goes when its done


----------



## acoers

well just finished running it and it cleaned those two that was found, tried doing the update but still doesnt work


----------



## johnb35

Can you post the log from it?  Open malwarebytes, click on the logs tab and open the log that removed the infections and copy and paste it back here.


----------



## acoers

here ya go


----------



## johnb35

Ok. Go ahead and download the latest combofix file from here and run it and post the log.  Remember copy and paste the log into your reply.  Don't do screenshots as they can't be seen too well.

http://www.bleepingcomputer.com/download/combofix/dl/12/


----------



## acoers

ok ran it and tried posting it but the log is to long to post. can i email you it?


----------



## johnb35

yeah, edited out


----------

